Web sites need to use encryption to help their visitors know they're in the right place, as well as provide confidentiality and content integrity. Sites that don't support HTTPS may expose sensitive data and have their pages modified and subverted.
To deploy HTTPS properly, web sites must redirect all unsafe (plaintext) traffic to the encrypted variant. This approach ensures that no sensitive data is exposed and that further security technologies can be activated.
HTTP Strict Transport Security (HSTS) is an HTTPS extension that instructs browsers to remember sites that use encryption and enforce strict security requirements. Without HSTS, active network attacks are easy to carry out.
HSTS Preloading is informing browsers in advance about a site's use of HSTS, which means that strict security can be enforced even on the first visit. This approach provides best HTTPS security available today.
Content Security Policy (CSP) is an additional security layer that enables web sites to control browser behavior, creating a safety net that can counter attacks such as crosssite scripting.
All hosts that receive email need encryption to ensure confidentiality of email messages. Email servers thus need to support STARTTLS, as well as provide decent TLS configuration and correct certificates.
Sender Policy Framework (SPF) enables organizations to designate servers that are allowed to send email messages on their behalf. With SPF in place, spam is easier to identify.
Domainbased Message Authentication, Reporting, and Conformance (DMARC) is a mechanism that allows organizations to specify how unauthenticated email (identified using SPF and DKIM) should be handled.
The global DNS infrastructure is organized as a series of hierarchical DNS zones. The root zone hosts a number of global and country TLDs, which in turn host further zones that are delegated to their customers. Each organization that controls a zone can delegate parts of its namespace to other zones. In this test we perform detailed inspection of a DNS zone, but only if the host being tested matches the zone.
Nameservers can be referred to by name and by address. In this section we show the names, which can appear in the NS records, the referrals from the parent zone, and the SOA record. In some situations, servers from the parent zone respond authoritatively, in which case we will include them in the list as well.
Nameserver  Operational  IPv4  IPv6  Sources 

ganz.ns.cloudflare.com. PRIMARY 108.162.195.40 162.159.44.40 172.64.35.40 2606:4700:58::a29f:2c28 2803:f800:50::6ca2:c328 2a06:98c1:50::ac40:2328  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  REFERRAL NS SOA 
jean.ns.cloudflare.com. 108.162.192.121 172.64.32.121 173.245.58.121 2606:4700:50::adf5:3a79 2803:f800:50::6ca2:c079 2a06:98c1:50::ac40:2079  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  REFERRAL NS 
This section shows the configuration of all discovered nameservers by their IP address. To find all applicable nameservers, we inspect the parent zone nameservers for names and glue and then the tested zone nameservers for NS records. We then resolve all discovered names to IP addresses. Finally, we test each address individually.
Nameserver  Operational  Authoritative  Recursive  UDP  TCP  Sources  Payload Size 

108.162.192.121 jean.ns.cloudflare.com. PTR: jean.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
108.162.195.40 PRIMARY ganz.ns.cloudflare.com. PTR: ganz.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
162.159.44.40 PRIMARY ganz.ns.cloudflare.com. PTR: ganz.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
172.64.32.121 jean.ns.cloudflare.com. PTR: jean.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
172.64.35.40 PRIMARY ganz.ns.cloudflare.com. PTR: ganz.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
173.245.58.121 jean.ns.cloudflare.com. PTR: jean.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2606:4700:50::adf5:3a79 jean.ns.cloudflare.com. PTR: jean.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2606:4700:58::a29f:2c28 PRIMARY ganz.ns.cloudflare.com. PTR: ganz.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2803:f800:50::6ca2:c079 jean.ns.cloudflare.com. PTR: jean.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2803:f800:50::6ca2:c328 PRIMARY ganz.ns.cloudflare.com. PTR: ganz.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2a06:98c1:50::ac40:2079 jean.ns.cloudflare.com. PTR: jean.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2a06:98c1:50::ac40:2328 PRIMARY ganz.ns.cloudflare.com. PTR: ganz.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
Start of Authority (SOA) records contain administrative information pertaining to one DNS zone, especially the configuration that's used for zone transfers between the primary nameserver and the secondaries. Only one SOA record should exist, with all nameservers providing the same information.
The domain name of the primary nameserver for the zone. Also known as MNAME.Primary nameserver  ganz.ns.cloudflare.com. 
Email address of the persons responsible for this zone. Also known as RNAME.Admin email  dns.cloudflare.com. 
Zone serial or version number.Serial number  2006896448 
The length of time secondary nameservers should wait before querying the primary for changes.Refresh interval  10,000 seconds (about 2 hours 46 minutes) 
The length of time secondary nameservers should wait before querying an unresponsive primary again.Retry interval  2,400 seconds (about 40 minutes) 
The length of time after which secondary nameservers should stop responding to queries for a zone, assuming no updates were obtained from the primary.Expire interval  604,800 seconds (about 7 days) 
TTL for purposes of negative response caching. Negative cache TTL  3,600 seconds (about 1 hour) 
Time To Live (TTL) indicates for how long a record remains valid. SOA record TTL  3,600 seconds (about 1 hour) 
Below are all DNS queries we submitted during the zone inspection.
ID  Server  Transport  Question Name  Type  Status 

