SSL Report: cmypage.kuronekoyamato.co.jp (218.40.14.40)
Assessed on:  Tue, 08 Sep 2015 22:45:42 UTC | Clear cache
Scan Another »

Summary
Overall Rating
F
0
20
40
60
80
100
Certificate
 
100
Protocol Support
 
0
Key Exchange
 
90
Cipher Strength
 
80

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.
This server is vulnerable to MITM attacks because it supports insecure renegotiation. Grade set to F.
This server uses SSL 3, which is obsolete and insecure. Grade capped to B. MORE INFO »
Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.  MORE INFO »
This site is intolerant to newer protocol versions, which might cause connection failures.
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C.  MORE INFO »
This server accepts the RC4 cipher, which is weak. Grade capped to B.  MORE INFO »
There is no support for secure renegotiation.  MORE INFO »
The server does not support Forward Secrecy with the reference browsers.  MORE INFO »
Authentication
Server Key and Certificate #1
Common names cmypage.kuronekoyamato.co.jp
Alternative names cmypage.kuronekoyamato.co.jp
Prefix handling Not required for subdomains
Valid from Wed, 25 Feb 2015 00:00:00 UTC
Valid until Wed, 09 Mar 2016 23:59:59 UTC (expires in 5 months and 28 days)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer VeriSign Class 3 Secure Server CA - G3
Signature algorithm SHA1withRSA   WEAK
Extended Validation No
Certificate Transparency No
Revocation information CRL, OCSP
Revocation status Good (not revoked)
Trusted Yes


Additional Certificates (if supplied)
Certificates provided 3 (4109 bytes)
Chain issues Extra certs
#2
Subject VeriSign Class 3 Secure Server CA - G3
Fingerprint: 5deb8f339e264c19f6686f5f8f32b54a4c46b476
Valid until Fri, 07 Feb 2020 23:59:59 UTC (expires in 4 years and 4 months)
Key RSA 2048 bits (e 65537)
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Signature algorithm SHA1withRSA   WEAK
#3
Subject VeriSign Class 3 Public Primary Certification Authority - G5
Fingerprint: 32f30882622b87cf8856c63db873df0853b4dd27
Valid until Sun, 07 Nov 2021 23:59:59 UTC (expires in 6 years and 1 month)
Key RSA 2048 bits (e 65537)
Issuer VeriSign / Class 3 Public Primary Certification Authority
Signature algorithm SHA1withRSA   WEAK


Certification Paths
Path #1: Trusted
1 Sent by server cmypage.kuronekoyamato.co.jp
Fingerprint: a243f9180110ef032c848f85270cc5eb00293ee9
RSA 2048 bits (e 65537) / SHA1withRSA
WEAK SIGNATURE
2 Sent by server VeriSign Class 3 Secure Server CA - G3
Fingerprint: 5deb8f339e264c19f6686f5f8f32b54a4c46b476
RSA 2048 bits (e 65537) / SHA1withRSA
WEAK SIGNATURE
3 In trust store VeriSign Class 3 Public Primary Certification Authority - G5   Self-signed
Fingerprint: 4eb6d578499b1ccf5f581ead56be3d9b6744a5e5
RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate
Configuration
Protocols
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3   INSECURE Yes
SSL 2 No


Cipher Suites (sorted by strength as the server has no preference; deprecated and SSL 2 suites at the end)
TLS_RSA_WITH_RC4_128_MD5 (0x4)   WEAK 128


Handshake Simulation
Android 2.3.7   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Android 4.0.4 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Android 4.1.1 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Android 4.2.2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Android 4.3 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Android 4.4.2 Protocol or cipher suite mismatch Fail3
Android 5.0.0 Protocol or cipher suite mismatch Fail3
Baidu Jan 2015 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
BingPreview Jan 2015 Protocol or cipher suite mismatch Fail3
Chrome 43 / OS X  R Protocol or cipher suite mismatch Fail3
Firefox 31.3.0 ESR / Win 7 Protocol or cipher suite mismatch Fail3
Firefox 39 / OS X  R Protocol or cipher suite mismatch Fail3
Googlebot Feb 2015 Protocol or cipher suite mismatch Fail3
IE 6 / XP   No FS 1   No SNI 2 SSL 3 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
IE 7 / Vista TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
IE 8 / XP   No FS 1   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
IE 8-10 / Win 7  R TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
IE 11 / Win 7  R Protocol or cipher suite mismatch Fail3
IE 11 / Win 8.1  R Protocol or cipher suite mismatch Fail3
IE 10 / Win Phone 8.0 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
IE 11 / Win Phone 8.1  R Protocol or cipher suite mismatch Fail3
IE 11 / Win Phone 8.1 Update  R Protocol or cipher suite mismatch Fail3
Edge 12 / Win 10 (Build 10130)  R Protocol or cipher suite mismatch Fail3
Java 6u45   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Java 7u25 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Java 8u31 Protocol or cipher suite mismatch Fail3
OpenSSL 0.9.8y TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
OpenSSL 1.0.1l  R Protocol or cipher suite mismatch Fail3
OpenSSL 1.0.2  R Protocol or cipher suite mismatch Fail3
Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Safari 6 / iOS 6.0.1  R Protocol or cipher suite mismatch Fail3
Safari 6.0.4 / OS X 10.8.4  R TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Safari 7 / iOS 7.1  R Protocol or cipher suite mismatch Fail3
Safari 7 / OS X 10.9  R Protocol or cipher suite mismatch Fail3
Safari 8 / iOS 8.4  R Protocol or cipher suite mismatch Fail3
Safari 8 / OS X 10.10  R Protocol or cipher suite mismatch Fail3
Yahoo Slurp Jan 2015 Protocol or cipher suite mismatch Fail3
YandexBot Jan 2015 Protocol or cipher suite mismatch Fail3
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers tend to retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).


Protocol Details
Secure Renegotiation Not supported   ACTION NEEDED (more info)
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation Supported   INSECURE (more info)
BEAST attack Mitigated server-side (more info)   SSL 3: 0x4, TLS 1.0: 0x4
POODLE (SSLv3) No, mitigated (more info)   SSL 3: 0x4
POODLE (TLS) No (more info)
Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more info)
SSL/TLS compression No
RC4 Yes   WEAK (more info)
Heartbeat (extension) No
Heartbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) Probably, but not exploitable (investigate to confirm and patch) (more info)
Forward Secrecy No   WEAK (more info)
Next Protocol Negotiation (NPN) No
Session resumption (caching) Yes
Session resumption (tickets) No
OCSP stapling No
Strict Transport Security (HSTS) No
Public Key Pinning (HPKP) No
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance TLS 1.1  TLS 1.2  TLS 1.3  TLS 1.98   PROBLEMATIC
Incorrect SNI alerts No
Uses common DH primes No, DHE suites not supported
DH public server param (Ys) reuse No, DHE suites not supported
SSL 2 handshake compatibility Yes


Miscellaneous
Test date Tue, 08 Sep 2015 22:44:14 UTC
Test duration 88.339 seconds
HTTP status code 200
HTTP server signature FJapache/8.0 (Unix)
Server hostname -


SSL Report v1.19.33