Web sites need to use encryption to help their visitors know they're in the right place, as well as provide confidentiality and content integrity. Sites that don't support HTTPS may expose sensitive data and have their pages modified and subverted.
To deploy HTTPS properly, web sites must redirect all unsafe (plaintext) traffic to the encrypted variant. This approach ensures that no sensitive data is exposed and that further security technologies can be activated.
HTTP Strict Transport Security (HSTS) is an HTTPS extension that instructs browsers to remember sites that use encryption and enforce strict security requirements. Without HSTS, active network attacks are easy to carry out.
HSTS Preloading is informing browsers in advance about a site's use of HSTS, which means that strict security can be enforced even on the first visit. This approach provides best HTTPS security available today.
Content Security Policy (CSP) is an additional security layer that enables web sites to control browser behavior, creating a safety net that can counter attacks such as crosssite scripting.
All hosts that receive email need encryption to ensure confidentiality of email messages. Email servers thus need to support STARTTLS, as well as provide decent TLS configuration and correct certificates.
Sender Policy Framework (SPF) enables organizations to designate servers that are allowed to send email messages on their behalf. With SPF in place, spam is easier to identify.
Domainbased Message Authentication, Reporting, and Conformance (DMARC) is a mechanism that allows organizations to specify how unauthenticated email (identified using SPF and DKIM) should be handled.
Your security begins with the security of your domain name. If someone takes control of your domain name then they can update the name server configuration to send users elsewhere, or they can transfer the domain name to another party. For best results, fully lock your domain names at registry and registrar levels.
The RDAP protocol enables users to access current registration data and was created as an eventual replacement for the WHOIS protocol. RDAP has several advantages over the WHOIS protocol, including support for internationalization, secure access to data, and the ability to provide differentiated access to registration data.
Registrant   
Lookup Time  06 Aug 2024 07:54 UTC 
Registrar  
Registrar  MarkMonitor Inc. 
Registrar IANA ID  292 
Events  
Registration  01 Nov 1994 05:00 UTC 
Update  16 May 2023 19:03 UTC 
Expiration  31 Oct 2024 04:00 UTC 
Configuration  
Statuses  clientDeleteProhibited clientTransferProhibited clientUpdateProhibited serverDeleteProhibited serverTransferProhibited serverUpdateProhibited 
Registrar Lock  
Registry Lock  
Nameservers  ns1.amzndns.co.uk ns1.amzndns.com ns1.amzndns.net ns1.amzndns.org ns2.amzndns.co.uk ns2.amzndns.com ns2.amzndns.net ns2.amzndns.org 
Contacts  
Registrar  MarkMonitor Inc. 
Abuse  Email: abusecomplaints@markmonitor.com Phone: +1.2086851750 
WHOIS is a TCPbased transactionoriented query/response protocol that is widely used to provide information services to Internet users. While originally used to provide "white pages" services and information about registered domain names, current deployments cover a much broader range of information services.
Registrant  Amazon Technologies, Inc. 
Lookup Time  06 Aug 2024 07:54 UTC 
Registrar  
Registrar  MarkMonitor, Inc. 
Registrar IANA ID  292 
Events  
Registration  01 Nov 1994 05:00 UTC 
Update  02 Aug 2024 02:17 UTC 
Expiration  30 Oct 2024 07:00 UTC 
Configuration  
Statuses  clientDeleteProhibited serverDeleteProhibited serverUpdateProhibited clientUpdateProhibited clientTransferProhibited serverTransferProhibited 
Registrar Lock  
Registry Lock  
Nameservers  ns1.amzndns.co.uk ns1.amzndns.com ns2.amzndns.com ns2.amzndns.co.uk ns1.amzndns.org ns2.amzndns.org ns2.amzndns.net ns1.amzndns.net 
Contacts  
Registrar  MarkMonitor, Inc. MarkMonitor, Inc. 
Abuse  Email: abusecomplaints@markmonitor.com Phone: +1.2086851750 
Registrant  Hostmaster, Amazon Legal Dept. Amazon Technologies, Inc. P.O. Box 8102 89507 US Email: hostmaster@amazon.com Phone: +1.2062664064 Fax: +1.2062667010 
Administrative  Hostmaster, Amazon Legal Dept. Amazon Technologies, Inc. P.O. Box 8102 89507 US Email: hostmaster@amazon.com Phone: +1.2062664064 Fax: +1.2062667010 
Technical  Hostmaster, Amazon Legal Dept. Amazon Technologies, Inc. P.O. Box 8102 89507 US Email: hostmaster@amazon.com Phone: +1.2062664064 Fax: +1.2062667010 
The global DNS infrastructure is organized as a series of hierarchical DNS zones. The root zone hosts a number of global and country TLDs, which in turn host further zones that are delegated to their customers. Each organization that controls a zone can delegate parts of its namespace to other zones. In this test we perform detailed inspection of a DNS zone, but only if the host being tested matches the zone.
Nameservers can be referred to by name and by address. In this section we show the names, which can appear in the NS records, the referrals from the parent zone, and the SOA record. In some situations, servers from the parent zone respond authoritatively, in which case we will include them in the list as well.
Nameserver  Operational  IPv4  IPv6  Sources 

