Web sites need to use encryption to help their visitors know they're in the right place, as well as provide confidentiality and content integrity. Sites that don't support HTTPS may expose sensitive data and have their pages modified and subverted.
To deploy HTTPS properly, web sites must redirect all unsafe (plaintext) traffic to the encrypted variant. This approach ensures that no sensitive data is exposed and that further security technologies can be activated.
HTTP Strict Transport Security (HSTS) is an HTTPS extension that instructs browsers to remember sites that use encryption and enforce strict security requirements. Without HSTS, active network attacks are easy to carry out.
HSTS Preloading is informing browsers in advance about a site's use of HSTS, which means that strict security can be enforced even on the first visit. This approach provides best HTTPS security available today.
Content Security Policy (CSP) is an additional security layer that enables web sites to control browser behavior, creating a safety net that can counter attacks such as crosssite scripting.
All hosts that receive email need encryption to ensure confidentiality of email messages. Email servers thus need to support STARTTLS, as well as provide decent TLS configuration and correct certificates.
Sender Policy Framework (SPF) enables organizations to designate servers that are allowed to send email messages on their behalf. With SPF in place, spam is easier to identify.
Domainbased Message Authentication, Reporting, and Conformance (DMARC) is a mechanism that allows organizations to specify how unauthenticated email (identified using SPF and DKIM) should be handled.
The global DNS infrastructure is organized as a series of hierarchical DNS zones. The root zone hosts a number of global and country TLDs, which in turn host further zones that are delegated to their customers. Each organization that controls a zone can delegate parts of its namespace to other zones. In this test we perform detailed inspection of a DNS zone, but only if the host being tested matches the zone.
Nameservers can be referred to by name and by address. In this section we show the names, which can appear in the NS records, the referrals from the parent zone, and the SOA record. In some situations, servers from the parent zone respond authoritatively, in which case we will include them in the list as well.
Nameserver  Operational  IPv4  IPv6  Sources 

greg.ns.cloudflare.com. PRIMARY 108.162.193.115 172.64.33.115 173.245.59.115 2606:4700:58::adf5:3b73 2803:f800:50::6ca2:c173 2a06:98c1:50::ac40:2173  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  SOA REFERRAL NS 
uma.ns.cloudflare.com. 108.162.192.146 172.64.32.146 173.245.58.146 2606:4700:50::adf5:3a92 2803:f800:50::6ca2:c092 2a06:98c1:50::ac40:2092  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  REFERRAL NS 
This section shows the configuration of all discovered nameservers by their IP address. To find all applicable nameservers, we inspect the parent zone nameservers for names and glue and then the tested zone nameservers for NS records. We then resolve all discovered names to IP addresses. Finally, we test each address individually.
Nameserver  Operational  Authoritative  Recursive  UDP  TCP  Sources  Payload Size 

108.162.192.146 uma.ns.cloudflare.com. PTR: uma.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
108.162.193.115 PRIMARY greg.ns.cloudflare.com. PTR: greg.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
172.64.32.146 uma.ns.cloudflare.com. PTR: uma.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
172.64.33.115 PRIMARY greg.ns.cloudflare.com. PTR: greg.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
173.245.58.146 uma.ns.cloudflare.com. PTR: uma.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
173.245.59.115 PRIMARY greg.ns.cloudflare.com. PTR: greg.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2606:4700:50::adf5:3a92 uma.ns.cloudflare.com. PTR: uma.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2606:4700:58::adf5:3b73 PRIMARY greg.ns.cloudflare.com. PTR: greg.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2803:f800:50::6ca2:c092 uma.ns.cloudflare.com. PTR: uma.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2803:f800:50::6ca2:c173 PRIMARY greg.ns.cloudflare.com. PTR: greg.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2a06:98c1:50::ac40:2092 uma.ns.cloudflare.com. PTR: uma.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2a06:98c1:50::ac40:2173 PRIMARY greg.ns.cloudflare.com. PTR: greg.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
Start of Authority (SOA) records contain administrative information pertaining to one DNS zone, especially the configuration that's used for zone transfers between the primary nameserver and the secondaries. Only one SOA record should exist, with all nameservers providing the same information.
The domain name of the primary nameserver for the zone. Also known as MNAME.Primary nameserver  greg.ns.cloudflare.com. 
Email address of the persons responsible for this zone. Also known as RNAME.Admin email  dns.cloudflare.com. 
Zone serial or version number.Serial number  1953487173 
The length of time secondary nameservers should wait before querying the primary for changes.Refresh interval  10,000 seconds (about 2 hours 46 minutes) 
The length of time secondary nameservers should wait before querying an unresponsive primary again.Retry interval  2,400 seconds (about 40 minutes) 
The length of time after which secondary nameservers should stop responding to queries for a zone, assuming no updates were obtained from the primary.Expire interval  604,800 seconds (about 7 days) 
TTL for purposes of negative response caching. Negative cache TTL  1,800 seconds (about 30 minutes) 
Time To Live (TTL) indicates for how long a record remains valid. SOA record TTL  1,800 seconds (about 30 minutes) 
Below are all DNS queries we submitted during the zone inspection.
ID  Server  Transport  Question Name  Type  Status 