Correctly functioning name servers are necessary to hold and distribute information that's necessary for your domain name to operate correctly. Examples include converting names to IP addresses, determining where email should go, and so on. More recently, the DNS is being used to communicate email and other security policies.
These are the results of individual DNS queries against your nameserver for common resource record types.
Name  TTL  Type  Data 

freshuk.co.il.  300  A  172.66.40.199 
freshuk.co.il.  300  A  172.66.43.57 
www.freshuk.co.il.  300  A  172.66.40.199 
www.freshuk.co.il.  300  A  172.66.43.57 
freshuk.co.il.  300  AAAA  2606:4700:3108:0:0:0:ac42:2b39 
freshuk.co.il.  300  AAAA  2606:4700:3108:0:0:0:ac42:28c7 
www.freshuk.co.il.  300  AAAA  2606:4700:3108:0:0:0:ac42:2b39 
www.freshuk.co.il.  300  AAAA  2606:4700:3108:0:0:0:ac42:28c7 
freshuk.co.il.  3600  CAA  0 issuewild "letsencrypt.org" 
freshuk.co.il.  3600  CAA  0 issuewild "pki.goog; cansignhttpexchanges=yes" 
freshuk.co.il.  3600  CAA  0 issue "digicert.com; cansignhttpexchanges=yes" 
freshuk.co.il.  3600  CAA  0 issuewild "digicert.com; cansignhttpexchanges=yes" 
freshuk.co.il.  3600  CAA  0 issue "comodoca.com" 
freshuk.co.il.  3600  CAA  0 issue "letsencrypt.org" 
freshuk.co.il.  3600  CAA  0 issue "pki.goog; cansignhttpexchanges=yes" 
freshuk.co.il.  3600  CAA  0 issuewild "comodoca.com" 
freshuk.co.il.  3600  DNSKEY  257 3 13 mdsswUyr3DPW132mOi8V9xESWE8jTo0dxCjjnopKl+GqJxpVXckHAeF+KkxLbxILfDLUT0rAK9iUzy1L53eKGQ== 
freshuk.co.il.  3600  DNSKEY  256 3 13 oJMRESz5E4gYzS/q6XDrvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA== 
freshuk.co.il.  300  HTTPS  1 . alpn=h3,h329,h2 ipv4hint=172.66.40.199,172.66.43.57 ipv6hint=2606:4700:3108:0:0:0:ac42:28c7,2606:4700:3108:0:0:0:ac42:2b39 
www.freshuk.co.il.  300  HTTPS  1 . alpn=h3,h329,h2 ipv4hint=172.66.40.199,172.66.43.57 ipv6hint=2606:4700:3108:0:0:0:ac42:28c7,2606:4700:3108:0:0:0:ac42:2b39 
freshuk.co.il.  300  MX  10 alt4.aspmx.l.google.com. 
freshuk.co.il.  300  MX  1 aspmx.l.google.com. 
freshuk.co.il.  300  MX  5 alt1.aspmx.l.google.com. 
freshuk.co.il.  300  MX  5 alt2.aspmx.l.google.com. 
freshuk.co.il.  300  MX  10 alt3.aspmx.l.google.com. 
freshuk.co.il.  86400  NS  jean.ns.cloudflare.com. 
freshuk.co.il.  86400  NS  ganz.ns.cloudflare.com. 
freshuk.co.il.  3600  SOA  ganz.ns.cloudflare.com. dns.cloudflare.com. 2288070848 10000 2400 604800 3600 
freshuk.co.il.  300  TXT  "googlesiteverification=YjkaOzzj0lGKjHAtW9NH6FVbXaXmZBLbLofeVZYSvqU" 
freshuk.co.il.  300  TXT  "uqebatbvliigl315qmu8i62p6d" 
freshuk.co.il.  300  TXT  "googlesiteverification=7SkKOCf2uG_3WvMY7rDkKZELXH2EfrToBgWNYoNsz70" 
freshuk.co.il.  300  TXT  "pinterestsiteverification=4281979f31a7dd88f41406d59745fe14" 
freshuk.co.il.  300  TXT  "v=spf1 include:servers.mcsv.net include:zcsend.net include:_spf.google.com a ~all" 
freshuk.co.il.  300  TXT  "zohoverification=zb03337803.zmverify.zoho.com" 
freshuk.co.il.  300  TXT  "facebookdomainverification=6j2j17fb91feoo9jrjoptjv69dnc48" 
_dmarc.freshuk.co.il.  300  TXT  "v=DMARC1; p=quarantine; rua=mailto:ipm3v23@ar.glockapps.com,mailto:dmarc@freshuk.uriports.com,mailto:ruaimport26057@sendforensics.com; ruf=mailto:ipm3v23@fr.glockapps.com,mailto:dmarc@freshuk.uriports.com; fo=1; pct=100; ri=86400;" 
_mtasts.freshuk.co.il.  300  CNAME  freshukcoil._mtasts.uriports.com. 
freshukcoil._mtasts.uriports.com.  1000  TXT  "v=STSv1; id=20211227163055Z;" 
_smtp._tls.freshuk.co.il.  300  TXT  "v=TLSRPTv1; rua=mailto:tlsrpt@freshuk.uriports.com" 
Below are all DNS queries we submitted while we inspecting the resource records.
ID  Server  Question Name  Type  Status 