dnsexternalmaster.amazon.com. STEALTH PRIMARY 204.74.108.1  The server is online.  Name resolves to an IPv4 address.  Name doesn't resolve to an IPv6 address.  SOA 
ns1.amzndns.co.uk. 156.154.67.10 2001:502:4612::10  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  NS REFERRAL 
ns1.amzndns.com. 156.154.64.10 2001:502:f3ff::10  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  NS REFERRAL 
ns1.amzndns.net. 156.154.65.10 2610:a1:1014::10  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  NS REFERRAL 
ns1.amzndns.org. 156.154.66.10 2610:a1:1015::10  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  NS REFERRAL 
ns2.amzndns.co.uk. 204.74.120.1 2610:a1:32d1::53  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  NS REFERRAL 
ns2.amzndns.com. 156.154.68.10 2610:a1:1016::10  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  NS REFERRAL 
ns2.amzndns.net. 156.154.69.10 2610:a1:1017::10  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  NS REFERRAL 
ns2.amzndns.org. 156.154.150.1 2610:a1:31d1::53  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  NS REFERRAL 
This section shows the configuration of all discovered nameservers by their IP address. To find all applicable nameservers, we inspect the parent zone nameservers for names and glue and then the tested zone nameservers for NS records. We then resolve all discovered names to IP addresses. Finally, we test each address individually.
Nameserver  Operational  Authoritative  Recursive  UDP  TCP  Sources  Payload Size 

156.154.150.1 ns2.amzndns.org. PTR: dns01.ultradns2.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
156.154.64.10 ns1.amzndns.com. PTR: u1.amazonaws.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME, GLUE  4096 
156.154.65.10 ns1.amzndns.net. PTR: u2.amazonaws.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
156.154.66.10 ns1.amzndns.org. PTR: u3.amazonaws.info.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
156.154.67.10 ns1.amzndns.co.uk. PTR: u4.amazonaws.info.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
156.154.68.10 ns2.amzndns.com. PTR: u5.amazonaws.org.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME, GLUE  4096 
156.154.69.10 ns2.amzndns.net. PTR: u6.amazonaws.org.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
204.74.108.1 STEALTH PRIMARY dnsexternalmaster.amazon.com. PTR: pdns1.ultradns.net.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
204.74.120.1 ns2.amzndns.co.uk. PTR: dns01.ultradns2.org.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
2001:502:4612::10 ns1.amzndns.co.uk. PTR: u4.amazonaws.info.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
2001:502:f3ff::10 ns1.amzndns.com. PTR: u1.amazonaws.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME, GLUE  4096 
2610:a1:1014::10 ns1.amzndns.net. PTR: u2.amazonaws.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
2610:a1:1015::10 ns1.amzndns.org. PTR: u3.amazonaws.info.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
2610:a1:1016::10 ns2.amzndns.com. PTR: u5.amazonaws.org.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME, GLUE  4096 
2610:a1:1017::10 ns2.amzndns.net. PTR: u6.amazonaws.org.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
2610:a1:31d1::53 ns2.amzndns.org. PTR: dns01.ultradns2.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
2610:a1:32d1::53 ns2.amzndns.co.uk. PTR: dns01.ultradns2.org.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  4096 
Start of Authority (SOA) records contain administrative information pertaining to one DNS zone, especially the configuration that's used for zone transfers between the primary nameserver and the secondaries. Only one SOA record should exist, with all nameservers providing the same information.
The domain name of the primary nameserver for the zone. Also known as MNAME.Primary nameserver  dnsexternalmaster.amazon.com. 
Email address of the persons responsible for this zone. Also known as RNAME.Admin email  hostmaster.amazon.com. 
Zone serial or version number.Serial number  2010188075 
The length of time secondary nameservers should wait before querying the primary for changes.Refresh interval  180 seconds (about 3 minutes) 
The length of time secondary nameservers should wait before querying an unresponsive primary again.Retry interval  60 seconds (about 1 minute) 
The length of time after which secondary nameservers should stop responding to queries for a zone, assuming no updates were obtained from the primary.Expire interval  604,800 seconds (about 7 days) 
TTL for purposes of negative response caching. Negative cache TTL  900 seconds (about 15 minutes) 
Time To Live (TTL) indicates for how long a record remains valid. SOA record TTL  900 seconds (about 15 minutes) 
Below are all DNS queries we submitted during the zone inspection.
ID  Server  Transport  Question Name  Type  Status 