Correctly functioning name servers are necessary to hold and distribute information that's necessary for your domain name to operate correctly. Examples include converting names to IP addresses, determining where email should go, and so on. More recently, the DNS is being used to communicate email and other security policies.
These are the results of individual DNS queries against your nameserver for common resource record types.
Name  TTL  Type  Data 

forwardemail.net.  30  A  144.202.105.188 
www.forwardemail.net.  300  A  172.67.72.142 
www.forwardemail.net.  300  A  104.26.3.178 
www.forwardemail.net.  300  A  104.26.2.178 
forwardemail.net.  30  AAAA  2001:19f0:ac00:41b3:5400:4ff:febb:a905 
www.forwardemail.net.  300  AAAA  2606:4700:20:0:0:0:ac43:488e 
www.forwardemail.net.  300  AAAA  2606:4700:20:0:0:0:681a:3b2 
www.forwardemail.net.  300  AAAA  2606:4700:20:0:0:0:681a:2b2 
forwardemail.net.  300  CAA  0 iodef "mailto:security@forwardemail.net" 
forwardemail.net.  300  CAA  0 issue "amazon.com" 
forwardemail.net.  300  CAA  0 issue "amazonaws.com" 
forwardemail.net.  300  CAA  0 issue "amazontrust.com" 
forwardemail.net.  300  CAA  0 issue "awstrust.com" 
forwardemail.net.  300  CAA  0 issue "comodoca.com" 
forwardemail.net.  300  CAA  0 issue "digicert.com; cansignhttpexchanges=yes" 
forwardemail.net.  300  CAA  0 issue "letsencrypt.org" 
forwardemail.net.  300  CAA  0 issue "pki.goog; cansignhttpexchanges=yes" 
forwardemail.net.  300  CAA  0 issue "sectigo.com; cansignhttpexchanges=yes " 
forwardemail.net.  300  CAA  0 issuewild "comodoca.com" 
forwardemail.net.  300  CAA  0 issuewild "digicert.com; cansignhttpexchanges=yes" 
forwardemail.net.  300  CAA  0 issuewild "letsencrypt.org" 
forwardemail.net.  300  CAA  0 issuewild "pki.goog; cansignhttpexchanges=yes" 
forwardemail.net.  300  CAA  0 issuewild "sectigo.com; cansignhttpexchanges=yes" 
forwardemail.net.  3600  DNSKEY  256 3 13 oJMRESz5E4gYzS/q6XDrvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA== 
forwardemail.net.  3600  DNSKEY  257 3 13 mdsswUyr3DPW132mOi8V9xESWE8jTo0dxCjjnopKl+GqJxpVXckHAeF+KkxLbxILfDLUT0rAK9iUzy1L53eKGQ== 
www.forwardemail.net.  300  HTTPS  1 . alpn=h2 ipv4hint=104.26.2.178,104.26.3.178,172.67.72.142 ipv6hint=2606:4700:20:0:0:0:681a:2b2,2606:4700:20:0:0:0:681a:3b2,2606:4700:20:0:0:0:ac43:488e 
forwardemail.net.  3600  MX  0 mx2.forwardemail.net. 
forwardemail.net.  3600  MX  0 mx1.forwardemail.net. 
forwardemail.net.  86400  NS  uma.ns.cloudflare.com. 
forwardemail.net.  86400  NS  greg.ns.cloudflare.com. 
forwardemail.net.  1800  SOA  greg.ns.cloudflare.com. dns.cloudflare.com. 2341480123 10000 2400 604800 1800 
forwardemail.net.  300  TXT  "googlesiteverification=Dlcddlz_HZm0Lpe6eKL6PJKa7xCPy_mIbf0O3hGWo" 
forwardemail.net.  300  TXT  "googlesiteverification=OjDxZN2DU7XqtvyPpDrvMcYjef2msFDLga3NuIXHJiE" 
forwardemail.net.  300  TXT  "googlesiteverification=TDhFtE5nIp6D7zTPt3CdsWbOoG87xWt_7um_P5iYwx8" 
forwardemail.net.  300  TXT  "googlesiteverification=fMQEHvvEIPRSxyjBBTu_R43f7l25UgcE3wxzwAYUoh4" 
forwardemail.net.  300  TXT  "stripeverification=3cf1eee253ef0954773402850376d9b3d97bfe3f2dee06bcbd76839c768a56c3" 
forwardemail.net.  300  TXT  "v=spf1 a mx a:smtp.forwardemail.net all" 
forwardemail.net.  300  TXT  "forwardemailsiteverification=OgBtCf0Xkq" 
forwardemail.net.  300  TXT  "googlesiteverification=5nCKgW5qElZVdLWPF86WZyhUXDIEDRm8C_E2niW3gE" 
forwardemail.net.  300  TXT  "googlesiteverification=DBUsD3_MzaXh2N1onlaZdCELRyT3dHKxkx9d8TpNZVQ" 
_dmarc.forwardemail.net.  300  TXT  "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc646d8d480dd3cc2c671633e2@forwardemail.net;" 
_mtasts.forwardemail.net.  300  TXT  "v=STSv1; id=20231103T000000;" 
_smtp._tls.forwardemail.net.  300  TXT  "v=TLSRPTv1; rua=mailto:tlsrpt@forwardemail.net" 
Below are all DNS queries we submitted while inspecting the resource records.
ID  Server  Question Name  Type  Status 