DNSSEC is an extension of the DNS protocol that provides cryptographic assurance of the authenticity and integrity of responses; it's intended as a defense against network attackers who are able to manipulate DNS to redirect their victims to servers of their choice. DNSSEC is controversial, with the industry split largely between those who think it's essential and those who believe that it's problematic and unnecessary.
CAA (RFC 8659) is a new standard that allows domain name owners to restrict which CAs are allowed to issue certificates for their domains. This can help to reduce the chance of misissuance, either accidentally or maliciously. In September 2017, CAA became mandatory for CAs to implement.
The DNS hostname where this policy is located.Policy host  freshuk.co.il 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
comodoca.com flags: 0 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
letsencrypt.org flags: 0 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
pki.goog; cansignhttpexchanges=yes flags: 0 
The issuewild property has the same syntax and semantics as the issue property except that issuewild properties only grant authorization to issue certificates that specify a wildcard domain and issuewild properties take precedence over issue properties when specified.issuewild 
comodoca.com flags: 0 
The issuewild property has the same syntax and semantics as the issue property except that issuewild properties only grant authorization to issue certificates that specify a wildcard domain and issuewild properties take precedence over issue properties when specified.issuewild 
letsencrypt.org flags: 0 
The issuewild property has the same syntax and semantics as the issue property except that issuewild properties only grant authorization to issue certificates that specify a wildcard domain and issuewild properties take precedence over issue properties when specified.issuewild 
pki.goog; cansignhttpexchanges=yes flags: 0 
The issue property tag is used to request that certificate issuers perform CAA issue restriction processing for the domain and to grant authorization to specific certificate issuers.issue 
digicert.com; cansignhttpexchanges=yes flags: 0 
The issuewild property has the same syntax and semantics as the issue property except that issuewild properties only grant authorization to issue certificates that specify a wildcard domain and issuewild properties take precedence over issue properties when specified.issuewild 
digicert.com; cansignhttpexchanges=yes flags: 0 
An internet hostname can be served by zero or more mail servers, as specified by MX (mail exchange) DNS resource records. Each server can further resolve to multiple IP addresses, for example to handle IPv4 and IPv6 clients. Thus, in practice, hosts that wish to receive email reliably are supported by many endpoint.
Server  Preference  Operational  STARTTLS  TLS  PKI  DNSSEC  DANE 

aspmx.l.google.com 2607:f8b0:4004:c0b:0:0:0:1a PTR: bjinf26.1e100.net 
1 
220 mx.google.com ESMTP i820020ad45c68000000b004a2e424f57bsi1954772qvh.36  gsmtp EHLO outbound.hardenize.com 250mx.google.com at your service, [2600:1f18:753:1b00:eb42:a50a:13c8:2f67] 250SIZE 157286400 2508BITMIME 250STARTTLS 250ENHANCEDSTATUSCODES 250PIPELINING 250CHUNKING 250 SMTPUTF8 STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  Not supported.  Not applicable, requires TLS. 

aspmx.l.google.com 142.251.163.27 PTR: wvinf27.1e100.net 
1 
220 mx.google.com ESMTP fv1320020a05622a4a0d00b0035bb43f5469si6033725qtb.267  gsmtp EHLO outbound.hardenize.com 250mx.google.com at your service, [18.233.176.231] 250SIZE 157286400 2508BITMIME 250STARTTLS 250ENHANCEDSTATUSCODES 250PIPELINING 250CHUNKING 250 SMTPUTF8 STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  Not supported.  Not applicable, requires TLS. 

alt1.aspmx.l.google.com 2a00:1450:400b:c00:0:0:0:1a PTR: dginf26.1e100.net 
5 
220 mx.google.com ESMTP q1120020a1cf30b000000b003b4e4581ff8si946011wmq.117  gsmtp EHLO outbound.hardenize.com 250mx.google.com at your service, [2600:1f18:753:1b00:eb42:a50a:13c8:2f67] 250SIZE 157286400 2508BITMIME 250STARTTLS 250ENHANCEDSTATUSCODES 250PIPELINING 250CHUNKING 250 SMTPUTF8 STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  Not supported.  Not applicable, requires TLS. 

alt1.aspmx.l.google.com 209.85.202.26 PTR: dginf26.1e100.net 
5 
220 mx.google.com ESMTP t820020adfe108000000b00228e149ae01si1832179wrz.577  gsmtp EHLO outbound.hardenize.com 250mx.google.com at your service, [18.233.176.231] 250SIZE 157286400 2508BITMIME 250STARTTLS 250ENHANCEDSTATUSCODES 250PIPELINING 250CHUNKING 250 SMTPUTF8 STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  Not supported.  Not applicable, requires TLS. 

alt2.aspmx.l.google.com 2a00:1450:400c:c0b:0:0:0:1a PTR: wainf26.1e100.net 
5 
220 mx.google.com ESMTP n820020a05600c4f8800b003b4fa44e892si2288701wmq.111  gsmtp EHLO outbound.hardenize.com 250mx.google.com at your service, [2600:1f18:753:1b00:eb42:a50a:13c8:2f67] 250SIZE 157286400 2508BITMIME 250STARTTLS 250ENHANCEDSTATUSCODES 250PIPELINING 250CHUNKING 250 SMTPUTF8 STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  Not supported.  Not applicable, requires TLS. 

