indictbreitbart.org
Score 93/100
Web site information
SEO data
title
Protocols
SSLv2
not offered
SSLv3
not offered
TLS 1.0
not offered
TLS 1.1
not offered
TLS 1.2
offered
TLS 1.3
unexpected results
ALPN HTTP2
h2
ALPN
http/1.1
Vulnerabilities
heartbleed
not vulnerable, no heartbeat extension
CCS
not vulnerable
ticketbleed
not vulnerable
ROBOT
not vulnerable
SSL renegotiation
OpenSSL handshake didn't succeed
SSL client renegotiation
not vulnerable
CRIME TLS
not vulnerable
BREACH
not vulnerable, no HTTP compression - only supplied '/' tested
POODLE SSL
not vulnerable, no SSLv3
fallback SCSV
no protocol below TLS 1.2 offered
SWEET32
uses 64 bit block ciphers
FREAK
not vulnerable
DROWN
not vulnerable on this host and port
DROWN hint
Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=5F5A686ABF6363DE6489028420ED1836394300B6E76F2E3BED20C14210FB4E1A
LOGJAM
not vulnerable, no DH EXPORT ciphers,
LOGJAM-common primes
no DH key with <= TLS 1.2
BEAST
not vulnerable, no SSL3 or TLS1
LUCKY13
potentially vulnerable, uses TLS CBC ciphers
RC4
not vulnerable
Header Responses
Status code
200 OK ('/')
Clock skew
-1 seconds from localtime
HSTS
not offered
HPKP
No support for HTTP Public Key Pinning
security headers
--
Server Defaults
TLS extensions
'session ticket/#35' 'renegotiation info/#65281' 'EC point formats/#11' 'extended master secret/#23' 'application layer protocol negotiation/#16'
TLS session ticket
no -- no lifetime advertised
SSL sessionID support
yes
Session Ticket Resumption
not supported
Session ID Resumption
not supported
cert numbers
1
Signature algorithm
SHA256 with RSA
Key size
RSA 2048 bits
Key usage
Digital Signature, Key Encipherment
Extended key usage
TLS Web Server Authentication, TLS Web Client Authentication
Serial number
B8B29EA987CFCADB
cert serialNumberLen
8
Fingerprint SHA1
B728B8A0EFB7F85F32F90E6FA8827472610F125D
Fingerprint SHA256
5F5A686ABF6363DE6489028420ED1836394300B6E76F2E3BED20C14210FB4E1A
Certificate details
-----BEGIN CERTIFICATE----- MIIGqjCCBZKgAwIBAgIJALiynqmHz8rbMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0 cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTI0MDYxMDA2MTU0M1oX DTI1MDYxMDA2MTU0M1owIjEgMB4GA1UEAxMXd3d3LmluZGljdGJyZWl0YmFydC5v cmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvdewNOaHpp5igp5ex /q1jEDcN2DZStIT/UE92yNA6zlPLyI1ybokpfoFLxolfQaiftcElVSUZGkVqjXDj FJcQlLzTvKtTn7kZmgxFg6L1YXFvPEAt+S2Afa/tTpCtQCPTh9fJ3I2QgivDs9ZW Po+gQIrizHBng3Vb1n5/Hr/VaI9cEz3M22CPKtM2/0fntpF+Vv9rJcV84+q0qVH5 74iduMzi+02qvaqdfOLkjoCtHBBerOx1xBAFaqst2BswPnaUjhXAz5vZfifPOtcO E6X0mBnCXtw45QlUxuwJ/YoF+bzWOIcDDEBFA3H/s2xqDFpKqcQdXNV1aYSmIJ7N jzztAgMBAAGjggNOMIIDSjAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOQYDVR0fBDIwMDAuoCygKoYo aHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTIyNjc1LmNybDBdBgNVHSAE VjBUMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZp Y2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUF BwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAG CCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9z aXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDO MDcGA1UdEQQwMC6CE2luZGljdGJyZWl0YmFydC5vcmeCF3d3dy5pbmRpY3RicmVp dGJhcnQub3JnMB0GA1UdDgQWBBQaf5ufbLgTHLx+lECQxrMVKrcRFTCCAX4GCisG AQQB1nkCBAIEggFuBIIBagFoAHUATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpk sWKaOd8AAAGQAMnPgQAABAMARjBEAiBJ2Rth9eLGvNTKZsqp4VLxV6ZulMACDTMA s+6reGbwxwIgE6rBwjWRajUDJKR7zmZFKtxowTo1MwIELCm0NFueimcAdgB9WR4S 4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAZAAydCAAAAEAwBHMEUCIQCF BHRC7TZyDDWFxyo0gZFVDrzNm/mcDOszWIH+yqSzCwIgd9gRvjJD/RB9WF48qeJK 7ZWRYNSX54aC2qOB5N4peQ8AdwDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA /kwNsAAAAZAAydDlAAAEAwBIMEYCIQDgS86bR9DSwtzmJC70KLsTrBV5iS6xizGB 6O2mTPEImQIhAKp3iTqCW+BxpW6gb7P7Z3fcnArXzrriBgQcHD+qBfRnMA0GCSqG SIb3DQEBCwUAA4IBAQCI0+9Q7w+gAHzzFNFkSjN/xeBfLQGnxTbukyTCHsYnoR7Y ClUbaJPZbzoTHRd40Ms24ThtqS2IaDuyeseNm+CTZIE0dnKFqCw6IfSdjS8SLZqd rtDH/NmaEt8slyn69b78F0q2lMJLt1D3TY4+9q2QwbXtLjgVErCV22bLoz06T+mw LZIzPHSzmMCrBKVeC7j0MXir4xugLiUtcWVuVx019PdK3cB1l8B3NqlU8Ti/IS07 0Rs+zM9zhP5NzSIm1EPW2z4+toKvl8P9Cb2ap7itErvIYV/57oAuXxfFDHIDnuof F6EC6wkraKii478sL6SKYHakmRS+0faHqhdzlmjh -----END CERTIFICATE-----
Common names
www.indictbreitbart.org
Service Name Indication
request w/o SNI didn't succeed
SubjectAlternative Name
indictbreitbart.org www.indictbreitbart.org
Certificate authority issuers
Go Daddy Secure Certificate Authority - G2 (GoDaddy.com, Inc. from US)
Certificate trusted
Ok via SAN (SNI mandatory)
Certificate chain trusted
passed.
Is certificate Extended Validation
no
cert eTLS
not present
cert expirationStatus
201 >= 60 days
Valid from
2024-06-10 06:15
Valid until
2025-06-10 06:15
cert validityPeriod
No finding
Chain
2
certs list ordering problem
no
cert crlDistributionPoints
http://crl.godaddy.com/gdig2s1-22675.crl
Online Certificate Status Protocol URL
http://ocsp.godaddy.com/
OCSP stapling
not offered
cert mustStapleExtension
--
DNS CAArecord
--
certificate transparency
yes (certificate extension)
Server Preferences
order
server
Which protocol negotiated
Default protocol TLS1.2
negotiated
ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
order TLSv1 2
ECDHE-RSA-AES128-GCM-SHA256
Perfect Forward Secrecy
PFS
offered
PFS s
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA
PFS ECDHE curves
prime256v1 secp384r1 secp521r1
Ciphers
ECDHE-RSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(0xc030)
ECDHE-RSA-AES256-SHA ECDH 521 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(0xc014)
AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
(0x9d)
AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
(0x35)
ECDHE-RSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(0xc02f)
ECDHE-RSA-AES128-SHA ECDH 521 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(0xc013)
AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
(0x9c)
AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
(0x2f)
ECDHE-RSA-DES-CBC3-SHA ECDH 521 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
(0xc012)
DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
(0x0a)