DNSSEC is an extension of the DNS protocol that provides cryptographic assurance of the authenticity and integrity of responses; it's intended as a defense against network attackers who are able to manipulate DNS to redirect their victims to servers of their choice. DNSSEC is controversial, with the industry split largely between those who think it's essential and those who believe that it's problematic and unnecessary.
CAA (RFC 8659) is a new standard that allows domain name owners to restrict which CAs are allowed to issue certificates for their domains. This can help to reduce the chance of misissuance, either accidentally or maliciously. In September 2017, CAA became mandatory for CAs to implement.
The DNS hostname where this policy is located.Policy host  forwardemail.net 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
comodoca.com flags: 0 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
digicert.com; cansignhttpexchanges=yes flags: 0 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
letsencrypt.org flags: 0 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
pki.goog; cansignhttpexchanges=yes flags: 0 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
sectigo.com; cansignhttpexchanges=yes flags: 0 
The issuewild property has the same syntax and semantics as the issue property except that issuewild properties only grant authorization to issue certificates that specify a wildcard domain and issuewild properties take precedence over issue properties when specified.issuewild 
comodoca.com flags: 0 
The issuewild property has the same syntax and semantics as the issue property except that issuewild properties only grant authorization to issue certificates that specify a wildcard domain and issuewild properties take precedence over issue properties when specified.issuewild 
digicert.com; cansignhttpexchanges=yes flags: 0 
The issuewild property has the same syntax and semantics as the issue property except that issuewild properties only grant authorization to issue certificates that specify a wildcard domain and issuewild properties take precedence over issue properties when specified.issuewild 
letsencrypt.org flags: 0 
The issuewild property has the same syntax and semantics as the issue property except that issuewild properties only grant authorization to issue certificates that specify a wildcard domain and issuewild properties take precedence over issue properties when specified.issuewild 
pki.goog; cansignhttpexchanges=yes flags: 0 
The issuewild property has the same syntax and semantics as the issue property except that issuewild properties only grant authorization to issue certificates that specify a wildcard domain and issuewild properties take precedence over issue properties when specified.issuewild 
sectigo.com; cansignhttpexchanges=yes flags: 0 
The iodef property specifies a means of reporting certificate issue requests or cases of certificate issue for the corresponding domain that violate the security policy of the issuer or the domain name holder.iodef 
mailto:security@forwardemail.net flags: 0 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
amazon.com flags: 0 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
amazonaws.com flags: 0 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
amazontrust.com flags: 0 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
awstrust.com flags: 0 
An internet hostname can be served by zero or more mail servers, as specified by MX (mail exchange) DNS resource records. Each server can further resolve to multiple IP addresses, for example to handle IPv4 and IPv6 clients. Thus, in practice, hosts that wish to receive email reliably are supported by many endpoint.
Server  Preference  Operational  STARTTLS  TLS  PKI  DNSSEC  DANE 

mx2.forwardemail.net 2604:a880:400:d1:0:0:cd:9001 PTR: mx2.forwardemail.net 
0 
220 mx2.forwardemail.net ESMTP EHLO outbound.hardenize.com 250mx2.forwardemail.net Nice to meet you, [2001:4802:7805:104:be76:4eff:fe20:236] 250PIPELINING 2508BITMIME 250SMTPUTF8 250STARTTLS 250 SIZE 52428800 STARTTLS 220 Ready to start TLS 
Supports STARTTLS.  
mx2.forwardemail.net 104.248.224.170 PTR: mx2.forwardemail.net 
0 
220 mx2.forwardemail.net ESMTP EHLO outbound.hardenize.com 250mx2.forwardemail.net Nice to meet you, [172.99.67.55] 250PIPELINING 2508BITMIME 250SMTPUTF8 250STARTTLS 250 SIZE 52428800 STARTTLS 220 Ready to start TLS 
Supports STARTTLS.  
mx1.forwardemail.net 2604:a880:2:d0:0:0:306:1 PTR: mx1.forwardemail.net 
0 
220 mx1.forwardemail.net ESMTP EHLO outbound.hardenize.com 250mx1.forwardemail.net Nice to meet you, [2001:4802:7805:104:be76:4eff:fe20:236] 250PIPELINING 2508BITMIME 250SMTPUTF8 250STARTTLS 250 SIZE 52428800 STARTTLS 220 Ready to start TLS 
Supports STARTTLS.  
mx1.forwardemail.net 138.197.213.185 PTR: mx1.forwardemail.net 
0 
220 mx1.forwardemail.net ESMTP EHLO outbound.hardenize.com 250mx1.forwardemail.net Nice to meet you, [172.99.67.55] 250PIPELINING 2508BITMIME 250SMTPUTF8 250STARTTLS 250 SIZE 52428800 STARTTLS 220 Ready to start TLS 
Supports STARTTLS. 
Latest cache timestamp: 13 May 2024 17:48 UTC
Earliest cache timestamp: 13 May 2024 17:48 UTC
Transport Layer Security (TLS) is the most widely used encryption protocol on the Internet. In combination with valid certificates, servers can establish trusted communication channels even with users who have never visited them before. Network attackers can't uncover what is being communicated, even when they can see all the traffic.
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2