Correctly functioning name servers are necessary to hold and distribute information that's necessary for your domain name to operate correctly. Examples include converting names to IP addresses, determining where email should go, and so on. More recently, the DNS is being used to communicate email and other security policies.
These are the results of individual DNS queries against your nameserver for common resource record types.
Name  TTL  Type  Data 

amazon.com.  900  A  52.94.236.248 
amazon.com.  900  A  54.239.28.85 
amazon.com.  900  A  205.251.242.103 
www.amazon.com.  1800  CNAME  tp.47cf2c8c9frontier.amazon.com. 
tp.47cf2c8c9frontier.amazon.com.  60  CNAME  d3ag4hukkh62yn.cloudfront.net. 
d3ag4hukkh62yn.cloudfront.net.  60  A  108.138.127.202 
d3ag4hukkh62yn.cloudfront.net.  60  AAAA  2600:9000:2514:d800:7:49a5:5fd3:b641 
d3ag4hukkh62yn.cloudfront.net.  60  AAAA  2600:9000:2514:ea00:7:49a5:5fd3:b641 
d3ag4hukkh62yn.cloudfront.net.  60  AAAA  2600:9000:2514:6800:7:49a5:5fd3:b641 
d3ag4hukkh62yn.cloudfront.net.  60  AAAA  2600:9000:2514:ae00:7:49a5:5fd3:b641 
d3ag4hukkh62yn.cloudfront.net.  60  AAAA  2600:9000:2514:a400:7:49a5:5fd3:b641 
d3ag4hukkh62yn.cloudfront.net.  60  AAAA  2600:9000:2514:8e00:7:49a5:5fd3:b641 
d3ag4hukkh62yn.cloudfront.net.  60  AAAA  2600:9000:2514:c200:7:49a5:5fd3:b641 
d3ag4hukkh62yn.cloudfront.net.  60  AAAA  2600:9000:2514:200:7:49a5:5fd3:b641 
amazon.com.  900  MX  5 amazonsmtp.amazon.com. 
amazon.com.  7200  NS  ns1.amzndns.com. 
amazon.com.  7200  NS  ns2.amzndns.org. 
amazon.com.  7200  NS  ns1.amzndns.co.uk. 
amazon.com.  7200  NS  ns2.amzndns.com. 
amazon.com.  7200  NS  ns2.amzndns.net. 
amazon.com.  7200  NS  ns2.amzndns.co.uk. 
amazon.com.  7200  NS  ns1.amzndns.net. 
amazon.com.  7200  NS  ns1.amzndns.org. 
amazon.com.  900  SOA  dnsexternalmaster.amazon.com. hostmaster.amazon.com. 2010188075 180 60 604800 900 
amazon.com.  900  TXT  "spf2.0/pra include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com all" 
amazon.com.  900  TXT  "stripeverification=a5c01aa4d732f4b93154d67983d77982ef1a2db73fecfd4bcd64e224d3ab4075" 
amazon.com.  900  TXT  "brevocode:9be7f7c39958d253a31de6593fa831bc" 
amazon.com.  900  TXT  "sending_domain229492=341509a116ea4311fcb2e489303bf09a139b10ce9b90e5029d2677055cb4dc89" 
amazon.com.  900  TXT  "googlesiteverification=G_mXb0ZYjjGkQVGjpOOB2deSOaVdxVj4i4vozJTREs" 
amazon.com.  900  TXT  "sending_domain229492=7cde83fbc5246557c64d9d9ba79f0d11f7ba9eb6127f60451a9aa6f8dead4381" 
amazon.com.  900  TXT  "v=spf1 include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com all" 
amazon.com.  900  TXT  "canvasiteverification=WhUvTbfe6tUQWmIXnQifGA" 
