Web sites need to use encryption to help their visitors know they're in the right place, as well as provide confidentiality and content integrity. Sites that don't support HTTPS may expose sensitive data and have their pages modified and subverted.
To deploy HTTPS properly, web sites must redirect all unsafe (plaintext) traffic to the encrypted variant. This approach ensures that no sensitive data is exposed and that further security technologies can be activated.
HTTP Strict Transport Security (HSTS) is an HTTPS extension that instructs browsers to remember sites that use encryption and enforce strict security requirements. Without HSTS, active network attacks are easy to carry out.
HSTS Preloading is informing browsers in advance about a site's use of HSTS, which means that strict security can be enforced even on the first visit. This approach provides best HTTPS security available today.
Content Security Policy (CSP) is an additional security layer that enables web sites to control browser behavior, creating a safety net that can counter attacks such as crosssite scripting.
All hosts that receive email need encryption to ensure confidentiality of email messages. Email servers thus need to support STARTTLS, as well as provide decent TLS configuration and correct certificates.
Sender Policy Framework (SPF) enables organizations to designate servers that are allowed to send email messages on their behalf. With SPF in place, spam is easier to identify.
Domainbased Message Authentication, Reporting, and Conformance (DMARC) is a mechanism that allows organizations to specify how unauthenticated email (identified using SPF and DKIM) should be handled.
The global DNS infrastructure is organized as a series of hierarchical DNS zones. The root zone hosts a number of global and country TLDs, which in turn host further zones that are delegated to their customers. Each organization that controls a zone can delegate parts of its namespace to other zones. In this test we perform detailed inspection of a DNS zone, but only if the host being tested matches the zone.
Nameservers can be referred to by name and by address. In this section we show the names, which can appear in the NS records, the referrals from the parent zone, and the SOA record. In some situations, servers from the parent zone respond authoritatively, in which case we will include them in the list as well.
Nameserver  Operational  IPv4  IPv6  Sources 

chris.ns.cloudflare.com. PRIMARY 108.162.193.85 172.64.33.85 173.245.59.85 2606:4700:58::adf5:3b55 2803:f800:50::6ca2:c155 2a06:98c1:50::ac40:2155  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  REFERRAL NS SOA 
serena.ns.cloudflare.com. 108.162.192.220 172.64.32.220 173.245.58.220 2606:4700:50::adf5:3adc 2803:f800:50::6ca2:c0dc 2a06:98c1:50::ac40:20dc  The server is online.  Name resolves to an IPv4 address.  Name resolves to an IPv6 address.  REFERRAL NS 
This section shows the configuration of all discovered nameservers by their IP address. To find all applicable nameservers, we inspect the parent zone nameservers for names and glue and then the tested zone nameservers for NS records. We then resolve all discovered names to IP addresses. Finally, we test each address individually.
Nameserver  Operational  Authoritative  Recursive  UDP  TCP  Sources  Payload Size 

108.162.192.220 serena.ns.cloudflare.com. PTR: serena.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
108.162.193.85 PRIMARY chris.ns.cloudflare.com. PTR: chris.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
172.64.32.220 serena.ns.cloudflare.com. PTR: serena.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
172.64.33.85 PRIMARY chris.ns.cloudflare.com. PTR: chris.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
173.245.58.220 serena.ns.cloudflare.com. PTR: serena.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
173.245.59.85 PRIMARY chris.ns.cloudflare.com. PTR: chris.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2606:4700:50::adf5:3adc serena.ns.cloudflare.com. PTR: serena.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2606:4700:58::adf5:3b55 PRIMARY chris.ns.cloudflare.com. PTR: chris.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2803:f800:50::6ca2:c0dc serena.ns.cloudflare.com. PTR: serena.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2803:f800:50::6ca2:c155 PRIMARY chris.ns.cloudflare.com. PTR: chris.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2a06:98c1:50::ac40:20dc serena.ns.cloudflare.com. PTR: serena.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
2a06:98c1:50::ac40:2155 PRIMARY chris.ns.cloudflare.com. PTR: chris.ns.cloudflare.com.  The server appears to be online.  Nameserver provides authoritative responses  Nameserver doesn't provide recursive service  Nameserver responds to UDP queries  Nameserver responds to TCP queries  NAME  1232 
Start of Authority (SOA) records contain administrative information pertaining to one DNS zone, especially the configuration that's used for zone transfers between the primary nameserver and the secondaries. Only one SOA record should exist, with all nameservers providing the same information.
The domain name of the primary nameserver for the zone. Also known as MNAME.Primary nameserver  chris.ns.cloudflare.com. 
Email address of the persons responsible for this zone. Also known as RNAME.Admin email  dns.cloudflare.com. 
Zone serial or version number.Serial number  2026869330 
The length of time secondary nameservers should wait before querying the primary for changes.Refresh interval  10,000 seconds (about 2 hours 46 minutes) 
The length of time secondary nameservers should wait before querying an unresponsive primary again.Retry interval  2,400 seconds (about 40 minutes) 
The length of time after which secondary nameservers should stop responding to queries for a zone, assuming no updates were obtained from the primary.Expire interval  604,800 seconds (about 7 days) 
TTL for purposes of negative response caching. Negative cache TTL  3,600 seconds (about 1 hour) 
Time To Live (TTL) indicates for how long a record remains valid. SOA record TTL  3,600 seconds (about 1 hour) 
Below are all DNS queries we submitted during the zone inspection.
ID  Server  Transport  Question Name  Type  Status 