Shows cipher suite configuration for this protocol version.TLS v1.2 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
13 May 2024 17:48 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2

Shows cipher suite configuration for this protocol version.TLS v1.2 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
13 May 2024 17:48 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2

Shows cipher suite configuration for this protocol version.TLS v1.2 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
13 May 2024 17:48 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2

Shows cipher suite configuration for this protocol version.TLS v1.2 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
13 May 2024 17:48 UTC 
A certificate is a digital document that contains a public key, some information about the entity associated with it, and a digital signature from the certificate issuer. Itâ€™s a mechanism that enables us to exchange, store, and use public keys. Being able to reliably verify the identity of a remote server is crucial in order to achieve secure encrypted communication.
Names  *.forwardemail.net forwardemail.net 
Subject DN  CN=*.forwardemail.net 
Subject Key Identifier  2dda91bc2a403f6a166c94bd74511519841eeb39 
Serial  7da17d2650bdd12d6d0931598274cb6f 
Not Before  02 Nov 2023 00:00:00 UTC 
Not After  02 Dec 2024 23:59:59 UTC 
Validity period  397 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB 
Certification Authority  Sectigo 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:8d8c5ec454ad8ae177e99bf99b05e1b8018d61e1 
Parent Certificate  http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt 
OCSP  http://ocsp.sectigo.com 
Certificate Transparency 

Signed Certificate Timestamps 
02 Nov 2023 21:13:19 UTC
 Google 'Xenon2024' log
 Qualified
02 Nov 2023 21:13:19 UTC  Let's Encrypt 'Oak2024H2' log  Qualified 02 Nov 2023 21:13:19 UTC  Google 'Argon2024' log  Qualified 
Fingerprints 

SHA1  981960d9b3efe1ebc2e6eb18dea6dba10df12b22 
SHA256  57baf3bfcc4cf7821c8361a242601ad3bf44214364e8a614923704fb2a07ebcb 
SPKI SHA256  5e81da1af16df20b13e667ad6d9c2b65b95bfcd95150caffe7116c1707b4dd2c 
Names  *.forwardemail.net forwardemail.net 
Subject DN  CN=*.forwardemail.net 
Subject Key Identifier  2dda91bc2a403f6a166c94bd74511519841eeb39 
Serial  7da17d2650bdd12d6d0931598274cb6f 
Not Before  02 Nov 2023 00:00:00 UTC 
Not After  02 Dec 2024 23:59:59 UTC 
Validity period  397 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB 
Certification Authority  Sectigo 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:8d8c5ec454ad8ae177e99bf99b05e1b8018d61e1 
Parent Certificate  http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt 
OCSP  http://ocsp.sectigo.com 
Certificate Transparency 

Signed Certificate Timestamps 
02 Nov 2023 21:13:19 UTC
 Google 'Xenon2024' log
 Qualified
02 Nov 2023 21:13:19 UTC  Let's Encrypt 'Oak2024H2' log  Qualified 02 Nov 2023 21:13:19 UTC  Google 'Argon2024' log  Qualified 
Fingerprints 

SHA1  981960d9b3efe1ebc2e6eb18dea6dba10df12b22 
SHA256  57baf3bfcc4cf7821c8361a242601ad3bf44214364e8a614923704fb2a07ebcb 
SPKI SHA256  5e81da1af16df20b13e667ad6d9c2b65b95bfcd95150caffe7116c1707b4dd2c 
Subject DN  CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB 
Subject Key Identifier  8d8c5ec454ad8ae177e99bf99b05e1b8018d61e1 
Serial  7d5b5126b476ba11db74160bbc530da7 
Not Before  02 Nov 2018 00:00:00 UTC 
Not After  31 Dec 2030 23:59:59 UTC 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Extended Key Usage  serverAuth, clientAuth 
Issuer 

Issuer DN  CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US 
Certification Authority  Sectigo 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:5379bf5aaa2b4acf5480e1d89bc09df2b20366cb 
Parent Certificate  http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt 
CRL  http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl 
OCSP  http://ocsp.usertrust.com 
CA certificate  Yes (pathlen 0) 
Fingerprints 

SHA1  33e4e80807204c2b6182a3a14b591acd25b5f0db 
SHA256  7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 
SPKI SHA256  e1ae9c3de848ece1ba72e0d991ae4d0d9ec547c6bad1dddab9d6beb0a7e0e0d8 
Subject DN  CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US 
Subject Key Identifier  5379bf5aaa2b4acf5480e1d89bc09df2b20366cb 
Serial  3972443af922b751d7d36c10dd313595 
Not Before  12 Mar 2019 00:00:00 UTC 
Not After  31 Dec 2028 23:59:59 UTC 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB 
Certification Authority  Sectigo 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:a0110a233e96f107ece2af29ef82a57fd030a4b4 
CRL  http://crl.comodoca.com/AAACertificateServices.crl 
OCSP  http://ocsp.comodoca.com 
CA certificate  Yes (pathlen unlimited) 
Fingerprints 

