sconnect2.nic.in

Score 81/100

Web site information

Website image sconnect2.nic.in
Web Address
IP Address

SEO data

title

Protocols

SSLv2
not offered
SSLv3
not offered
TLS 1.0
not offered
TLS 1.1
is not offered
TLS 1.2
offered
TLS 1.3
not offered and downgraded to a weaker protocol
ALPN
not offered

Vulnerabilities

heartbleed
not vulnerable CVE-2014-0160
CCS
not vulnerable
ticketbleed
no session ticket extension
ROBOT
not vulnerable
SSL renegotiation
VULNERABLE
SSL client renegotiation
not vulnerable
CRIME TLS
not vulnerable
BREACH
not vulnerable, no HTTP compression - only supplied '/' tested
POODLE SSL
not vulnerable
fallback SCSV
no protocol below TLS 1.2 offered
SWEET32
not vulnerable
FREAK
not vulnerable
DROWN
not vulnerable to DROWN on this host and port
DROWN
Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=4185ABA25FACD44BBA41D8B5CE0B1FD9BBE56FA4A20ABF9530E56A8415947FA7
LOGJAM-common primes
'comment'
LOGJAM
not vulnerable, no DH EXPORT ciphers,
BEAST
not vulnerable, no SSL3 or TLS1
LUCKY13
potentially vulnerable, uses TLS CBC ciphers
RC4
not vulnerable

Header Responses

Status code
200 OK ('/')
Clock skew
+2 (± 1.5) seconds from localtime
HSTS time
365 days (=31536000 seconds) > 15465600 seconds
HSTS subdomains
includes subdomains
HSTS preload
domain is NOT marked for preloading
HPKP
No support for HTTP Public Key Pinning
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'

Server Defaults

TLS extensions
'server name/#0' 'EC point formats/#11' 'heartbeat/#15'
TLS session ticket
No lifetime advertised
SSL sessionID support
yes
Session Ticket Resumption
supported
Session ID Resumption
supported
TLS timestamp
random
Signature algorithm
SHA256 with RSA
Key size
2048 bits
Key usage
Digital Signature, Key Encipherment
Extended key usage
cert_ext_keyusage
Serial number
03B606791C0D619AC3CE64E6BEE4CA0F17EA
Fingerprint SHA1
6BF091BB39BFD1DBE7B69C82A364033D5A12F47C
Fingerprint SHA256
4185ABA25FACD44BBA41D8B5CE0B1FD9BBE56FA4A20ABF9530E56A8415947FA7
Certificate details
-----BEGIN CERTIFICATE----- MIIFWzCCBEOgAwIBAgISA7YGeRwNYZrDzmTmvuTKDxfqMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMTEwMTMwNDE0MjVaFw0yMjAxMTEwNDE0MjRaMBoxGDAWBgNVBAMT D3Njb25uZWN0Lm5pYy5pbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AK1EyUiko23pZjIU5zyqy5J3RiZ7XdeOOAlZXMMQ23T0lMv7D8QrTdiUbmnhfY5E J3JtUUHbNfB3y0+f+hA4b/6ZBM5fHcALm5ZBn7xNHwmaDUsBSxOR/bN2O34y3DZD WDYeAjj2DjN62+NQjD2qPzhp6MIMfmRTs27RfX8cZYoCKYEFh1smVICQTrZm1MIN e0b+L85Euo3BMn0GrH65lFEe049ybwzU3QDjEdzL0sTRah760J3CgSHFgEEL16JI LcMepvLhr8Eu09kkbw27nXPrwHzpFPiW7pmGywmWgPcQG4QF1+qWCfB4sOYQK3gL iYkYjJxdHcYUVaTj2lLLiM0CAwEAAaOCAoEwggJ9MA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV HQ4EFgQUiA8K6t7ie8JX1sve0CpNGpI2GxcwHwYDVR0jBBgwFoAUFC6zF7dYVsuu UAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8v cjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9y Zy8wUAYDVR0RBEkwR4IPc2Nvbm5lY3QubmljLmlughBzY29ubmVjdDEubmljLmlu ghBzY29ubmVjdDIubmljLmlughBzY29ubmVjdDcubmljLmluMEwGA1UdIARFMEMw CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j cHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcARqVV 63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF8eBK8WgAABAMASDBGAiEA mPXvLrl8FjFxZ75uaHVyq6CXAe3crg37NzisQu6FemwCIQDa1X57/g7tBTDUNFJg 0slx9bZXbn/Zqkn9ZX1ZSQYgmAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaN sgiaN9kTAAABfHgSvHoAAAQDAEcwRQIgGrqiHXQ2dtwupJWr1x42LQxT7QdsiBl6 ghzA6GyTEGMCIQC3Dn51Y6SGxsRfZb+E+Ma4p4dw+sT9W1RWeBmHpVi8wzANBgkq hkiG9w0BAQsFAAOCAQEALtPkpA4j5zQTkEMW4yV3X6+auNQ1P0OSmDn0rlT32U6I yJjVzKhcoKHMLK9clXQtqFNXASEkgjsYUcwElJR4Am16yN1Pf0ouPuPW48OxwpuA Pf2oiocbVu+h/IrXrKhTNgEmQRrBGzQD9G8nXLsQ0IDpm758WipVjm9MpoFUdaZB Zqlvwa80Ocf9NLDKSMRvvYYjAD7I+YYHg26BhBx5DeIBO6qsGftphTGH4Lr/BxOd 2m66FfxX57VJLDb0Vhia1ay1durNJbHHNbFygb02sM5SXJJO3DAT/1Z0DkBP6uA/ Or07n5a068W51nCm6g8kSbIcyEYuC/eSoqhvJWynig== -----END CERTIFICATE-----
Common names
sconnect.nic.in
Service Name Indication
sconnect.nic.in
SubjectAlternative Name
sconnect.nic.in sconnect1.nic.in sconnect2.nic.in sconnect7.nic.in
Certificate authority issuers
R3 (Let's Encrypt from US)
Certificate trusted
Ok via SAN (same w/o SNI)
Certificate chain trusted
Some certificate trust checks failed -> Microsoft (self signed CA in chain) Linux (self signed CA in chain) , OK -> Mozilla Apple
Is certificate Extended Validation
no
Days before expiry
expires < 60 days (39)
Valid from
2021-10-13 06:14
Valid until
2022-01-11 05:14
Chain
3
CRL distribution points
--
Online Certificate Status Protocol URL
http://r3.o.lencr.org
OCSP stapling
not offered
cert mustStapleExtension
--
DNS CAArecord
issue=letsencrypt.org
certificate transparency
yes (certificate extension)