amazon.com.  900  TXT  "atlassiandomainverification=ZT4AapXgobCpXIWoNcd7gtMjZyOUdr4EDFMnFUWrqqqgdaQVbDvoGpRaIwj/tgPH" 
amazon.com.  900  TXT  "MS=4B600B22799EB2CAC0D8FF0A3A3CAECA5EE2BF3A" 
amazon.com.  900  TXT  "facebookdomainverification=d9u57u52gylohx845ogo1axzpywpmq" 
amazon.com.  900  TXT  "liverampsiteverification=jZJKgMEQ_1mdjMhKj02iqNACZNJHRWhCEQdQ_OuCMo" 
amazon.com.  900  TXT  "autodeskdomainverification=dmryiygGOGBJFJFVo5Bl" 
amazon.com.  900  TXT  "sending_domain608861=81b0d52095dae60d604e7cbea5e58e1d842f7d950d6673a43feae339b664ca31" 
amazon.com.  900  TXT  "sending_domain1003771=f1303d8ee3b86e39db2703b11feb83e1e8b712a9ffc64c3d56505192e5b3bf4f" 
amazon.com.  900  TXT  "boxdomainverification=ffea95cd0e0d61c302198367155b07e74fd534fa1d867662dc9bf9969b6f535d" 
amazon.com.  900  TXT  "sending_domain1003771=199bc63a54ace5d8d5c5d08286af86d7049b4afacb5ef7decd6b22cf9e8d5efb" 
amazon.com.  900  TXT  "googlesiteverification=D0RwRb_QApkpApKTFaFlRwbm_yrkey0uokKw0wQUIdk" 
amazon.com.  900  TXT  "pardot326621=b26a7b44d7c73d119ef9dfd1a24d93c77d583ac50ba4ecedd899a9134734403b" 
amazon.com.  900  TXT  "ciscocidomainverification=1b256bd11daa486ba2fa405d2d5de70f75feb6757dd8993ca8de685a7dfea1df" 
amazon.com.  900  TXT  "stripeverification=6a5d107aa37465eac2101bb1c725b02072689a4fa7bd38b455970baac4979a17" 
amazon.com.  900  TXT  "wrikeverification=MzI3NzM2ODo2NDk5MjE4NjQ2MWJmOTEwMGMxM2MzNzJmNWJlY2U5ZDU4MmVlNzQ2NWU4MTY5OWJjMjlmYjQ4Mjc5M2JiMzky" 
amazon.com.  900  TXT  "sending_domain949422=99a7b44052aefc4dec2abf56189160824664d2fdac00ca962f4455be62b51d56" 
amazon.com.  900  TXT  "appledomainverification=4wbNaeWvAH0pU1yi" 
amazon.com.  900  TXT  "appledomainverification=dVkKZnu17XS0EN2X" 
amazon.com.  900  TXT  "canvasiteverification=Hksh9WEUPWP13_SEU1mPMA" 
amazon.com.  900  TXT  "sending_domain1014172=003846595520e80ec84e8cc47c07e3a71afb855fc743bb92cdec93f88c7a4029" 
amazon.com.  900  TXT  "sending_domain608861=d33a88e8540c33a1217138cf8a25879734bd35673bb7cfbd639f95c550b33ec4" 
amazon.com.  900  TXT  "googlesiteverification=14WGW2MdNMxchG8PlinF7LgqqE0OwwHqOq0HKhb7rDQ" 
amazon.com.  900  TXT  "stripeverification=a27edc0da55836ea6bb7eac592bf2ca8e246eb652608d54493119df7df005afc" 
amazon.com.  900  TXT  "pendodomainverification=ecbe1a51954d4202ab86d15e04b96769" 
amazon.com.  900  TXT  "sending_domain949422=43d714838567583460e7720e6049505edb8e25c1ef4321419d41bc5255db7ba5" 
_dmarc.amazon.com.  900  TXT  "v=DMARC1;" "p=quarantine;" "pct=100;" "rua=mailto:report@dmarc.amazon.com;" "ruf=mailto:report@dmarc.amazon.com" 
_domainkey.amazon.com.  7200  TXT  "t=y; o=~; r=abuse@amazon.com" 
Below are all DNS queries we submitted while inspecting the resource records.
ID  Server  Question Name  Type  Status 