SHA1  d89e3bd43d5d909b47a18977aa9d5ce36cee184c 
SHA256  68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b 
SPKI SHA256  c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde 
Subject DN  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB 
Subject Key Identifier  a0110a233e96f107ece2af29ef82a57fd030a4b4 
Serial  1 
Not Before  01 Jan 2004 00:00:00 UTC 
Not After  31 Dec 2028 23:59:59 UTC 
Key Usage  keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB 
Certification Authority  Sectigo 
Validation Type  Selfsigned 
CRL  http://crl.comodoca.com/AAACertificateServices.crl http://crl.comodo.net/AAACertificateServices.crl 
CA certificate  Yes (pathlen unlimited) 
Fingerprints 

SHA1  d1eb23a46d17d68fd92564c2f1f1601764d8e349 
SHA256  d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4 
SPKI SHA256  bd153ed7b0434f6886b17bce8bbe84ed340c7132d702a8f4fa318f756ecbd6f3 
DNSbased Authentication of Named Entities (DANE) is a bridge between DNSSEC and TLS. In one possible scenario, DANE can be used for public key pinning, building on an existing publiclytrusted certificate. In another approach, it can be used to completely bypass the CA ecosystem and establish trust using DNSSEC alone.
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data 
5e81da1af16df20b13e667ad6d9c2b65b95bfcd95150caffe7116c1707b4dd2c
Leaf certificate: RSA 2048 bits 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data 
5e81da1af16df20b13e667ad6d9c2b65b95bfcd95150caffe7116c1707b4dd2c
Leaf certificate: RSA 2048 bits 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data 
5e81da1af16df20b13e667ad6d9c2b65b95bfcd95150caffe7116c1707b4dd2c
Leaf certificate: RSA 2048 bits 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data 
5e81da1af16df20b13e667ad6d9c2b65b95bfcd95150caffe7116c1707b4dd2c
Leaf certificate: RSA 2048 bits 
Sender Policy Framework (SPF) is a protocol that allows domain name owners to control which internet hosts are allowed to send email on their behalf. This simple mechanism can be used to reduce the effect of email spoofing and cut down on spam.
Host where this policy is located.Location  forwardemail.net 
SPF version used by this policy.v  spf1 
This mechanism matches if the sending IP address is one of the IP addresses that belong to the target domain name. Matches both IPv4 and IPv6 addresses. a 

This mechanism matches if the sending IP address is one of the MX hosts for the domain name. mx 

This mechanism matches if the sending IP address is one of the IP addresses that belong to the target domain name. Matches both IPv4 and IPv6 addresses. a 
smtp.forwardemail.net 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. all 
Policy text: v=spf1 a mx a:smtp.forwardemail.net all
Location: forwardemail.net
Lookups: 3
Domainbased Message Authentication, Reporting, and Conformance (DMARC) is a scalable mechanism by which a mailoriginating organization can express domainlevel policies and preferences for message validation, disposition, and reporting, that a mailreceiving organization can use to improve mail handling.
The location from which we obtained this policy.Policy location  _dmarc.forwardemail.net 
DMARC version used by this policy.v  DMARC1 
Indicates the policy to be enacted by the receiver at the request of the domain owner. Possible values are: none, quarantine, and reject.p 
reject 
Percentage of messages from mail stream to which the DMARC policy is to be applied.pct 
100 
Addresses to which aggregate feedback is to be sent.rua  mailto:dmarc646d8d480dd3cc2c671633e2@forwardemail.net 
Policy: v=DMARC1; p=reject; pct=100; rua=mailto:dmarc646d8d480dd3cc2c671633e2@forwardemail.net;
Host: _dmarc.forwardemail.net
SMTP Mail Transfer Agent Strict Transport Security (MTASTS) is a mechanism enabling mail service providers to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections, and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.
Location from which we retrieved the policy indicator.Location  _mtasts.forwardemail.net 
MTASTS standard version used by this policy indicator.Version  STSv1 
Unique policy identifier, whose value must change every time the underlying policy changes.ID 
20231103T000000 
The URL from which the policy was obtained.Location  https://mtasts.forwardemail.net/.wellknown/mtasts.txt 
Policy standard version.version  STSv1 
Policy duration, which specifies how long the sending MTAs should remember and enforce the server policy for.max‑age 
2,419,200 seconds (about 28 days) 
Policy mode, which can be one of 'none', 'testing' and 'enforcing'. Guess which is best! :)mode 
enforce 
One 'mx' directive specifies one email server pattern that's allowed for this host.mx 
mx1.forwardemail.net 
One 'mx' directive specifies one email server pattern that's allowed for this host.mx 
mx2.forwardemail.net 
Status code: 200
Length: 96 bytes
ContentType: text/plain; charset=utf8
Names  mtasts.forwardemail.net 
Subject DN  CN=mtasts.forwardemail.net 
Subject Key Identifier  58c9b2aa68e6a548ccd82be842b2bf7fbe456668 
Serial  380f34132ce4b160f54c5ae3b7fa2aaf339 
Not Before  08 May 2024 22:40:29 UTC 
Not After  06 Aug 2024 22:40:28 UTC 
Validity period  90 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=R3, O=Let's Encrypt, C=US 
Certification Authority  Let's Encrypt 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:142eb317b75856cbae500940e61faf9d8b14c2c6 
Parent Certificate  http://r3.i.lencr.org/ 
OCSP  http://r3.o.lencr.org 
Certificate Transparency 

