2015-02-25 website test - banks: Difference between revisions

From annawiki
No edit summary
No edit summary
Line 33: Line 33:
  This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
  This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
  This server supports HTTP Strict Transport Security with long duration.
  This server supports HTTP Strict Transport Security with long duration.
* https://www.ssllabs.com/ssltest/analyze.html?d=banking.netbank.de
A
Certificate 100
Protocol Support 95
Key Exchange 90
Cipher Strength 90
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.

Revision as of 2015-02-25T00:38:40


A
Certificate 100
Protocol Support 95
Key Exchange 80
Cipher Strength 90
Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
This server supports HTTP Strict Transport Security with long duration.
C
Certificate 100
Protocol Support 90
Key Exchange 90
Cipher Strength 90
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.
This server accepts the RC4 cipher, which is weak. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
B
Certificate 100
Protocol Support 95
Key Exchange 90
Cipher Strength 90
Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.
This server accepts the RC4 cipher, which is weak. Grade capped to B.
There is no support for secure renegotiation.
The server does not support Forward Secrecy with the reference browsers.
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
This server supports HTTP Strict Transport Security with long duration.
A
Certificate 100
Protocol Support 95
Key Exchange 90
Cipher Strength 90
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.