baltimorekettlebells.net
Score 96/100
Web site information
Web Address
IP Address
Web Servers
OpenResty
Programming Languages
Lua
SEO data
title
Protocols
SSLv2
not offered
SSLv3
not offered
TLS 1.0
not offered
TLS 1.1
not offered
TLS 1.2
offered
TLS 1.3
unexpected results
ALPN HTTP2
h2
ALPN
http/1.1
Vulnerabilities
heartbleed
not vulnerable, no heartbeat extension
CCS
not vulnerable
ticketbleed
not applicable, not HTTP
ROBOT
not vulnerable
SSL renegotiation
OpenSSL handshake didn't succeed
SSL client renegotiation
not vulnerable
CRIME TLS
not vulnerable (not using HTTP anyway)
POODLE SSL
not vulnerable, no SSLv3
fallback SCSV
no protocol below TLS 1.2 offered
SWEET32
uses 64 bit block ciphers
FREAK
not vulnerable
DROWN
not vulnerable on this host and port
DROWN hint
Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=E47AAC76A47A2FAF53533AAEDF0984B789904702449617236963BE804F3DC418
LOGJAM
not vulnerable, no DH EXPORT ciphers,
LOGJAM-common primes
no DH key with <= TLS 1.2
BEAST
not vulnerable, no SSL3 or TLS1
LUCKY13
potentially vulnerable, uses TLS CBC ciphers
RC4
not vulnerable
Server Defaults
TLS extensions
'session ticket/#35' 'renegotiation info/#65281' 'EC point formats/#11' 'extended master secret/#23' 'application layer protocol negotiation/#16'
TLS session ticket
no -- no lifetime advertised
SSL sessionID support
yes
Session Ticket Resumption
not supported
Session ID Resumption
not supported
cert numbers
1
Signature algorithm
SHA256 with RSA
Key size
RSA 2048 bits
Key usage
Digital Signature, Key Encipherment
Extended key usage
TLS Web Server Authentication, TLS Web Client Authentication
Serial number
FE814D832B44D349
cert serialNumberLen
8
Fingerprint SHA1
9115E1090B883A90818FA82F724DAB60FB71796D
Fingerprint SHA256
E47AAC76A47A2FAF53533AAEDF0984B789904702449617236963BE804F3DC418
Certificate details
-----BEGIN CERTIFICATE----- MIIGtjCCBZ6gAwIBAgIJAP6BTYMrRNNJMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0 cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTI0MDgyNzE0NDYzMFoX DTI1MDgyNzE0NDYzMFowIzEhMB8GA1UEAxMYYmFsdGltb3Jla2V0dGxlYmVsbHMu bmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsryFGAWGllkEyUJL lAin/UeY4HId9XIODp8Q+NEGh5JOJgwdKT3kPOIuKknZPkmTKZbEEU1IgDvF31+d pBBaYClkNwB9dnuDUfPxNlbdw34sHDvPyJ/vlC7GA9tWn7WVJ4C4z597p2hs1K1w Yi9XJ7ctlczGbctc3ui4E9LqVAm9U89iUiXK/UlBn6V2Mf5urxqBj0WXIpOM5TDF u4ovT3IpREevmZkPt+CwKv5zZrQURsj9IT96HDnRMs8vsOR/CkWtiI9RkfP3LHlg uPKEu3xOhTwyZ0vN/3yPeYOrcCp2paqYmMg9rS9LRm75ruPPHgAZkJWbdZwj/qyv hO8iOQIDAQABo4IDWTCCA1UwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF BQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDkGA1UdHwQyMDAwLqAsoCqG KGh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS0yOTQxMS5jcmwwXQYDVR0g BFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlm aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEF BQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBA BggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv c2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyA zjBBBgNVHREEOjA4ghhiYWx0aW1vcmVrZXR0bGViZWxscy5uZXSCHHd3dy5yZWdh bGhvbWVjbGVhbmluZ2xsYy5jb20wHQYDVR0OBBYEFHKLFSPwVHJlpVOT2YBuVOOS pcfeMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgAS8U40vVNyTIQGGcOPP3oT +Oe1YoeInG0wBYTr5YYmOgAAAZGUTXwSAAAEAwBHMEUCIQDq1V7AWBk+JmY7ERcH y0yiHBrNOIF9pnZmDnXDPLT1CQIgfORqR5D+jNtbLduRsrJA5UobwUBr+dPXS6v+ C1WyHBQAdgB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAZGUTXy9 AAAEAwBHMEUCICyC2YGCs/sQME7dzJPfS4JkkWgyI8pJwk+q7ghSOA50AiEAnXwA 13tSMOZYYCKQ9LZ/7z09p4JWbCJvCKWfjlixH84AdwDM+w9qhXEJZf6Vm1PO6bJ8 IumFXA2XjbapflTA/kwNsAAAAZGUTYLQAAAEAwBIMEYCIQC2pUCS3FEFPzR569qH Wu9QXV1Yz9SCM93nuKlfgYio6QIhAPo31CkQNz7X+36qugRahuMvQ1IlHcUiUNBM +w5lN462MA0GCSqGSIb3DQEBCwUAA4IBAQCagQfGNDg2OKql5/NgRPpjy8fjj+VW 40LWKRWLXUOA6CTeD0ZLcrMdtDGYKYJ8rpkDu9QetogUTaK2HQEuwoItrnI10nRq 6Er/aL8r/n5Zbk/UgY+7b9fKjWVgoRypeelVE0KNg4gBcSiGXV6NnpPkfEhtF/Au vDqsKVrBGdNbs4fPxIYVVovp+UxL8x/M2Qp+B3WHweA17X+/jaEQunv19f8g6J97 I6cNqq8znfP0QWZyTQiXZvQmvFAIGFmjTj8J5j2ZeTib+94rbe9iItfSUmJ8yLXP 9YncINSSlItCEMtrGBpcAGGnM1x1Fc+bQM422M/GgTjFfbR5L2DRPvSk -----END CERTIFICATE-----
Common names
baltimorekettlebells.net
Service Name Indication
request w/o SNI didn't succeed
SubjectAlternative Name
baltimorekettlebells.net www.regalhomecleaningllc.com
Certificate authority issuers
Go Daddy Secure Certificate Authority - G2 (GoDaddy.com, Inc. from US)
Certificate trusted
Ok via SAN (SNI mandatory)
Certificate chain trusted
passed.
Is certificate Extended Validation
no
cert eTLS
not present
cert expirationStatus
311 >= 60 days
Valid from
2024-08-27 14:46
Valid until
2025-08-27 14:46
cert validityPeriod
No finding
Chain
2
certs list ordering problem
no
cert crlDistributionPoints
http://crl.godaddy.com/gdig2s1-29411.crl
Online Certificate Status Protocol URL
http://ocsp.godaddy.com/
OCSP stapling
not offered
cert mustStapleExtension
--
DNS CAArecord
--
certificate transparency
yes (certificate extension)
Server Preferences
order
server
Which protocol negotiated
Default protocol TLS1.2
negotiated
ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
order TLSv1 2
ECDHE-RSA-AES128-GCM-SHA256
Perfect Forward Secrecy
PFS
offered
PFS s
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA
PFS ECDHE curves
prime256v1 secp384r1 secp521r1