TLS website test - ssllabs.com - provider in Switzerland: Difference between revisions

From annawiki
Line 18: Line 18:


== A ==
== A ==
* https://www.ssllabs.com/ssltest/analyze.html?d=kolabnow.com
* https://www.ssllabs.com/ssltest/analyze.html?d=4host.ch
  Grade A
  Grade A
  Certificate 100
  Certificate 100
Line 28: Line 28:
  This server supports HTTP Strict Transport Security with long duration.
  This server supports HTTP Strict Transport Security with long duration.


* https://www.ssllabs.com/ssltest/analyze.html?d=hostpoint.ch
* https://www.ssllabs.com/ssltest/analyze.html?d=kolabnow.com
  Grade A
  Grade A
  Certificate 100
  Certificate 100
Line 34: Line 34:
  Key Exchange 80
  Key Exchange 80
  Cipher Strength 90
  Cipher Strength 90
  Intermediate certificate has a weak signature. Upgrade to SHA2 as soon as possible to avoid browser warnings.
   
  This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
  This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
This server supports HTTP Strict Transport Security with long duration.


* https://www.ssllabs.com/ssltest/analyze.html?d=4host.ch
* https://www.ssllabs.com/ssltest/analyze.html?d=hostpoint.ch
  Grade A
  Grade A
  Certificate 100
  Certificate 100
Line 43: Line 44:
  Key Exchange 80
  Key Exchange 80
  Cipher Strength 90
  Cipher Strength 90
   
  Intermediate certificate has a weak signature. Upgrade to SHA2 as soon as possible to avoid browser warnings.
  This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
  This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
This server supports HTTP Strict Transport Security with long duration.


== B ==
== B ==

Revision as of 2015-04-30T03:52:17

Overview

SSL-testing started 2015-04-25. More providers might be added later.

Cipher Strength

  • hosteurope.ch has Cipher Strength 100 but since only few ciphers are supported it might be difficult for some clients to get access. "Handshake Simulation" shows six times "Fail".
  • Ssllabs.com - ssltest - banks shows 90 for sbroker which is rated A+.

A+

Grade A+
Certificate 100
Protocol Support 95
Key Exchange 80
Cipher Strength 100

This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
This server supports HTTP Strict Transport Security with long duration. Grade set to A+.

A

Grade A
Certificate 100
Protocol Support 95
Key Exchange 80
Cipher Strength 90

This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
This server supports HTTP Strict Transport Security with long duration.
Grade A
Certificate 100
Protocol Support 95
Key Exchange 80
Cipher Strength 90

This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
This server supports HTTP Strict Transport Security with long duration.
Grade A
Certificate 100
Protocol Support 95
Key Exchange 80
Cipher Strength 90
Intermediate certificate has a weak signature. Upgrade to SHA2 as soon as possible to avoid browser warnings.
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.

B

Grade B
Certificate 100
Protocol Support 95
Key Exchange 90
Cipher Strength 90

This server accepts the RC4 cipher, which is weak. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
Grade B
Certificate 100
Protocol Support 70
Key Exchange 100
Cipher Strength 90

The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B.
This server accepts the RC4 cipher, which is weak. Grade capped to B.


Grade B
Certificate 100
Protocol Support 70
Key Exchange 80
Cipher Strength 90

The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B.
This server accepts the RC4 cipher, which is weak. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
Grade B
Certificate 100
Protocol Support 70
Key Exchange 80
Cipher Strength 90

Intermediate certificate has a weak signature. Upgrade to SHA2 as soon as possible to avoid browser warnings.
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B.
There is no support for secure renegotiation.
The server does not support Forward Secrecy with the reference browsers.

C

Grade C
Certificate 100
Protocol Support 70
Key Exchange 80
Cipher Strength 90
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
Grade C
Certificate 100
Protocol Support 70
Key Exchange 80
Cipher Strength 90

This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B.
This server accepts the RC4 cipher, which is weak. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.