DNSSEC is an extension of the DNS protocol that provides cryptographic assurance of the authenticity and integrity of responses; it's intended as a defense against network attackers who are able to manipulate DNS to redirect their victims to servers of their choice. DNSSEC is controversial, with the industry split largely between those who think it's essential and those who believe that it's problematic and unnecessary.
CAA (RFC 8659) is a new standard that allows domain name owners to restrict which CAs are allowed to issue certificates for their domains. This can help to reduce the chance of misissuance, either accidentally or maliciously. In September 2017, CAA became mandatory for CAs to implement.
An internet hostname can be served by zero or more mail servers, as specified by MX (mail exchange) DNS resource records. Each server can further resolve to multiple IP addresses, for example to handle IPv4 and IPv6 clients. Thus, in practice, hosts that wish to receive email reliably are supported by many endpoint.
Server  Preference  Operational  STARTTLS  TLS  PKI  DNSSEC  DANE 

amazonsmtp.amazon.com 54.161.9.151 PTR: smtp02.useast1.mailperimeter.amazon.com 
5 
220 cluster03.useast1.mailperimeter.amazon.com ESMTP EHLO outbound.hardenize.com 250cluster03.useast1.mailperimeter.amazon.com 2508BITMIME 250SIZE 104857600 250 STARTTLS STARTTLS 220 Go ahead with TLS 
Supports STARTTLS.  Not supported.  Not applicable, requires TLS. 
Cache timestamp: 31 Jul 2024 15:40 UTC
Transport Layer Security (TLS) is the most widely used encryption protocol on the Internet. In combination with valid certificates, servers can establish trusted communication channels even with users who have never visited them before. Network attackers can't uncover what is being communicated, even when they can see all the traffic.
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2

Shows cipher suite configuration for this protocol version.TLS v1.2 
Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp256r1 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
31 Jul 2024 15:40 UTC 
A certificate is a digital document that contains a public key, some information about the entity associated with it, and a digital signature from the certificate issuer. Itâ€™s a mechanism that enables us to exchange, store, and use public keys. Being able to reliably verify the identity of a remote server is crucial in order to achieve secure encrypted communication.
Names  smtp.useast1.mailperimeter.amazon.com amazonsmtp.amazon.com mailperimeter.amazon.com cluster01.useast1.mailperimeter.amazon.com cluster02.useast1.mailperimeter.amazon.com cluster03.useast1.mailperimeter.amazon.com smtp01.useast1.mailperimeter.amazon.com smtp02.useast1.mailperimeter.amazon.com smtp03.useast1.mailperimeter.amazon.com 
Subject DN  CN=smtp.useast1.mailperimeter.amazon.com 
Subject Key Identifier  d7534e9b52666628b2e6917698e92d0fda65201a 
Serial  8191901b3011c1428b24bcfcf438fb8 
Not Before  14 Feb 2024 00:00:00 UTC 
Not After  07 Feb 2025 23:59:59 UTC 
Validity period  360 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=Amazon RSA 2048 M01, O=Amazon, C=US 
Certification Authority  Amazon 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:81b80e638a891218e5fa3b3b50959fe6e5901385 
Parent Certificate  http://crt.r2m01.amazontrust.com/r2m01.cer 
CRL  http://crl.r2m01.amazontrust.com/r2m01.crl 
OCSP  http://ocsp.r2m01.amazontrust.com 
Certificate Transparency 

Signed Certificate Timestamps 
14 Feb 2024 02:01:35 UTC
 Google 'Argon2025h1' log
 Qualified
14 Feb 2024 02:01:34 UTC  DigiCert Yeti2025 Log  Qualified 14 Feb 2024 02:01:35 UTC  DigiCert Nessie2025 Log  Qualified 
Fingerprints 

SHA1  fc2fa9947e504153a4a8ecc3fb1d13643285e296 
SHA256  d6863d6b29b05d41745273e8581bfd3619e9faca4a076cb786a111bd5ee7c918 
SPKI SHA256  d85f587c077583730bad8408964a33fe7998d804c0c2996d2c8fb1e81dd49dd2 
Names  smtp.useast1.mailperimeter.amazon.com amazonsmtp.amazon.com mailperimeter.amazon.com cluster01.useast1.mailperimeter.amazon.com cluster02.useast1.mailperimeter.amazon.com cluster03.useast1.mailperimeter.amazon.com smtp01.useast1.mailperimeter.amazon.com smtp02.useast1.mailperimeter.amazon.com smtp03.useast1.mailperimeter.amazon.com 
Subject DN  CN=smtp.useast1.mailperimeter.amazon.com 
Subject Key Identifier  d7534e9b52666628b2e6917698e92d0fda65201a 
Serial  8191901b3011c1428b24bcfcf438fb8 
Not Before  14 Feb 2024 00:00:00 UTC 
Not After  07 Feb 2025 23:59:59 UTC 
Validity period  360 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=Amazon RSA 2048 M01, O=Amazon, C=US 
Certification Authority  Amazon 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:81b80e638a891218e5fa3b3b50959fe6e5901385 
Parent Certificate  http://crt.r2m01.amazontrust.com/r2m01.cer 
CRL  http://crl.r2m01.amazontrust.com/r2m01.crl 
OCSP  http://ocsp.r2m01.amazontrust.com 
Certificate Transparency 