Signed Certificate Timestamps 
08 May 2024 23:40:29 UTC
 Google 'Argon2024' log
 Qualified
08 May 2024 23:40:29 UTC  Sectigo 'Mammoth2024h2'  Qualified 
Fingerprints 

SHA1  4b0fd21fa8d47309f4a63bb5de2b2ae1c9ee1460 
SHA256  032491cd28344d065eaf405724b092f02cc532d74c2689d3a8d23d1a89dc720c 
SPKI SHA256  0d073b9b73b4b0ee16e3f580e521c7b6c7aa20a48a764a758e1b31dff5043d90 
Names  mtasts.forwardemail.net 
Subject DN  CN=mtasts.forwardemail.net 
Subject Key Identifier  58c9b2aa68e6a548ccd82be842b2bf7fbe456668 
Serial  380f34132ce4b160f54c5ae3b7fa2aaf339 
Not Before  08 May 2024 22:40:29 UTC 
Not After  06 Aug 2024 22:40:28 UTC 
Validity period  90 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=R3, O=Let's Encrypt, C=US 
Certification Authority  Let's Encrypt 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:142eb317b75856cbae500940e61faf9d8b14c2c6 
Parent Certificate  http://r3.i.lencr.org/ 
OCSP  http://r3.o.lencr.org 
Certificate Transparency 

Signed Certificate Timestamps 
08 May 2024 23:40:29 UTC
 Google 'Argon2024' log
 Qualified
08 May 2024 23:40:29 UTC  Sectigo 'Mammoth2024h2'  Qualified 
Fingerprints 

SHA1  4b0fd21fa8d47309f4a63bb5de2b2ae1c9ee1460 
SHA256  032491cd28344d065eaf405724b092f02cc532d74c2689d3a8d23d1a89dc720c 
SPKI SHA256  0d073b9b73b4b0ee16e3f580e521c7b6c7aa20a48a764a758e1b31dff5043d90 
Subject DN  CN=R3, O=Let's Encrypt, C=US 
Subject Key Identifier  142eb317b75856cbae500940e61faf9d8b14c2c6 
Serial  912b084acf0c18a753f6d62e25a75f5a 
Not Before  04 Sep 2020 00:00:00 UTC 
Not After  15 Sep 2025 16:00:00 UTC 
Validity period  1838 days 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Extended Key Usage  clientAuth, serverAuth 
Issuer 

Issuer DN  CN=ISRG Root X1, O=Internet Security Research Group, C=US 
Certification Authority  Let's Encrypt 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:79b459e67bb6e5e40173800888c81a58f6e99b6e 
Parent Certificate  http://x1.i.lencr.org/ 
CRL  http://x1.c.lencr.org/ 
CA certificate  Yes (pathlen 0) 
Fingerprints 

SHA1  a053375bfe84e8b748782c7cee15827a6af5a405 
SHA256  67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd 
SPKI SHA256  8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d 
Subject DN  CN=ISRG Root X1, O=Internet Security Research Group, C=US 
Subject Key Identifier  79b459e67bb6e5e40173800888c81a58f6e99b6e 
Serial  8210cfb0d240e3594463e0bb63828b00 
Not Before  04 Jun 2015 11:04:38 UTC 
Not After  04 Jun 2035 11:04:38 UTC 
Key Usage  keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=ISRG Root X1, O=Internet Security Research Group, C=US 
Certification Authority  Let's Encrypt 
Validation Type  Selfsigned 
CA certificate  Yes (pathlen unlimited) 
Fingerprints 