Correctly functioning name servers are necessary to hold and distribute information that's necessary for your domain name to operate correctly. Examples include converting names to IP addresses, determining where email should go, and so on. More recently, the DNS is being used to communicate email and other security policies.
These are the results of individual DNS queries against your nameserver for common resource record types.
Name  TTL  Type  Data 

smartfixmarburg.de.  300  A  172.67.212.140 
smartfixmarburg.de.  300  A  104.21.85.243 
www.smartfixmarburg.de.  300  A  172.67.212.140 
www.smartfixmarburg.de.  300  A  104.21.85.243 
smartfixmarburg.de.  300  AAAA  2606:4700:3035:0:0:0:6815:55f3 
smartfixmarburg.de.  300  AAAA  2606:4700:3030:0:0:0:ac43:d48c 
www.smartfixmarburg.de.  300  AAAA  2606:4700:3030:0:0:0:ac43:d48c 
www.smartfixmarburg.de.  300  AAAA  2606:4700:3035:0:0:0:6815:55f3 
smartfixmarburg.de.  3600  DNSKEY  257 3 13 mdsswUyr3DPW132mOi8V9xESWE8jTo0dxCjjnopKl+GqJxpVXckHAeF+KkxLbxILfDLUT0rAK9iUzy1L53eKGQ== 
smartfixmarburg.de.  3600  DNSKEY  256 3 13 oJMRESz5E4gYzS/q6XDrvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA== 
smartfixmarburg.de.  300  HTTPS  1 . alpn=h3,h329,h2 ipv4hint=104.21.85.243,172.67.212.140 ipv6hint=2606:4700:3030:0:0:0:ac43:d48c,2606:4700:3035:0:0:0:6815:55f3 
www.smartfixmarburg.de.  300  HTTPS  1 . alpn=h3,h329,h2 ipv4hint=104.21.85.243,172.67.212.140 ipv6hint=2606:4700:3030:0:0:0:ac43:d48c,2606:4700:3035:0:0:0:6815:55f3 
smartfixmarburg.de.  300  MX  20 mxext3.mailbox.org. 
smartfixmarburg.de.  300  MX  0 mxext1.mailbox.org. 
smartfixmarburg.de.  300  MX  10 mxext2.mailbox.org. 
smartfixmarburg.de.  86400  NS  chris.ns.cloudflare.com. 
smartfixmarburg.de.  86400  NS  serena.ns.cloudflare.com. 
smartfixmarburg.de.  3600  SOA  chris.ns.cloudflare.com. dns.cloudflare.com. 2268097966 10000 2400 604800 3600 
smartfixmarburg.de.  300  TXT  "v=spf1 include:mailbox.org include:_spf.smtp.com ~all" 
_dmarc.smartfixmarburg.de.  300  TXT  "v=DMARC1; p=reject; pct=100; rua=mailto:re+udpvhnfoskd@dmarc.postmarkapp.com;" 
Below are all DNS queries we submitted while we inspecting the resource records.
ID  Server  Question Name  Type  Status 

DNSSEC is an extension of the DNS protocol that provides cryptographic assurance of the authenticity and integrity of responses; it's intended as a defense against network attackers who are able to manipulate DNS to redirect their victims to servers of their choice. DNSSEC is controversial, with the industry split largely between those who think it's essential and those who believe that it's problematic and unnecessary.
CAA (RFC 8659) is a new standard that allows domain name owners to restrict which CAs are allowed to issue certificates for their domains. This can help to reduce the chance of misissuance, either accidentally or maliciously. In September 2017, CAA became mandatory for CAs to implement.
An internet hostname can be served by zero or more mail servers, as specified by MX (mail exchange) DNS resource records. Each server can further resolve to multiple IP addresses, for example to handle IPv4 and IPv6 clients. Thus, in practice, hosts that wish to receive email reliably are supported by many endpoint.
Server  Preference  Operational  STARTTLS  TLS  PKI  DNSSEC  DANE 