Signed Certificate Timestamps 
14 Feb 2024 02:01:35 UTC
 Google 'Argon2025h1' log
 Qualified
14 Feb 2024 02:01:34 UTC  DigiCert Yeti2025 Log  Qualified 14 Feb 2024 02:01:35 UTC  DigiCert Nessie2025 Log  Qualified 
Fingerprints 

SHA1  fc2fa9947e504153a4a8ecc3fb1d13643285e296 
SHA256  d6863d6b29b05d41745273e8581bfd3619e9faca4a076cb786a111bd5ee7c918 
SPKI SHA256  d85f587c077583730bad8408964a33fe7998d804c0c2996d2c8fb1e81dd49dd2 
Subject DN  CN=Amazon RSA 2048 M01, O=Amazon, C=US 
Subject Key Identifier  81b80e638a891218e5fa3b3b50959fe6e5901385 
Serial  77312380b9d6688a33b1ed9bf9ccda68e0e0f 
Not Before  23 Aug 2022 22:21:28 UTC 
Not After  23 Aug 2030 22:21:28 UTC 
Validity period  2923 days 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Extended Key Usage  serverAuth, clientAuth 
Issuer 

Issuer DN  CN=Amazon Root CA 1, O=Amazon, C=US 
Certification Authority  Amazon 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:8418cc8534ecbc0c94942e08599cc7b2104e0a08 
Parent Certificate  http://crt.rootca1.amazontrust.com/rootca1.cer 
CRL  http://crl.rootca1.amazontrust.com/rootca1.crl 
OCSP  http://ocsp.rootca1.amazontrust.com 
CA certificate  Yes (pathlen 0) 
Fingerprints 

SHA1  2ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c 
SHA256  5338ebec8fb2ac60996126d3e76aa34fd0f3318ac78ebb7ac8f6f1361f484b33 
SPKI SHA256  0f11f8b6de342fe79db85eacce963a4ce365c6166105dfa927dc1b1e54367eec 
Subject DN  CN=Amazon Root CA 1, O=Amazon, C=US 
Subject Key Identifier  8418cc8534ecbc0c94942e08599cc7b2104e0a08 
Serial  66c9fcf99bf8c0a39e2f0788a43e696365bca 
Not Before  26 May 2015 00:00:00 UTC 
Not After  17 Jan 2038 00:00:00 UTC 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=Amazon Root CA 1, O=Amazon, C=US 
Certification Authority  Amazon 
Validation Type  Selfsigned 
CA certificate  Yes (pathlen unlimited) 
Fingerprints 