alt2.aspmx.l.google.com 64.233.184.27 PTR: wainf27.1e100.net 
5 
220 mx.google.com ESMTP m2120020a05600c4f5500b003a970d2bf2esi3370031wmq.198  gsmtp EHLO outbound.hardenize.com 250mx.google.com at your service, [18.233.176.231] 250SIZE 157286400 2508BITMIME 250STARTTLS 250ENHANCEDSTATUSCODES 250PIPELINING 250CHUNKING 250 SMTPUTF8 STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  Not supported.  Not applicable, requires TLS. 

alt3.aspmx.l.google.com 2a00:1450:4025:401:0:0:0:1b PTR: rainf27.1e100.net 
10 
220 mx.google.com ESMTP xg720020a170907320700b0078269f2a117si4827303ejb.547  gsmtp EHLO outbound.hardenize.com 250mx.google.com at your service, [2600:1f18:753:1b00:eb42:a50a:13c8:2f67] 250SIZE 157286400 2508BITMIME 250STARTTLS 250ENHANCEDSTATUSCODES 250PIPELINING 250CHUNKING 250 SMTPUTF8 STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  Not supported.  Not applicable, requires TLS. 

alt3.aspmx.l.google.com 142.250.27.27 PTR: rainf27.1e100.net 
10 
220 mx.google.com ESMTP q520020a170906144500b007811e006b46si5843910ejc.470  gsmtp EHLO outbound.hardenize.com 250mx.google.com at your service, [18.233.176.231] 250SIZE 157286400 2508BITMIME 250STARTTLS 250ENHANCEDSTATUSCODES 250PIPELINING 250CHUNKING 250 SMTPUTF8 STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  Not supported.  Not applicable, requires TLS. 

alt4.aspmx.l.google.com 2a00:1450:4013:c16:0:0:0:1a PTR: eainf26.1e100.net 
10 
220 mx.google.com ESMTP jr2020020a170906a99400b0077de0f381f1si3884915ejb.811  gsmtp EHLO outbound.hardenize.com 250mx.google.com at your service, [2600:1f18:753:1b00:eb42:a50a:13c8:2f67] 250SIZE 157286400 2508BITMIME 250STARTTLS 250ENHANCEDSTATUSCODES 250PIPELINING 250CHUNKING 250 SMTPUTF8 STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  Not supported.  Not applicable, requires TLS. 

alt4.aspmx.l.google.com 142.250.153.27 PTR: eainf27.1e100.net 
10 
220 mx.google.com ESMTP nd2220020a170907629600b00741550f828bsi7416651ejc.919  gsmtp EHLO outbound.hardenize.com 250mx.google.com at your service, [18.233.176.231] 250SIZE 157286400 2508BITMIME 250STARTTLS 250ENHANCEDSTATUSCODES 250PIPELINING 250CHUNKING 250 SMTPUTF8 STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  Not supported.  Not applicable, requires TLS. 
Latest cache timestamp: 24 Sep 2022 14:23 UTC
Earliest cache timestamp: 19 Sep 2022 12:50 UTC
Transport Layer Security (TLS) is the most widely used encryption protocol on the Internet. In combination with valid certificates, servers can establish trusted communication channels even with users who have never visited them before. Network attackers can't uncover what is being communicated, even when they can see all the traffic.
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2

Shows cipher suite configuration for this protocol version.TLS v1.2 
Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
21 Sep 2022 17:45 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2

Shows cipher suite configuration for this protocol version.TLS v1.2 
Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
24 Sep 2022 09:52 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2

Shows cipher suite configuration for this protocol version.TLS v1.2 
Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
19 Sep 2022 12:50 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2

Shows cipher suite configuration for this protocol version.TLS v1.2 
Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
21 Sep 2022 16:38 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
22 Sep 2022 06:05 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
24 Sep 2022 14:23 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
24 Sep 2022 00:03 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
23 Sep 2022 01:32 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
22 Sep 2022 07:07 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
23 Sep 2022 02:33 UTC 
A certificate is a digital document that contains a public key, some information about the entity associated with it, and a digital signature from the certificate issuer. Itâ€™s a mechanism that enables us to exchange, store, and use public keys. Being able to reliably verify the identity of a remote server is crucial in order to achieve secure encrypted communication.
Names  mx.google.com smtp.google.com aspmx.l.google.com alt1.aspmx.l.google.com alt2.aspmx.l.google.com alt3.aspmx.l.google.com alt4.aspmx.l.google.com gmailsmtpin.l.google.com alt1.gmailsmtpin.l.google.com alt2.gmailsmtpin.l.google.com alt3.gmailsmtpin.l.google.com alt4.gmailsmtpin.l.google.com gmrsmtpin.l.google.com alt1.gmrsmtpin.l.google.com alt2.gmrsmtpin.l.google.com alt3.gmrsmtpin.l.google.com alt4.gmrsmtpin.l.google.com mx1.smtp.goog mx2.smtp.goog mx3.smtp.goog mx4.smtp.goog aspmx2.googlemail.com aspmx3.googlemail.com aspmx4.googlemail.com aspmx5.googlemail.com gmrmx.google.com 
Subject DN  CN=mx.google.com 
Subject Key Identifier  2c792dc7d69d1969011427dcc3208f0aea932921 
Serial  e7794356d66c771f0a6e99c20c28225e 
Not Before  05 Sep 2022 08:18:39 UTC 
Not After  28 Nov 2022 08:18:38 UTC 
Validity period  84 days 
Key Usage  digitalSignature 
Extended Key Usage  serverAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=GTS CA 1C3, O=Google Trust Services LLC, C=US 
Certification Authority  Google Trust Services LLC 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:8a747faf85cdee95cd3d9cd0e24614f371351d27 
Parent Certificate  http://pki.goog/repo/certs/gts1c3.der 
CRL  http://crls.pki.goog/gts1c3/zdATt0Ex_Fk.crl 
OCSP  http://ocsp.pki.goog/gts1c3 
Certificate Transparency 