SHA1  cabd2a79a1076a31f21d253635cb039d4329a5e8 
SHA256  96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6 
SPKI SHA256  0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3 
SMTP TLS Reporting (RFC 8460), or TLSRPT for short, describes a reporting mechanism and format by which systems sending email can share statistics and specific information about potential failures with recipient domains. Recipient domains can then use this information to both detect potential attacks and diagnose unintentional misconfigurations. TLSRPT can be used with DANE or MTASTS.
Location from which we retrieved the policy indicator.Location  _smtp._tls.forwardemail.net 
TLSRPT standard version used by this policy indicator.Version  TLSRPTv1 
Reporting endpoints specified in the policy.Reporting Endpoints 
mailto:tlsrpt@forwardemail.net 
To observe your HTTP implementation, we submit a request to the homepage of your site on port 80, follow all redirections (even when they take us to other domain names), and record the returned HTTP headers.
From: https://forwardemail.net/
To: https://forwardemail.net/en
To observe your HTTPS implementation, we submit a request to the homepage of your site on port 443, follow all redirections (even when they take us to other domain names), and record the returned HTTP headers. We use the most recent set of headers returned from the tested hostname for further tests such as HSTS and HPKP.
From: https://forwardemail.net/
To: https://forwardemail.net/en
Transport Layer Security (TLS) is the most widely used encryption protocol on the Internet. In combination with valid certificates, servers can establish trusted communication channels even with users who have never visited them before. Network attackers can't uncover what is being communicated, even when they can see all the traffic.
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_256_GCM_SHA384
Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 Suite ID: 0xc061 Cipher name: ARIA Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 Suite ID: 0xc060 Cipher name: ARIA Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a1 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM_8 256 bits Suite: TLS_RSA_WITH_AES_256_CCM Suite ID: 0xc09d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM 256 bits Suite: TLS_RSA_WITH_ARIA_256_GCM_SHA384 Suite ID: 0xc051 Cipher name: ARIA Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_ARIA_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a0 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM_8 128 bits Suite: TLS_RSA_WITH_AES_128_CCM Suite ID: 0xc09c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM 128 bits Suite: TLS_RSA_WITH_ARIA_128_GCM_SHA256 Suite ID: 0xc050 Cipher name: ARIA Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_ARIA_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_256_GCM_SHA384
Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 Suite ID: 0xc061 Cipher name: ARIA Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 Suite ID: 0xc060 Cipher name: ARIA Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a1 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM_8 256 bits Suite: TLS_RSA_WITH_AES_256_CCM Suite ID: 0xc09d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM 256 bits Suite: TLS_RSA_WITH_ARIA_256_GCM_SHA384 Suite ID: 0xc051 Cipher name: ARIA Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_ARIA_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a0 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM_8 128 bits Suite: TLS_RSA_WITH_AES_128_CCM Suite ID: 0xc09c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM 128 bits Suite: TLS_RSA_WITH_ARIA_128_GCM_SHA256 Suite ID: 0xc050 Cipher name: ARIA Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_ARIA_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2
TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc14 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc023 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc024 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Signed Certificate Timestamps 
TLS
 29 Apr 2024 01:58:39 UTC
 Google 'Argon2024' log
 Qualified
TLS  29 Apr 2024 01:58:39 UTC  Google 'Xenon2024' log  Qualified 
SCT transports: CERT, TLS
SCT transports: CERT, TLS
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2
TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc14 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc023 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc024 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Signed Certificate Timestamps 
TLS
 29 Apr 2024 01:58:39 UTC
 Google 'Argon2024' log
 Qualified
TLS  29 Apr 2024 01:58:39 UTC  Google 'Xenon2024' log  Qualified 
SCT transports: CERT, TLS
SCT transports: CERT, TLS
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2
TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc14 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc023 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc024 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Signed Certificate Timestamps 
TLS
 29 Apr 2024 01:58:39 UTC
 Google 'Argon2024' log
 Qualified
TLS  29 Apr 2024 01:58:39 UTC  Google 'Xenon2024' log  Qualified 
SCT transports: CERT, TLS
SCT transports: CERT, TLS
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2
TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc14 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc023 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc024 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Signed Certificate Timestamps 
TLS
 29 Apr 2024 01:58:39 UTC
 Google 'Argon2024' log
 Qualified
TLS  29 Apr 2024 01:58:39 UTC  Google 'Xenon2024' log  Qualified 
SCT transports: CERT, TLS
SCT transports: CERT, TLS
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2
TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc14 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc023 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc024 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Signed Certificate Timestamps 
TLS
 29 Apr 2024 01:58:39 UTC
 Google 'Argon2024' log
 Qualified
TLS  29 Apr 2024 01:58:39 UTC  Google 'Xenon2024' log  Qualified 
SCT transports: CERT, TLS
SCT transports: CERT, TLS
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2
TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc14 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc023 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc024 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Signed Certificate Timestamps 
TLS
 29 Apr 2024 01:58:39 UTC
 Google 'Argon2024' log
 Qualified
TLS  29 Apr 2024 01:58:39 UTC  Google 'Xenon2024' log  Qualified 
SCT transports: CERT, TLS
SCT transports: CERT, TLS
A certificate is a digital document that contains a public key, some information about the entity associated with it, and a digital signature from the certificate issuer. Itâ€™s a mechanism that enables us to exchange, store, and use public keys. Being able to reliably verify the identity of a remote server is crucial in order to achieve secure encrypted communication.
Names  *.forwardemail.net forwardemail.net 
Subject DN  CN=forwardemail.net 
Subject Key Identifier  4874c3e1c4207160b856e2bcd9350c2780744d98 
Serial  33ef1d28617310c2c279859137395900bed 
Not Before  29 Apr 2024 00:58:41 UTC 
Not After  28 Jul 2024 00:58:40 UTC 
Validity period  90 days 
Key Usage  digitalSignature 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=E1, O=Let's Encrypt, C=US 
Certification Authority  Let's Encrypt 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:5af3ed2bfc36c23779b95230ea546fcf55cb2eac 
Parent Certificate  http://e1.i.lencr.org/ 
OCSP  http://e1.o.lencr.org 
Certificate Transparency 

Signed Certificate Timestamps 
29 Apr 2024 01:58:41 UTC
 Let's Encrypt 'Oak2024H2' log
 Qualified
29 Apr 2024 01:58:41 UTC  Google 'Xenon2024' log  Qualified 
Fingerprints 