SHA1  8da7f965ec5efc37910f1c6e59fdc1cc6a6ede16 
SHA256  8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e 
SPKI SHA256  fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2 
DNSbased Authentication of Named Entities (DANE) is a bridge between DNSSEC and TLS. In one possible scenario, DANE can be used for public key pinning, building on an existing publiclytrusted certificate. In another approach, it can be used to completely bypass the CA ecosystem and establish trust using DNSSEC alone.
Sender Policy Framework (SPF) is a protocol that allows domain name owners to control which internet hosts are allowed to send email on their behalf. This simple mechanism can be used to reduce the effect of email spoofing and cut down on spam.
Host where this policy is located.Location  amazon.com 
SPF version used by this policy.v  spf1 
Evaluates SPF policy specified in another DNS location. This directive is typically used to allow hosts controlled by another organization. include 
spf1.amazon.com 
Evaluates SPF policy specified in another DNS location. This directive is typically used to allow hosts controlled by another organization. include 
spf2.amazon.com 
Evaluates SPF policy specified in another DNS location. This directive is typically used to allow hosts controlled by another organization. include 
amazonses.com 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. all 
Policy text: v=spf1 include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com all
Location: amazon.com
Lookups: 3
Host where this policy is located.Location  spf1.amazon.com 
SPF version used by this policy.v  spf1 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
207.171.160.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
87.238.80.0/21 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
72.21.192.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
194.154.193.192/27 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
194.7.41.152/28 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
212.123.28.40/32 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
203.81.17.0/24 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
178.236.10.128/26 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
52.94.124.0/28 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
99.78.197.208/28 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
52.119.213.144/28 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. all 
Host where this policy is located.Location  spf2.amazon.com 
SPF version used by this policy.v  spf1 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
176.32.105.0/24 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
176.32.127.0/24 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
106.50.16.0/28 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
205.251.233.32/32 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
205.251.233.36/32 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
72.21.217.142/32 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
52.95.48.152/29 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
52.95.49.88/29 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. all 
Host where this policy is located.Location  amazonses.com 
SPF version used by this policy.v  spf1 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
199.255.192.0/22 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
199.127.232.0/22 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
54.240.0.0/18 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
69.169.224.0/20 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
23.249.208.0/20 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
23.251.224.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
76.223.176.0/20 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
54.240.64.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
54.240.96.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
76.223.128.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
216.221.160.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
206.55.144.0/20 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. all 
Domainbased Message Authentication, Reporting, and Conformance (DMARC) is a scalable mechanism by which a mailoriginating organization can express domainlevel policies and preferences for message validation, disposition, and reporting, that a mailreceiving organization can use to improve mail handling.
The location from which we obtained this policy.Policy location  _dmarc.amazon.com 
DMARC version used by this policy.v  DMARC1 
Indicates the policy to be enacted by the receiver at the request of the domain owner. Possible values are: none, quarantine, and reject.p 
quarantine 
Percentage of messages from mail stream to which the DMARC policy is to be applied.pct 
100 
Addresses to which aggregate feedback is to be sent.rua  mailto:report@dmarc.amazon.com 
Addresses to which messagespecific failure information is to be reported.ruf 
mailto:report@dmarc.amazon.com 
Policy: v=DMARC1;p=quarantine;pct=100;rua=mailto:report@dmarc.amazon.com;ruf=mailto:report@dmarc.amazon.com
Host: _dmarc.amazon.com
SMTP Mail Transfer Agent Strict Transport Security (MTASTS) is a mechanism enabling mail service providers to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections, and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.
SMTP TLS Reporting (RFC 8460), or TLSRPT for short, describes a reporting mechanism and format by which systems sending email can share statistics and specific information about potential failures with recipient domains. Recipient domains can then use this information to both detect potential attacks and diagnose unintentional misconfigurations. TLSRPT can be used with DANE or MTASTS.
To observe your HTTP implementation, we submit a request to the homepage of your site on port 80, follow all redirections (even when they take us to other domain names), and record the returned HTTP headers.
To observe your HTTPS implementation, we submit a request to the homepage of your site on port 443, follow all redirections (even when they take us to other domain names), and record the returned HTTP headers. We use the most recent set of headers returned from the tested hostname for further tests such as HSTS and HPKP.
Transport Layer Security (TLS) is the most widely used encryption protocol on the Internet. In combination with valid certificates, servers can establish trusted communication channels even with users who have never visited them before. Network attackers can't uncover what is being communicated, even when they can see all the traffic.
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_128_GCM_SHA256
Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
A certificate is a digital document that contains a public key, some information about the entity associated with it, and a digital signature from the certificate issuer. Itâ€™s a mechanism that enables us to exchange, store, and use public keys. Being able to reliably verify the identity of a remote server is crucial in order to achieve secure encrypted communication.
Names  amazon.com amzn.com uedata.amazon.com us.amazon.com www.amazon.com www.amzn.com corporate.amazon.com buybox.amazon.com iphone.amazon.com yp.amazon.com home.amazon.com originwww.amazon.com buckeyeretailwebsite.amazon.com huddles.amazon.com pntwwwamazoncomkalias.amazon.com pyowwwamazoncomkalias.amazon.com py3wwwamazoncomkalias.amazon.com yellowpages.amazon.com www.m.amazon.com www.cdn.amazon.com testwww.amazon.com mp3recs.amazon.com konradtest.amazon.com 
Subject DN  CN=www.amazon.com 
Subject Key Identifier  f6e242db96d1772968e0ae0da155a827fbd8cc6e 
Serial  9595080734f983c01febd78d23e349c 
Not Before  28 Nov 2023 00:00:00 UTC 
Not After  11 Nov 2024 23:59:59 UTC 
Validity period  350 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=DigiCert Global CA G2, O=DigiCert Inc, C=US 
Certification Authority  DigiCert 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:246e2b2dd06a925151256901aa9a47a689e74020 
Parent Certificate  http://cacerts.digicert.com/DigiCertGlobalCAG2.crt 
CRL  http://crl3.digicert.com/DigiCertGlobalCAG2.crl http://crl4.digicert.com/DigiCertGlobalCAG2.crl 
OCSP  http://ocsp.digicert.com 
Certificate Transparency 

