Jump to content

heartbleed

Bluemeanie

By Bluemeanie
in Technical Support

 Share

Recommended Posts

Ranko Newbie

Ranko[IS]

Posted
Posted

It does indeed use SSL (well the game server does), and it is NOT vulnerable, yet it fails the general SSL tests, due to poor cyphers etc.

 

Linky to tool used: https://www.ssllabs.com/ssltest/analyze.html?d=sunrise.net-7.org&hideResults=on

 

 

SL Report: sunrise.net-7.org (74.208.192.215)

Assessed on:  Wed Apr 09 19:54:25 UTC 2014 | HIDDEN | Clear cache
Summary
Overall Rating
F
If trust issues are ignored: F
0
20
40
60
80
100
Certificate
 
0
Protocol Support
 
0
Key Exchange
 
40
Cipher Strength
 
60

This server is not vulnerable to the Heartbleed attack. (Experimental)
This server's certificate is not trusted. Grade set to F.
This server supports SSL 2, which is obsolete and insecure. Grade set to F.
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B.
There is no support for secure renegotiation.  MORE INFO »
The server does not support Forward Secrecy with the reference browsers.  MORE INFO »
Authentication
icon-certificate.gif Server Key and Certificate #1 Common names local.net-7.org   MISMATCH Alternative names - Prefix handling Not required for subdomains Valid from Fri Nov 17 05:07:49 UTC 2006 Valid until Fri Nov 18 05:07:49 UTC 2016 (expires in 2 years and 7 months) Key RSA 2048 bits Weak key (Debian) No Issuer local.net-7.org   Self-signed Signature algorithm SHA1withRSA Extended Validation No Revocation information None Trusted No   NOT TRUSTED (Why?)

icon-certificates.png Additional Certificates (if supplied) Certificates provided 1 (1122 bytes) Chain issues Contains anchor

icon-chain.gif Certification Paths Path #1: Not trusted (path does not chain to a trusted anchor) 1 Sent by server
  Not in trust store local.net-7.org
SHA1: 20224156821616d38572ee14b700c0add6bcf4e9
RSA 2048 bits / SHA1withRSA
Configuration

icon-protocol.gif

Protocols TLS 1.2 No TLS 1.1 No TLS 1.0 Yes SSL 3 Yes SSL 2   INSECURE Yes
 

icon-cipher.gif

Cipher Suites (sorted by strength; the server has no preference) SSL_CK_RC4_128_EXPORT40_WITH_MD5 (0x20080)   INSECURE 40 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 (0x40080)   INSECURE 40 SSL_CK_DES_64_CBC_WITH_MD5 (0x60040)   INSECURE 56 TLS_RSA_WITH_DES_CBC_SHA (0x9)   WEAK 56 SSL_CK_RC4_128_WITH_MD5 (0x10080)   INSECURE 128 SSL_CK_RC2_128_CBC_WITH_MD5 (0x30080)   INSECURE 128 SSL_CK_IDEA_128_CBC_WITH_MD5 (0x50080)   INSECURE 128 TLS_RSA_WITH_RC4_128_MD5 (0x4) 128 TLS_RSA_WITH_RC4_128_SHA (0x5) 128 TLS_RSA_WITH_IDEA_CBC_SHA (0x7) 128 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0)   INSECURE 112 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
 

icon-cipher.gif

Handshake Simulation Android 2.3.7   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128 Android 4.0.4 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256 Android 4.1.1 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256 Android 4.2.2 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256 Android 4.3 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256 Android 4.4.2 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256 BingBot Dec 2013   No SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 BingPreview Dec 2013 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256 Chrome 33 / Win 7  R TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256 Firefox 24.2.0 ESR / Win 7 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256 Firefox 27 / Win 8  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 Googlebot Oct 2013 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA (0x5)   No FS   RC4 128 IE 6 / XP   No FS 1   No SNI 2 SSL 3 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128 IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 IE 8 / XP   No FS 1   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128 IE 8-10 / Win 7  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 IE 11 / Win 7  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 IE 11 / Win 8.1  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 Java 6u45   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128 Java 7u25 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 Java 8b132 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 OpenSSL 0.9.8y TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256 OpenSSL 1.0.1e TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256 Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 Safari 6 / iOS 6.0.1  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 Safari 7 / iOS 7.1  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 Safari 6.0.4 / OS X 10.8.4  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 Safari 7 / OS X 10.9  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128 Yahoo Slurp Oct 2013 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256 YandexBot 3.0   No FS 1   No SNI 2 SSL 3 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   No FS 112 (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. (R) Denotes a reference browser or client, with which we expect better effective security. (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
 

icon-protocol-details.gif

Protocol Details Secure Renegotiation Not supported   ACTION NEEDED (more info) Secure Client-Initiated Renegotiation No Insecure Client-Initiated Renegotiation No BEAST attack Not mitigated server-side (more info)   SSL 3: 0x9, TLS 1.0: 0x9 TLS compression No RC4 Yes (not with TLS 1.1 and newer) (more info) Heartbleed No (more info) Forward Secrecy No   NOT DESIRABLE (more info) Next Protocol Negotiation No Session resumption (caching) Yes Session resumption (tickets) Yes OCSP stapling No Strict Transport Security (HSTS) Unknown Long handshake intolerance No TLS extension intolerance No TLS version intolerance TLS 2.98  SSL 2 handshake compatibility Yes
 

icon-misc.png

Miscellaneous Test date Wed Apr 09 19:53:58 UTC 2014 Test duration 27.199 seconds HTTP status code Request failed HTTP server signature Unknown Server hostname u15438806.onlinehome-server.com PCI compliant No FIPS-ready No

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...