Bluemeanie Posted April 9, 2014 Report Share Posted April 9, 2014 Does the server use SSL, or has it ever? Asking since when I did a sslsever test at qualys that the one thing that came back mentions a shared address, and that concerns me. Quote Link to comment Share on other sites More sharing options...
Ranko[IS] Posted April 9, 2014 Report Share Posted April 9, 2014 It does indeed use SSL (well the game server does), and it is NOT vulnerable, yet it fails the general SSL tests, due to poor cyphers etc. Linky to tool used: https://www.ssllabs.com/ssltest/analyze.html?d=sunrise.net-7.org&hideResults=on SL Report: sunrise.net-7.org (74.208.192.215) Assessed on: Wed Apr 09 19:54:25 UTC 2014 | HIDDEN | Clear cache Scan Another » Summary Overall Rating F If trust issues are ignored: F 0 20 40 60 80 100 Certificate 0 Protocol Support 0 Key Exchange 40 Cipher Strength 60 Documentation: SSL/TLS Deployment Best Practices, SSL Server Rating Guide, and OpenSSL Cookbook. This server is not vulnerable to the Heartbleed attack. (Experimental) This server's certificate is not trusted. Grade set to F. This server supports SSL 2, which is obsolete and insecure. Grade set to F. The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B. There is no support for secure renegotiation. MORE INFO » The server does not support Forward Secrecy with the reference browsers. MORE INFO » Authentication Server Key and Certificate #1 Common names local.net-7.org MISMATCH Alternative names - Prefix handling Not required for subdomains Valid from Fri Nov 17 05:07:49 UTC 2006 Valid until Fri Nov 18 05:07:49 UTC 2016 (expires in 2 years and 7 months) Key RSA 2048 bits Weak key (Debian) No Issuer local.net-7.org Self-signed Signature algorithm SHA1withRSA Extended Validation No Revocation information None Trusted No NOT TRUSTED (Why?) Additional Certificates (if supplied) Certificates provided 1 (1122 bytes) Chain issues Contains anchor Certification Paths Path #1: Not trusted (path does not chain to a trusted anchor) 1 Sent by server Not in trust store local.net-7.orgSHA1: 20224156821616d38572ee14b700c0add6bcf4e9 RSA 2048 bits / SHA1withRSA Configuration Protocols TLS 1.2 No TLS 1.1 No TLS 1.0 Yes SSL 3 Yes SSL 2 INSECURE Yes Cipher Suites (sorted by strength; the server has no preference) SSL_CK_RC4_128_EXPORT40_WITH_MD5 (0x20080) INSECURE 40 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 (0x40080) INSECURE 40 SSL_CK_DES_64_CBC_WITH_MD5 (0x60040) INSECURE 56 TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK 56 SSL_CK_RC4_128_WITH_MD5 (0x10080) INSECURE 128 SSL_CK_RC2_128_CBC_WITH_MD5 (0x30080) INSECURE 128 SSL_CK_IDEA_128_CBC_WITH_MD5 (0x50080) INSECURE 128 TLS_RSA_WITH_RC4_128_MD5 (0x4) 128 TLS_RSA_WITH_RC4_128_SHA (0x5) 128 TLS_RSA_WITH_IDEA_CBC_SHA (0x7) 128 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0) INSECURE 112 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 Handshake Simulation Android 2.3.7 No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS RC4 128 Android 4.0.4 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 Android 4.1.1 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 Android 4.2.2 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 Android 4.3 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 Android 4.4.2 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 BingBot Dec 2013 No SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 BingPreview Dec 2013 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 Chrome 33 / Win 7 R TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 Firefox 24.2.0 ESR / Win 7 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 Firefox 27 / Win 8 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 Googlebot Oct 2013 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA (0x5) No FS RC4 128 IE 6 / XP No FS 1 No SNI 2 SSL 3 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS RC4 128 IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 IE 8 / XP No FS 1 No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS RC4 128 IE 8-10 / Win 7 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 IE 11 / Win 7 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 IE 11 / Win 8.1 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 Java 6u45 No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS RC4 128 Java 7u25 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 Java 8b132 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 OpenSSL 0.9.8y TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 OpenSSL 1.0.1e TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 Safari 6 / iOS 6.0.1 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 Safari 7 / iOS 7.1 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 Safari 6.0.4 / OS X 10.8.4 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 Safari 7 / OS X 10.9 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 Yahoo Slurp Oct 2013 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 YandexBot 3.0 No FS 1 No SNI 2 SSL 3 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) No FS 112 (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. (R) Denotes a reference browser or client, with which we expect better effective security. (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). Protocol Details Secure Renegotiation Not supported ACTION NEEDED (more info) Secure Client-Initiated Renegotiation No Insecure Client-Initiated Renegotiation No BEAST attack Not mitigated server-side (more info) SSL 3: 0x9, TLS 1.0: 0x9 TLS compression No RC4 Yes (not with TLS 1.1 and newer) (more info) Heartbleed No (more info) Forward Secrecy No NOT DESIRABLE (more info) Next Protocol Negotiation No Session resumption (caching) Yes Session resumption (tickets) Yes OCSP stapling No Strict Transport Security (HSTS) Unknown Long handshake intolerance No TLS extension intolerance No TLS version intolerance TLS 2.98 SSL 2 handshake compatibility Yes Miscellaneous Test date Wed Apr 09 19:53:58 UTC 2014 Test duration 27.199 seconds HTTP status code Request failed HTTP server signature Unknown Server hostname u15438806.onlinehome-server.com PCI compliant No FIPS-ready No Quote Link to comment Share on other sites More sharing options...
Bluemeanie Posted April 10, 2014 Author Report Share Posted April 10, 2014 Thanks. I just wanted to be sure. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.