SHA1  47f57a73cc3da39bf79ca8228be80f7b1fd565d6 
SHA256  52920f4223388da687890f5acfdad2fd5dc96f50d69cb6f340034ab1657e5c44 
SPKI SHA256  1c4bba8a054c3972b726e6639eeff807d82077066bbb6cee4501b9afbad92e4f 
Determining whether a certificate is considered valid is a complicated process that depends on the exact configuration of the validating party. For trust to be established, the certificate must form a chain that ends with a trusted root. In this section we evaluate the server's certificate against major root stores.
Platform  Trusted 

Apple  
Google AOSP  
Microsoft  
Mozilla 
For a server certificate to be valid, it must be presented as part of a complete and valid certificate chain. The last certificate in the chain should be the root and is usually not included in the configuration.
Names  *.forwardemail.net forwardemail.net 
Subject DN  CN=forwardemail.net 
Subject Key Identifier  4874c3e1c4207160b856e2bcd9350c2780744d98 
Serial  33ef1d28617310c2c279859137395900bed 
Not Before  29 Apr 2024 00:58:41 UTC 
Not After  28 Jul 2024 00:58:40 UTC 
Validity period  90 days 
Key Usage  digitalSignature 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=E1, O=Let's Encrypt, C=US 
Certification Authority  Let's Encrypt 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:5af3ed2bfc36c23779b95230ea546fcf55cb2eac 
Parent Certificate  http://e1.i.lencr.org/ 
OCSP  http://e1.o.lencr.org 
Certificate Transparency 

Signed Certificate Timestamps 
29 Apr 2024 01:58:41 UTC
 Let's Encrypt 'Oak2024H2' log
 Qualified
29 Apr 2024 01:58:41 UTC  Google 'Xenon2024' log  Qualified 
Fingerprints 

SHA1  47f57a73cc3da39bf79ca8228be80f7b1fd565d6 
SHA256  52920f4223388da687890f5acfdad2fd5dc96f50d69cb6f340034ab1657e5c44 
SPKI SHA256  1c4bba8a054c3972b726e6639eeff807d82077066bbb6cee4501b9afbad92e4f 
Subject DN  CN=E1, O=Let's Encrypt, C=US 
Subject Key Identifier  5af3ed2bfc36c23779b95230ea546fcf55cb2eac 
Serial  b3bddff8a7845bbce903a04135b34a45 
Not Before  04 Sep 2020 00:00:00 UTC 
Not After  15 Sep 2025 16:00:00 UTC 
Validity period  1838 days 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Extended Key Usage  clientAuth, serverAuth 
Issuer 

Issuer DN  CN=ISRG Root X2, O=Internet Security Research Group, C=US 
Certification Authority  Let's Encrypt 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:7c4296aede4b483bfa92f89e8ccf6d8ba9723795 
Parent Certificate  http://x2.i.lencr.org/ 
CRL  http://x2.c.lencr.org/ 
CA certificate  Yes (pathlen 0) 
Fingerprints 

SHA1  091e8ea1b256a312962af6c140c0fbf079a407b3 
SHA256  46494e30379059df18be52124305e606fc59070e5b21076ce113954b60517cda 
SPKI SHA256  276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10 
Subject DN  CN=ISRG Root X2, O=Internet Security Research Group, C=US 
Subject Key Identifier  7c4296aede4b483bfa92f89e8ccf6d8ba9723795 
Serial  79e492886376fd40848c23fc631e463 
Not Before  04 Sep 2020 00:00:00 UTC 
Not After  15 Sep 2025 16:00:00 UTC 
Validity period  1838 days 
Key Usage  keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=ISRG Root X1, O=Internet Security Research Group, C=US 
Certification Authority  Let's Encrypt 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:79b459e67bb6e5e40173800888c81a58f6e99b6e 
Parent Certificate  http://x1.i.lencr.org/ 
CRL  http://x1.c.lencr.org/ 
CA certificate  Yes (pathlen unlimited) 
Fingerprints 

SHA1  151682f5218c0a511c28f4060a73b9ca78ce9a53 
SHA256  8b05b68cc659e5ed0fcb38f2c942fbfd200e6f2ff9f85d63c6994ef5e0b02701 
SPKI SHA256  762195c225586ee6c0237456e2107dc54f1efc21f61a792ebd515913cce68332 
Subject DN  CN=ISRG Root X1, O=Internet Security Research Group, C=US 
Subject Key Identifier  79b459e67bb6e5e40173800888c81a58f6e99b6e 
Serial  4001772137d4e942b8ee76aa3c640ab7 
Not Before  20 Jan 2021 19:14:03 UTC 
Not After  30 Sep 2024 18:14:03 UTC 
Validity period  1349 days 
Key Usage  keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=DST Root CA X3, O=Digital Signature Trust Co. 
Certification Authority  IdenTrust Services, LLC 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:c4a7b1a47b2c71fadbe14b9075ffc41560858910 
Parent Certificate  http://apps.identrust.com/roots/dstrootcax3.p7c 
CRL  http://crl.identrust.com/DSTROOTCAX3CRL.crl 
CA certificate  Yes (pathlen unlimited) 
Fingerprints 

SHA1  933c6ddee95c9c41a40f9f50493d82be03ad87bf 
SHA256  6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f 
SPKI SHA256  0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3 