ImmuniWeb® Community Edition | SSL Security Test

Summary of maua.br:25 (SMTP) SSL Security Test

maua.br was tested 1 time during the last 12 months.

Your final score

Date/Time: Sep 4th, 2023 16:59:15 GMT+0 A

A
Source IP/Port: any:25
B
Type: SMTP
C

Compliance Compliance Compliance Industry

Test Test Test Best Practices

COMPLIANT COMPLIANT COMPLIANT NO MAJOR ISSUES FOUND

External
Content Security

NOT FOUND

The tested service seems to be a SMTP. Information

Test Results: https://www.immuniweb.com/ssl/maua.br/IxTYjLnn/ 1 / 11

 ImmuniWeb® Community Edition | SSL Security Test

Upgrade from Free Community Edition

to ImmuniWeb® AI Platform Now!

API Penetration Mobile Penetration

Testing Testing

API Security Mobile Security

Scanning Scanning

Attack Surface Network Security

Management Assessment

Cloud Penetration PCI DSS Penetration

Testing Testing

Cloud Security Posture Phishing Websites

Management Takedown

Continuous Penetration Red Teaming

Testing Exercise

Cyber Threat Software Composition

Intelligence Analysis

Dark Web Third-Party Risk

Monitoring Management

Digital Brand Web Penetration

Protection Testing

GDPR Penetration Web Security

Testing Scanning

Free Demo Book a Call

Test Results: https://www.immuniweb.com/ssl/maua.br/IxTYjLnn/ 2 / 11

 ImmuniWeb® Community Edition | SSL Security Test

SSL Certificate Analysis

RSA CERTIFICATE INFORMATION

Issuer DigiCert Cloud Services CA-1

Trusted Yes
Common Name mail.protection.outlook.com
Key Type/Size RSA 2048 bits
Serial Number 20898729376885947895353361944261793688
Signature Algorithm sha256WithRSAEncryption
Subject DNS:mail.protection.outlook.com, DNS:*.mail.eo.outlook.com, DNS:*.mail.protection.outlook.com,
Alternative DNS:mail.messaging.microsoft.com, DNS:outlook.com, DNS:*.olc.protection.outlook.com,
Names DNS:*.pamx1.hotmail.com, DNS:*.mail.protection.outlook.de, DNS:*.mx.microsoft
Transparency Yes
Validation Level OV
CRL http://crl3.digicert.com/DigiCertCloudServicesCA-1-g1.crl
OCSP http://ocspx.digicert.com
OCSP Must-Staple No
Supports OCSP Yes
Stapling
Valid From August 01, 2023 01:00 CET
Valid To August 01, 2024 00:59 CET

CERTIFICATE CHAIN

📄 Root CA DigiCert Global Root CA

Type/Size RSA 2048 bits
Serial Number 10944719598952040374951832963794454346
Signature sha1WithRSAEncryption
SHA256 4348a0e9444c78cb26…257f8934a443c70161
PIN r/mIkG3eEpVdm+u/ko…1bk4TyHIlByibiA5E=
Expires in 2,988 days

Comment Self-signed

📄 Intermediate CA DigiCert Cloud Services CA-1

Test Results: https://www.immuniweb.com/ssl/maua.br/IxTYjLnn/ 3 / 11

 ImmuniWeb® Community Edition | SSL Security Test

Type/Size RSA 2048 bits

Serial Number 2153541150232352990208412671116695671
Signature sha256WithRSAEncryption

SHA256 2f6889961a7ca7067e…78e23a1978d2f133d3
PIN UgpUVparimk8QCjtWQ…rykc/L8N66EhFY3VE=
Expires in 2,526 days
Comment -

📄 Server certificate mail.protection.outlook.com

Type/Size RSA 2048 bits

Serial Number 20898729376885947895353361944261793688
Signature sha256WithRSAEncryption
SHA256 e3679183131fab1042…5e750f7ea341664065
PIN e491lOAI+G4yWs4XJw…Idwd0Kta/1QWWj7es=
Expires in 331 days

Comment -

Test Results: https://www.immuniweb.com/ssl/maua.br/IxTYjLnn/ 4 / 11

 ImmuniWeb® Community Edition | SSL Security Test

PCI DSS Compliance Test

Reference: PCI DSS 3.2.1, Requirements 2.3 and 4.1

CERTIFICATES ARE TRUSTED

All the certificates provided by the server are trusted. Good configuration

SUPPORTED CIPHERS

List of all cipher suites supported by the server:

TLSV1.2

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Good configuration

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Good configuration

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Good configuration

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration

TLS_RSA_WITH_AES_256_GCM_SHA384 Good configuration

TLS_RSA_WITH_AES_128_GCM_SHA256 Good configuration

TLS_RSA_WITH_AES_256_CBC_SHA256 Good configuration

TLS_RSA_WITH_AES_128_CBC_SHA256 Good configuration

TLS_RSA_WITH_AES_256_CBC_SHA Good configuration

TLS_RSA_WITH_AES_128_CBC_SHA Good configuration

SUPPORTED PROTOCOLS

List of all SSL/TLS protocols supported by the server:

TLSv1.2 Good configuration

SUPPORTED ELLIPTIC CURVES

List of all elliptic curves supported by the server:

P-384 (secp384r1) (384 bits) Good configuration

P-256 (prime256v1) (256 bits) Good configuration

Test Results: https://www.immuniweb.com/ssl/maua.br/IxTYjLnn/ 5 / 11

 ImmuniWeb® Community Edition | SSL Security Test

POODLE OVER TLS

The server is not vulnerable to POODLE over TLS. Not vulnerable

GOLDENDOODLE

The server is not vulnerable to GOLDENDOODLE. Not vulnerable

ZOMBIE POODLE

The server is not vulnerable to Zombie POODLE. Not vulnerable

SLEEPING POODLE

The server is not vulnerable to Sleeping POODLE. Not vulnerable

0-LENGTH OPENSSL

The server is not vulnerable 0-Length OpenSSL. Not vulnerable

CVE-2016-2107

The server is not vulnerable to CVE-2016-2107. Not vulnerable

SERVER DOES NOT SUPPORT CLIENT-INITIATED INSECURE RENEGOTIATION

The server does not support client-initiated insecure renegotiation. Good configuration

ROBOT

The server is not vulnerable to ROBOT vulnerability. Not vulnerable

HEARTBLEED

The server version of OpenSSL is not vulnerable to Heartbleed attack. Not vulnerable

CVE-2014-0224

The server is not vulnerable to CCS Injection. Not vulnerable

CVE-2021-3449

The server is not vulnerable to CVE-2021-3449 (OpenSSL Maliciously Crafted

Not vulnerable
Renegotiation Vulnerability).

Test Results: https://www.immuniweb.com/ssl/maua.br/IxTYjLnn/ 6 / 11

 ImmuniWeb® Community Edition | SSL Security Test

HIPAA and NIST Compliance Test

Reference: HIPAA, Security Rule (Ref. NIST SP 800-52: “Guidelines for the Selection and Use of TLS
Implementations”)

X.509 CERTIFICATES ARE IN VERSION 3

All the X509 certificates provided by the server are in version 3. Good configuration

SERVER SUPPORTS OCSP STAPLING

The server supports OCSP stapling, which allows better verification of the certificate
Good configuration
validation status.

SUPPORTED CIPHERS

List of all cipher suites supported by the server:

TLSV1.2

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Good configuration

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Good configuration

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Good configuration

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration

TLS_RSA_WITH_AES_256_GCM_SHA384 Good configuration

TLS_RSA_WITH_AES_128_GCM_SHA256 Good configuration

TLS_RSA_WITH_AES_256_CBC_SHA256 Good configuration

TLS_RSA_WITH_AES_128_CBC_SHA256 Good configuration

TLS_RSA_WITH_AES_256_CBC_SHA Good configuration

TLS_RSA_WITH_AES_128_CBC_SHA Good configuration

SUPPORTED PROTOCOLS

List of all SSL/TLS protocols supported by the server:

TLSv1.2 Good configuration

Test Results: https://www.immuniweb.com/ssl/maua.br/IxTYjLnn/ 7 / 11

 ImmuniWeb® Community Edition | SSL Security Test

SUPPORTED ELLIPTIC CURVES

List of all elliptic curves supported by the server:

P-384 (secp384r1) (384 bits) Good configuration

P-256 (prime256v1) (256 bits) Good configuration

SERVER DOES NOT SUPPORT TLSV1.3

Consider enabling support of TLSv1.3 protocol that is considered to be the most

Information
secure and stable version of TLS protocol.

SERVER DOES NOT SUPPORT SERVER NAME INDICATION

The server does not support Server Name Indication (SNI) extension for TLS versions
≤1.3. SNI allows a user to specify the domain name it's trying to connect to, and
Information
prevents common name mismatch errors, when a server hosts several domains with
different SSL certificates.

EC_POINT_FORMAT EXTENSION

The server does not send the EC_POINT_FORMAT TLS extension that allows a client to
enumerate the point formats it can parse. Check your server documenation and enable Information
the EC_POINT_FORMAT extension.

Test Results: https://www.immuniweb.com/ssl/maua.br/IxTYjLnn/ 8 / 11

 ImmuniWeb® Community Edition | SSL Security Test

Industry Best Practices Test

DNSCAA

This domain has a Certification Authority Authorization (CAA) record.

issue: microsoft.com issue: entrust.net issue: globalsign.com issue: Good configuration

digicert.com

CERTIFICATES DO NOT PROVIDE EV

The RSA certificate provided is NOT an Extended Validation (EV) certificate. Information

SERVER DOES NOT SUPPORT TLSV1.3

Consider enabling support of TLSv1.3 protocol that is considered to be the most Misconfiguration or
secure and stable version of TLS protocol. weakness

SERVER HAS CIPHER PREFERENCE

The server enforces cipher suites preference. Good configuration

SERVER PREFERRED CIPHER SUITES

Preferred cipher suite for each protocol supported (except SSLv2). Expected configuration are ciphers allowed by
PCI DSS and enabling PFS:

TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration

SERVER PREFERS CIPHER SUITES PROVIDING PFS

For TLS family of protocols, the server prefers cipher suite(s) providing Perfect
Good configuration
Forward Secrecy (PFS).

SERVER DOES NOT SUPPORT CLIENT-INITIATED SECURE RENEGOTIATION

The server does not support client-initiated secure renegotiation. Good configuration

SERVER-INITIATED SECURE RENEGOTIATION

The server supports secure server-initiated renegotiation. Good configuration

SERVER DOES NOT SUPPORT TLS COMPRESSION

Test Results: https://www.immuniweb.com/ssl/maua.br/IxTYjLnn/ 9 / 11

 ImmuniWeb® Community Edition | SSL Security Test

TLS compression is not supported by the server. Good configuration

Test Results: https://www.immuniweb.com/ssl/maua.br/IxTYjLnn/ 10 / 11

 ImmuniWeb® Community Edition | SSL Security Test

External Content Privacy and Security Analysis

No external content found on tested page. Information

The End of Report

Upgrade from Free Community Edition to ImmuniWeb® AI Platform

Test Results: https://www.immuniweb.com/ssl/maua.br/IxTYjLnn/ 11 / 11