Signed Certificate Timestamps 
05 Sep 2022 09:18:41 UTC
 Google 'Argon2022' log
 Qualified
05 Sep 2022 09:18:41 UTC  DigiCert Yeti20222 Log  Qualified 
Fingerprints 

SHA1  f4d672a9eb380abbd7a4bcaaad3b9fe730b68508 
SHA256  09b62111dc501147ef7865e0abd0e92254a3fdfe79f0a6cfd683023771f24ddc 
SPKI SHA256  0d437459be5b7f389d4bda8c4848f01b3f2f8e08c5db2dbe9c974cec14d93493 
Names  mx.google.com smtp.google.com aspmx.l.google.com alt1.aspmx.l.google.com alt2.aspmx.l.google.com alt3.aspmx.l.google.com alt4.aspmx.l.google.com gmailsmtpin.l.google.com alt1.gmailsmtpin.l.google.com alt2.gmailsmtpin.l.google.com alt3.gmailsmtpin.l.google.com alt4.gmailsmtpin.l.google.com gmrsmtpin.l.google.com alt1.gmrsmtpin.l.google.com alt2.gmrsmtpin.l.google.com alt3.gmrsmtpin.l.google.com alt4.gmrsmtpin.l.google.com mx1.smtp.goog mx2.smtp.goog mx3.smtp.goog mx4.smtp.goog aspmx2.googlemail.com aspmx3.googlemail.com aspmx4.googlemail.com aspmx5.googlemail.com gmrmx.google.com 
Subject DN  CN=mx.google.com 
Subject Key Identifier  2c792dc7d69d1969011427dcc3208f0aea932921 
Serial  e7794356d66c771f0a6e99c20c28225e 
Not Before  05 Sep 2022 08:18:39 UTC 
Not After  28 Nov 2022 08:18:38 UTC 
Validity period  84 days 
Key Usage  digitalSignature 
Extended Key Usage  serverAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=GTS CA 1C3, O=Google Trust Services LLC, C=US 
Certification Authority  Google Trust Services LLC 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:8a747faf85cdee95cd3d9cd0e24614f371351d27 
Parent Certificate  http://pki.goog/repo/certs/gts1c3.der 
CRL  http://crls.pki.goog/gts1c3/zdATt0Ex_Fk.crl 
OCSP  http://ocsp.pki.goog/gts1c3 
Certificate Transparency 

Signed Certificate Timestamps 
05 Sep 2022 09:18:41 UTC
 Google 'Argon2022' log
 Qualified
05 Sep 2022 09:18:41 UTC  DigiCert Yeti20222 Log  Qualified 
Fingerprints 

SHA1  f4d672a9eb380abbd7a4bcaaad3b9fe730b68508 
SHA256  09b62111dc501147ef7865e0abd0e92254a3fdfe79f0a6cfd683023771f24ddc 
SPKI SHA256  0d437459be5b7f389d4bda8c4848f01b3f2f8e08c5db2dbe9c974cec14d93493 
Subject DN  CN=GTS CA 1C3, O=Google Trust Services LLC, C=US 
Subject Key Identifier  8a747faf85cdee95cd3d9cd0e24614f371351d27 
Serial  203bc53596b34c718f5015066 
Not Before  13 Aug 2020 00:00:42 UTC 
Not After  30 Sep 2027 00:00:42 UTC 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Extended Key Usage  serverAuth, clientAuth 
Issuer 

Issuer DN  CN=GTS Root R1, O=Google Trust Services LLC, C=US 
Certification Authority  Google Trust Services LLC 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:e4af2b26711a2b4827852f52662ceff08913713e 
Parent Certificate  http://pki.goog/repo/certs/gtsr1.der 
CRL  http://crl.pki.goog/gtsr1/gtsr1.crl 
OCSP  http://ocsp.pki.goog/gtsr1 
CA certificate  Yes (pathlen 0) 
Fingerprints 

SHA1  1e7ef647cba150281c60897257102878c4bd8cdc 
SHA256  23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522 
SPKI SHA256  cc24e77cbc0b29b4bd4b6b1ba7eb85cf82993a8705bd7c64574e827bd3b9336c 
Subject DN  CN=GTS Root R1, O=Google Trust Services LLC, C=US 
Subject Key Identifier  e4af2b26711a2b4827852f52662ceff08913713e 
Serial  77bd0d6cdb36f91aea210fc4f058d30d 
Not Before  19 Jun 2020 00:00:42 UTC 
Not After  28 Jan 2028 00:00:42 UTC 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nvsa, C=BE 
Certification Authority  Google Trust Services LLC 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:607b661a450d97ca89502f7d04cd34a8fffcfd4b 
Parent Certificate  http://pki.goog/gsr1/gsr1.crt 
CRL  http://crl.pki.goog/gsr1/gsr1.crl 
OCSP  http://ocsp.pki.goog/gsr1 
CA certificate  Yes (pathlen unlimited) 
Fingerprints 

