Professional Documents
Culture Documents
A
Source IP/Port: any:25
B
Type: SMTP
C
External
Content Security
NOT FOUND
CERTIFICATE CHAIN
Comment Self-signed
SHA256 2f6889961a7ca7067e…78e23a1978d2f133d3
PIN UgpUVparimk8QCjtWQ…rykc/L8N66EhFY3VE=
Expires in 2,526 days
Comment -
Comment -
All the certificates provided by the server are trusted. Good configuration
SUPPORTED CIPHERS
TLSV1.2
SUPPORTED PROTOCOLS
GOLDENDOODLE
ZOMBIE POODLE
SLEEPING POODLE
0-LENGTH OPENSSL
CVE-2016-2107
The server does not support client-initiated insecure renegotiation. Good configuration
ROBOT
HEARTBLEED
The server version of OpenSSL is not vulnerable to Heartbleed attack. Not vulnerable
CVE-2014-0224
CVE-2021-3449
Reference: HIPAA, Security Rule (Ref. NIST SP 800-52: “Guidelines for the Selection and Use of TLS
Implementations”)
All the X509 certificates provided by the server are in version 3. Good configuration
The server supports OCSP stapling, which allows better verification of the certificate
Good configuration
validation status.
SUPPORTED CIPHERS
TLSV1.2
SUPPORTED PROTOCOLS
The server does not support Server Name Indication (SNI) extension for TLS versions
≤1.3. SNI allows a user to specify the domain name it's trying to connect to, and
Information
prevents common name mismatch errors, when a server hosts several domains with
different SSL certificates.
EC_POINT_FORMAT EXTENSION
The server does not send the EC_POINT_FORMAT TLS extension that allows a client to
enumerate the point formats it can parse. Check your server documenation and enable Information
the EC_POINT_FORMAT extension.
DNSCAA
The RSA certificate provided is NOT an Extended Validation (EV) certificate. Information
Consider enabling support of TLSv1.3 protocol that is considered to be the most Misconfiguration or
secure and stable version of TLS protocol. weakness
Preferred cipher suite for each protocol supported (except SSLv2). Expected configuration are ciphers allowed by
PCI DSS and enabling PFS:
For TLS family of protocols, the server prefers cipher suite(s) providing Perfect
Good configuration
Forward Secrecy (PFS).
The server does not support client-initiated secure renegotiation. Good configuration