Server Preferences

order
server
Which protocol negotiated
Default protocol TLS1.2
negotiated
ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
order TLSv1 2
ECDHE-RSA-AES256-GCM-SHA384

Perfect Forward Secrecy

PFS
offered
PFS s
DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384
ECDHE curves
prime256v1

Ciphers

ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(0xc030)
ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
(0xc028)
DHE-RSA-AES256-GCM-SHA384 DH 1024 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
(0x9f)
DHE-RSA-AES256-SHA256 DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
(0x6b)
AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
(0x9d)
AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
(0x3d)

Browser Simulations

Android 2.3.7
No connection
Android 4.1.1
No connection
Android 4.3
No connection
Android 4.4.2
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Android 5.0.0
No connection
Android 6.0
No connection
Android 7.0
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Windows Chrome 51
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Windows Chrome 57
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Windows Firefox 47
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Windows Firefox 53
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Windows XP Internet Explorer 6
No connection
Windows Vista Internet Explorer 7
No connection
Windows XP Internet Explorer 8
No connection
Windows 7 Internet Explorer 8
No connection
Windows 7 Internet Explorer 11
TLSv1.2 DHE-RSA-AES256-GCM-SHA384
Windows 8.1 Internet Explorer 11
TLSv1.2 DHE-RSA-AES256-GCM-SHA384
Windows 8.1 update Internet Explorer 11
TLSv1.2 DHE-RSA-AES256-GCM-SHA384
Windows 10 Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Windows 10 Edge 13
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Windows Phone 10 Edge 13
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Windows 7 Opera 17
TLSv1.2 DHE-RSA-AES256-SHA256
MacOSX 10.6.8 Safari 5.1.9
No connection
iOS 7 Safari 7
TLSv1.2 ECDHE-RSA-AES256-SHA384
MacOSX 10.11 Safari 9
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
MacOSX 10.12 Safari 10
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
iOS 9 App Transport Security 9
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Windows 7 Tor 7.0.9
No connection
Java 6 update 45
No connection
Java 7 update 25
No connection
Java 8 update 31
No connection
OpenSSL 1.1.1
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
OpenSSL 1.0.2e
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384