SHA1  08745487e891c19e3078c1f2a07e452950ef36f6 
SHA256  3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 
SPKI SHA256  871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67 
Subject DN  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nvsa, C=BE 
Subject Key Identifier  607b661a450d97ca89502f7d04cd34a8fffcfd4b 
Serial  20000000000d678b79405 
Not Before  01 Sep 1998 12:00:00 UTC 
Not After  28 Jan 2014 12:00:00 UTC (expired 8 years 7 months ago) 
Key Usage  keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nvsa, C=BE 
Certification Authority  Google Trust Services LLC 
Validation Type  Selfsigned 
CA certificate  Yes (pathlen unlimited) 
Fingerprints 

SHA1  2f173f7de99667afa57af80aa2d1b12fac830338 
SHA256  b41b2fbfb93eeab3e0fa6b284adb932cdb3766ed4bc7d14837a8f2d9ae874a23 
SPKI SHA256  2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64 
DNSbased Authentication of Named Entities (DANE) is a bridge between DNSSEC and TLS. In one possible scenario, DANE can be used for public key pinning, building on an existing publiclytrusted certificate. In another approach, it can be used to completely bypass the CA ecosystem and establish trust using DNSSEC alone.
Sender Policy Framework (SPF) is a protocol that allows domain name owners to control which internet hosts are allowed to send email on their behalf. This simple mechanism can be used to reduce the effect of email spoofing and cut down on spam.
Host where this policy is located.Location  freshuk.co.il 
SPF version used by this policy.v  spf1 
Evaluates SPF policy specified in another DNS location. This directive is typically used to allow hosts controlled by another organization. include 
servers.mcsv.net 
Evaluates SPF policy specified in another DNS location. This directive is typically used to allow hosts controlled by another organization. include 
zcsend.net 
Evaluates SPF policy specified in another DNS location. This directive is typically used to allow hosts controlled by another organization. include 
_spf.google.com 
This mechanism matches if the sending IP address is one of the IP addresses that belong to the target domain name. Matches both IPv4 and IPv6 addresses. a 