Signed Certificate Timestamps 
28 Nov 2023 04:41:06 UTC
 Google 'Argon2024' log
 Qualified
28 Nov 2023 04:41:06 UTC  DigiCert Yeti2024 Log  Qualified 28 Nov 2023 04:41:06 UTC  Cloudflare 'Nimbus2024' Log  Qualified 
Fingerprints 

SHA1  6255ea538da83f87b555c554eef61825c8722361 
SHA256  2a69f35e63f09c5af3b08e77346b51ecea0fc140f20ad17c7abd622e2410892a 
SPKI SHA256  4fdfb38b13dd2abca923ff75bde20743d508d38b9005002f044ad2b508828ab8 
Determining whether a certificate is considered valid is a complicated process that depends on the exact configuration of the validating party. For trust to be established, the certificate must form a chain that ends with a trusted root. In this section we evaluate the server's certificate against major root stores.
Platform  Trusted 

Apple  
Google AOSP  
Microsoft  
Mozilla 
For a server certificate to be valid, it must be presented as part of a complete and valid certificate chain. The last certificate in the chain should be the root and is usually not included in the configuration.
Names  amazon.com amzn.com uedata.amazon.com us.amazon.com www.amazon.com www.amzn.com corporate.amazon.com buybox.amazon.com iphone.amazon.com yp.amazon.com home.amazon.com originwww.amazon.com buckeyeretailwebsite.amazon.com huddles.amazon.com pntwwwamazoncomkalias.amazon.com pyowwwamazoncomkalias.amazon.com py3wwwamazoncomkalias.amazon.com yellowpages.amazon.com www.m.amazon.com www.cdn.amazon.com testwww.amazon.com mp3recs.amazon.com konradtest.amazon.com 
Subject DN  CN=www.amazon.com 
Subject Key Identifier  f6e242db96d1772968e0ae0da155a827fbd8cc6e 
Serial  9595080734f983c01febd78d23e349c 
Not Before  28 Nov 2023 00:00:00 UTC 
Not After  11 Nov 2024 23:59:59 UTC 
Validity period  350 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=DigiCert Global CA G2, O=DigiCert Inc, C=US 
Certification Authority  DigiCert 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:246e2b2dd06a925151256901aa9a47a689e74020 
Parent Certificate  http://cacerts.digicert.com/DigiCertGlobalCAG2.crt 
CRL  http://crl3.digicert.com/DigiCertGlobalCAG2.crl http://crl4.digicert.com/DigiCertGlobalCAG2.crl 
OCSP  http://ocsp.digicert.com 
Certificate Transparency 

Signed Certificate Timestamps 
28 Nov 2023 04:41:06 UTC
 Google 'Argon2024' log
 Qualified
28 Nov 2023 04:41:06 UTC  DigiCert Yeti2024 Log  Qualified 28 Nov 2023 04:41:06 UTC  Cloudflare 'Nimbus2024' Log  Qualified 
Fingerprints 

SHA1  6255ea538da83f87b555c554eef61825c8722361 
SHA256  2a69f35e63f09c5af3b08e77346b51ecea0fc140f20ad17c7abd622e2410892a 
SPKI SHA256  4fdfb38b13dd2abca923ff75bde20743d508d38b9005002f044ad2b508828ab8 
Subject DN  CN=DigiCert Global CA G2, O=DigiCert Inc, C=US 
Subject Key Identifier  246e2b2dd06a925151256901aa9a47a689e74020 
Serial  c8ee0c90d6a89158804061ee241f9af 
Not Before  01 Aug 2013 12:00:00 UTC 
Not After  01 Aug 2028 12:00:00 UTC 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US 
Certification Authority  DigiCert 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:4e2254201895e6e36ee60ffafab912ed06178f39 
CRL  http://crl4.digicert.com/DigiCertGlobalRootG2.crl http://crl3.digicert.com/DigiCertGlobalRootG2.crl 
OCSP  http://ocsp.digicert.com 
CA certificate  Yes (pathlen 0) 
Fingerprints 

SHA1  d6aee31631f7abc56b9de8abeccc4108a626b104 
SHA256  8fac576439c9fd3ef153b51f9edd0d381b5df7b87559cebeca04297dd44a639b 
SPKI SHA256  9e3378ad11bedb674d5c08bec9bf1edd4332a60ccf50f1e5bf8f9fa142f09758 