Protocols



TLS 1.3

No



TLS 1.2

Yes



TLS 1.1

No



TLS 1.0

No



SSL 3

No



SSL 2

No





Cipher Suites


# TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH sect571r1 (eq. 15360 bits RSA)   FS

128


TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH sect571r1 (eq. 15360 bits RSA)   FS

128



Handshake Simulation

Android 4.4.2

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp521r1  FS

Android 5.0.0

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp521r1  FS

Android 6.0

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS

Android 7.0

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS

BingPreview Jan 2015

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH sect571r1  FS

Chrome 49 / XP SP3

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS

Chrome 69 / Win 7  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS

Chrome 70 / Win 10

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS

Firefox 31.3.0 ESR / Win 7

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS

Firefox 47 / Win 7  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS

Firefox 49 / XP SP3

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS

Firefox 62 / Win 7  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS

Googlebot Feb 2018

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS

IE 11 / Win 7  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

IE 11 / Win 8.1  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

IE 11 / Win Phone 8.1  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

IE 11 / Win Phone 8.1 Update  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

IE 11 / Win 10  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Edge 15 / Win 10  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Edge 13 / Win Phone 10  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Java 8u161

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

OpenSSL 1.0.1l  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH sect571r1  FS

OpenSSL 1.0.2e  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Safari 6 / iOS 6.0.1

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Safari 7 / iOS 7.1  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Safari 7 / OS X 10.9  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Safari 8 / iOS 8.4  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Safari 8 / OS X 10.10  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Safari 9 / iOS 9  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Safari 9 / OS X 10.11  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Safari 10 / iOS 10  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Safari 10 / OS X 10.12  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Apple ATS 9 / iOS 9  R

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS

Yahoo Slurp Jan 2015

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp384r1  FS

YandexBot Jan 2015

RSA 4096 (SHA256)  

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH sect571r1  FS


Protocol Details



BEAST attack

Mitigated server-side 

POODLE (SSLv3)

No, SSL 3 not supported 

POODLE (TLS)

No 

Downgrade attack prevention

Unknown (requires support for at least two protocols, excl. SSL2)

SSL/TLS compression

No

RC4

No

Heartbeat (extension)

No

Heartbleed (vulnerability)

No 

Ticketbleed (vulnerability)

No 

OpenSSL CCS vuln. (CVE-2014-0224)

No 

OpenSSL Padding Oracle vuln.

(CVE-2016-2107)

No

ROBOT (vulnerability)

No 

Forward Secrecy

Yes (with most browsers)   ROBUST 

ALPN

No

NPN

No

Session resumption (caching)

Yes

Session resumption (tickets)

No

OCSP stapling

No

Strict Transport Security (HSTS)

No

HSTS Preloading

Not in: Chrome  Edge  Firefox  IE 

Public Key Pinning (HPKP)

No

Public Key Pinning Report-Only

No

Public Key Pinning (Static)

No

Long handshake intolerance

No

TLS extension intolerance

No

TLS version intolerance

No

Incorrect SNI alerts

No

Uses common DH primes

No, DHE suites not supported

DH public server param (Ys) reuse

No, DHE suites not supported

ECDH public server param reuse

No

Supported Named Groups

sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1 (Server has no preference)

SSL 2 handshake compatibility

No