This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. ~all 
Policy text: v=spf1 include:servers.mcsv.net include:zcsend.net include:_spf.google.com a ~all
Location: freshuk.co.il
Lookups: 7
Host where this policy is located.Location  servers.mcsv.net 
SPF version used by this policy.v  spf1 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
205.201.128.0/20 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
198.2.128.0/18 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
148.105.8.0/21 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. all 
Host where this policy is located.Location  zcsend.net 
SPF version used by this policy.v  spf1 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
135.84.81.0/24 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
135.84.83.0/24 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
136.143.160.0/24 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
165.173.128.0/24 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
135.84.82.0/24 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
136.143.161.0/24 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. ~all 
Host where this policy is located.Location  _spf.google.com 
SPF version used by this policy.v  spf1 
Evaluates SPF policy specified in another DNS location. This directive is typically used to allow hosts controlled by another organization. include 
_netblocks.google.com 
Evaluates SPF policy specified in another DNS location. This directive is typically used to allow hosts controlled by another organization. include 
_netblocks2.google.com 
Evaluates SPF policy specified in another DNS location. This directive is typically used to allow hosts controlled by another organization. include 
_netblocks3.google.com 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. ~all 
Host where this policy is located.Location  _netblocks.google.com 
SPF version used by this policy.v  spf1 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
35.190.247.0/24 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
64.233.160.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
66.102.0.0/20 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
66.249.80.0/20 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
72.14.192.0/18 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
74.125.0.0/16 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
108.177.8.0/21 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
173.194.0.0/16 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
209.85.128.0/17 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
216.58.192.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
216.239.32.0/19 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. ~all 
Host where this policy is located.Location  _netblocks2.google.com 
SPF version used by this policy.v  spf1 
This mechanism tests whether the IP address being tested is contained within a given IPv6 network. ip6 
2001:4860:4000::/36 
This mechanism tests whether the IP address being tested is contained within a given IPv6 network. ip6 
2404:6800:4000::/36 
This mechanism tests whether the IP address being tested is contained within a given IPv6 network. ip6 
2607:f8b0:4000::/36 
This mechanism tests whether the IP address being tested is contained within a given IPv6 network. ip6 
2800:3f0:4000::/36 
This mechanism tests whether the IP address being tested is contained within a given IPv6 network. ip6 
2a00:1450:4000::/36 
This mechanism tests whether the IP address being tested is contained within a given IPv6 network. ip6 
2c0f:fb50:4000::/36 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. ~all 
Host where this policy is located.Location  _netblocks3.google.com 
SPF version used by this policy.v  spf1 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
172.217.0.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
172.217.32.0/20 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
172.217.128.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
172.217.160.0/20 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
172.217.192.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
172.253.56.0/21 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
172.253.112.0/20 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
108.177.96.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
35.191.0.0/16 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
130.211.0.0/22 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. ~all 
Domainbased Message Authentication, Reporting, and Conformance (DMARC) is a scalable mechanism by which a mailoriginating organization can express domainlevel policies and preferences for message validation, disposition, and reporting, that a mailreceiving organization can use to improve mail handling.
The location from which we obtained this policy.Policy location  _dmarc.freshuk.co.il 
DMARC version used by this policy.v  DMARC1 
Indicates the policy to be enacted by the receiver at the request of the domain owner. Possible values are: none, quarantine, and reject.p 
quarantine 
Addresses to which aggregate feedback is to be sent.rua  mailto:ipm3v23@ar.glockapps.com,mailto:dmarc@freshuk.uriports.com,mailto:ruaimport26057@sendforensics.com 
Addresses to which messagespecific failure information is to be reported.ruf 
mailto:ipm3v23@fr.glockapps.com,mailto:dmarc@freshuk.uriports.com 
Configures failure reporting.fo  1 
Percentage of messages from mail stream to which the DMARC policy is to be applied.pct 
100 
Interval between aggregate reports. Defaults to 86400.ri  86400 
Policy: v=DMARC1; p=quarantine; rua=mailto:ipm3v23@ar.glockapps.com,mailto:dmarc@freshuk.uriports.com,mailto:ruaimport26057@sendforensics.com; ruf=mailto:ipm3v23@fr.glockapps.com,mailto:dmarc@freshuk.uriports.com; fo=1; pct=100; ri=86400;
Host: _dmarc.freshuk.co.il
Permission record location: freshuk.co.il._report._dmarc.ar.glockapps.com
External destination: mailto:ipm3v23@ar.glockapps.com
Permission record contents: v=DMARC1
Permission record location: freshuk.co.il._report._dmarc.freshuk.uriports.com
External destination: mailto:dmarc@freshuk.uriports.com
Permission record contents: v=DMARC1;
Permission record location: freshuk.co.il._report._dmarc.sendforensics.com
External destination: mailto:ruaimport26057@sendforensics.com
Permission record contents: v=DMARC1
Permission record location: freshuk.co.il._report._dmarc.fr.glockapps.com
External destination: mailto:ipm3v23@fr.glockapps.com
Permission record contents: v=DMARC1
Permission record location: freshuk.co.il._report._dmarc.freshuk.uriports.com
External destination: mailto:dmarc@freshuk.uriports.com
Permission record contents: v=DMARC1;
SMTP Mail Transfer Agent Strict Transport Security (MTASTS) is a mechanism enabling mail service providers to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections, and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.
Location from which we retrieved the policy indicator.Location  _mtasts.freshuk.co.il 
MTASTS standard version used by this policy indicator.Version  STSv1 
Unique policy identifier, whose value must change every time the underlying policy changes.ID 
20211227163055Z 
The URL from which the policy was obtained.Location  https://mtasts.freshuk.co.il/.wellknown/mtasts.txt 
Policy standard version.version  STSv1 
Policy duration, which specifies how long the sending MTAs should remember and enforce the server policy for.max‑age 
2,419,200 seconds (about 28 days) 
Policy mode, which can be one of 'none', 'testing' and 'enforcing'. Guess which is best! :)mode 
enforce 
One 'mx' directive specifies one email server pattern that's allowed for this host.mx 
alt3.aspmx.l.google.com 
One 'mx' directive specifies one email server pattern that's allowed for this host.mx 
alt4.aspmx.l.google.com 
One 'mx' directive specifies one email server pattern that's allowed for this host.mx 
aspmx.l.google.com 
One 'mx' directive specifies one email server pattern that's allowed for this host.mx 
alt1.aspmx.l.google.com 
One 'mx' directive specifies one email server pattern that's allowed for this host.mx 
alt2.aspmx.l.google.com 
Status code: 200
Length: 180 bytes
ContentType: text/plain;charset=UTF8
Names  mtasts.freshuk.co.il 
Subject DN  CN=mtasts.freshuk.co.il 
Subject Key Identifier  a030e416bf0f59642e001c7f54d9442ea1f53fcd 
Serial  32bc0c5f91ed6d21a77c884a36078108235 
Not Before  25 Aug 2022 22:11:45 UTC 
Not After  23 Nov 2022 22:11:44 UTC 
Validity period  90 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=R3, O=Let's Encrypt, C=US 
Certification Authority  Let's Encrypt 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:142eb317b75856cbae500940e61faf9d8b14c2c6 
Parent Certificate  http://r3.i.lencr.org/ 
OCSP  http://r3.o.lencr.org 
Certificate Transparency 

Signed Certificate Timestamps 
25 Aug 2022 23:11:45 UTC
 Google 'Xenon2022' log
 Qualified
25 Aug 2022 23:11:46 UTC  Cloudflare 'Nimbus2022' Log  Qualified 
Fingerprints 

SHA1  3b63b73642c97c8ba16b385904776c9d60918e8c 
SHA256  59d10b4b13846fa80db624ff7f13979b10a4ebb75d10ae4cfe60e2a4b8614998 
SPKI SHA256  8a3a11eda7b14d3d72de4dde7d22eca70e8794d2f44ce62604da0057c645485d 
Names  mtasts.freshuk.co.il 
Subject DN  CN=mtasts.freshuk.co.il 
Subject Key Identifier  a030e416bf0f59642e001c7f54d9442ea1f53fcd 
Serial  32bc0c5f91ed6d21a77c884a36078108235 
Not Before  25 Aug 2022 22:11:45 UTC 
Not After  23 Nov 2022 22:11:44 UTC 
Validity period  90 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=R3, O=Let's Encrypt, C=US 
Certification Authority  Let's Encrypt 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:142eb317b75856cbae500940e61faf9d8b14c2c6 
Parent Certificate  http://r3.i.lencr.org/ 
OCSP  http://r3.o.lencr.org 
Certificate Transparency 

Signed Certificate Timestamps 
25 Aug 2022 23:11:45 UTC
 Google 'Xenon2022' log
 Qualified
25 Aug 2022 23:11:46 UTC  Cloudflare 'Nimbus2022' Log  Qualified 
Fingerprints 

SHA1  3b63b73642c97c8ba16b385904776c9d60918e8c 
SHA256  59d10b4b13846fa80db624ff7f13979b10a4ebb75d10ae4cfe60e2a4b8614998 
SPKI SHA256  8a3a11eda7b14d3d72de4dde7d22eca70e8794d2f44ce62604da0057c645485d 
Subject DN  CN=R3, O=Let's Encrypt, C=US 
Subject Key Identifier  142eb317b75856cbae500940e61faf9d8b14c2c6 
Serial  912b084acf0c18a753f6d62e25a75f5a 
Not Before  04 Sep 2020 00:00:00 UTC 
Not After  15 Sep 2025 16:00:00 UTC 
Validity period  1838 days 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Extended Key Usage  clientAuth, serverAuth 
Issuer 

Issuer DN  CN=ISRG Root X1, O=Internet Security Research Group, C=US 
Certification Authority  Let's Encrypt 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:79b459e67bb6e5e40173800888c81a58f6e99b6e 
Parent Certificate  http://x1.i.lencr.org/ 
CRL  http://x1.c.lencr.org/ 
CA certificate  Yes (pathlen 0) 
Fingerprints 

SHA1  a053375bfe84e8b748782c7cee15827a6af5a405 
SHA256  67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd 
SPKI SHA256  8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d 
Subject DN  CN=ISRG Root X1, O=Internet Security Research Group, C=US 
Subject Key Identifier  79b459e67bb6e5e40173800888c81a58f6e99b6e 
Serial  4001772137d4e942b8ee76aa3c640ab7 
Not Before  20 Jan 2021 19:14:03 UTC 
Not After  30 Sep 2024 18:14:03 UTC 
Validity period  1349 days 
Key Usage  keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=DST Root CA X3, O=Digital Signature Trust Co. 
Certification Authority  IdenTrust Services, LLC 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:c4a7b1a47b2c71fadbe14b9075ffc41560858910 
Parent Certificate  http://apps.identrust.com/roots/dstrootcax3.p7c 
CRL  http://crl.identrust.com/DSTROOTCAX3CRL.crl 
CA certificate  Yes (pathlen unlimited) 
Fingerprints 

SHA1  933c6ddee95c9c41a40f9f50493d82be03ad87bf 
SHA256  6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f 
SPKI SHA256  0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3 
Subject DN  CN=DST Root CA X3, O=Digital Signature Trust Co. 
Subject Key Identifier  c4a7b1a47b2c71fadbe14b9075ffc41560858910 
Serial  44afb080d6a327ba893039862ef8406b 
Not Before  30 Sep 2000 21:12:19 UTC 
Not After  30 Sep 2021 14:01:15 UTC (expired 11 months 25 days ago) 
Key Usage  keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=DST Root CA X3, O=Digital Signature Trust Co. 
Certification Authority  IdenTrust Services, LLC 
Validation Type  Selfsigned 
CA certificate  Yes (pathlen unlimited) 
Fingerprints 

SHA1  dac9024f54d8f6df94935fb1732638ca6ad77c13 
SHA256  0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739 
SPKI SHA256  563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b 
SMTP TLS Reporting (RFC 8460), or TLSRPT for short, describes a reporting mechanism and format by which systems sending email can share statistics and specific information about potential failures with recipient domains. Recipient domains can then use this information to both detect potential attacks and diagnose unintentional misconfigurations. TLSRPT can be used with DANE or MTASTS.
Location from which we retrieved the policy indicator.Location  _smtp._tls.freshuk.co.il 
TLSRPT standard version used by this policy indicator.Version  TLSRPTv1 
Reporting endpoints specified in the policy.Reporting Endpoints 
mailto:tlsrpt@freshuk.uriports.com 
To observe your HTTP implementation, we submit a request to the homepage of your site on port 80, follow all redirections (even when they take us to other domain names), and record the returned HTTP headers.
To observe your HTTPS implementation, we submit a request to the homepage of your site on port 443, follow all redirections (even when they take us to other domain names), and record the returned HTTP headers. We use the most recent set of headers returned from the tested hostname for further tests such as HSTS and HPKP.
Transport Layer Security (TLS) is the most widely used encryption protocol on the Internet. In combination with valid certificates, servers can establish trusted communication channels even with users who have never visited them before. Network attackers can't uncover what is being communicated, even when they can see all the traffic.
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc14 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc023 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc024 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc14 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc023 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc024 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc14 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc023 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc024 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA Suite ID: 0xa Cipher name: 3DES (WEAK) Cipher strength: 112 bits Cipher block size: 64 bits (WEAK) Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc14 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca9 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02b Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Suite ID: 0xc009 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc02c Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Suite ID: 0xc00a Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc023 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc024 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_ECDSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) 