mxext1.mailbox.org 2001:67c:2050:104:0:1:25:1 PTR: mx1.mailbox.org 
0 
220 mx1.mailbox.org ESMTP Postfix EHLO outbound.hardenize.com 250mx1.mailbox.org 250PIPELINING 250SIZE 143699726 250ETRN 250STARTTLS 250ENHANCEDSTATUSCODES 2508BITMIME 250 CHUNKING STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  
mxext1.mailbox.org 80.241.60.212 PTR: mx1.mailbox.org 
0 
220 mx1.mailbox.org ESMTP Postfix EHLO outbound.hardenize.com 250mx1.mailbox.org 250PIPELINING 250SIZE 143699726 250ETRN 250STARTTLS 250ENHANCEDSTATUSCODES 2508BITMIME 250 CHUNKING STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  
mxext2.mailbox.org 2001:67c:2050:104:0:2:25:1 PTR: mx2.mailbox.org 
10 
220 mx2.mailbox.org ESMTP Postfix EHLO outbound.hardenize.com 250mx2.mailbox.org 250PIPELINING 250SIZE 143699726 250ETRN 250STARTTLS 250ENHANCEDSTATUSCODES 2508BITMIME 250 CHUNKING STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  
mxext2.mailbox.org 80.241.60.215 PTR: mx2.mailbox.org 
10 
220 mx2.mailbox.org ESMTP Postfix EHLO outbound.hardenize.com 250mx2.mailbox.org 250PIPELINING 250SIZE 143699726 250ETRN 250STARTTLS 250ENHANCEDSTATUSCODES 2508BITMIME 250 CHUNKING STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  
mxext3.mailbox.org 2001:67c:2050:104:0:3:25:1 PTR: mx3.mailbox.org 
20 
220 mx3.mailbox.org ESMTP Postfix EHLO outbound.hardenize.com 250mx3.mailbox.org 250PIPELINING 250SIZE 143699726 250ETRN 250STARTTLS 250ENHANCEDSTATUSCODES 2508BITMIME 250 CHUNKING STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS.  
mxext3.mailbox.org 80.241.60.216 PTR: mx3.mailbox.org 
20 
220 mx3.mailbox.org ESMTP Postfix EHLO outbound.hardenize.com 250mx3.mailbox.org 250PIPELINING 250SIZE 143699726 250ETRN 250STARTTLS 250ENHANCEDSTATUSCODES 2508BITMIME 250 CHUNKING STARTTLS 220 2.0.0 Ready to start TLS 
Supports STARTTLS. 
Latest cache timestamp: 20 Jan 2022 13:00 UTC
Earliest cache timestamp: 18 Jan 2022 10:46 UTC
Transport Layer Security (TLS) is the most widely used encryption protocol on the Internet. In combination with valid certificates, servers can establish trusted communication channels even with users who have never visited them before. Network attackers can't uncover what is being communicated, even when they can see all the traffic.
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_256_GCM_SHA384
Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 384 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 384 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xccaa Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9f Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9e Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (DHE 4096 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_DHE_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a3 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CCM_8 256 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CCM Suite ID: 0xc09f Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CCM 256 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a2 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CCM_8 128 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CCM Suite ID: 0xc09e Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CCM 128 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x6b Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x67 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) Suite: TLS_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a1 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM_8 256 bits Suite: TLS_RSA_WITH_AES_256_CCM Suite ID: 0xc09d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM 256 bits Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a0 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM_8 128 bits Suite: TLS_RSA_WITH_AES_128_CCM Suite ID: 0xc09c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
20 Jan 2022 11:58 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_256_GCM_SHA384
Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 384 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 384 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xccaa Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9f Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9e Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (DHE 4096 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_DHE_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a3 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CCM_8 256 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CCM Suite ID: 0xc09f Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CCM 256 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a2 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CCM_8 128 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CCM Suite ID: 0xc09e Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CCM 128 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x6b Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x67 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) Suite: TLS_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a1 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM_8 256 bits Suite: TLS_RSA_WITH_AES_256_CCM Suite ID: 0xc09d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM 256 bits Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a0 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM_8 128 bits Suite: TLS_RSA_WITH_AES_128_CCM Suite ID: 0xc09c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
20 Jan 2022 02:21 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.2

Shows cipher suite configuration for this protocol version.TLS v1.2 
Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 384 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
18 Jan 2022 10:46 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_256_GCM_SHA384
Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 384 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 384 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xccaa Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9f Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9e Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (DHE 4096 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_DHE_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a3 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CCM_8 256 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CCM Suite ID: 0xc09f Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CCM 256 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a2 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CCM_8 128 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CCM Suite ID: 0xc09e Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CCM 128 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x6b Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x67 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) Suite: TLS_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a1 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM_8 256 bits Suite: TLS_RSA_WITH_AES_256_CCM Suite ID: 0xc09d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM 256 bits Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a0 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM_8 128 bits Suite: TLS_RSA_WITH_AES_128_CCM Suite ID: 0xc09c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
20 Jan 2022 03:24 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_256_GCM_SHA384
Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 384 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 384 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xccaa Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9f Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9e Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (DHE 4096 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_DHE_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a3 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CCM_8 256 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CCM Suite ID: 0xc09f Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CCM 256 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a2 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CCM_8 128 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CCM Suite ID: 0xc09e Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CCM 128 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x6b Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x67 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) Suite: TLS_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a1 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM_8 256 bits Suite: TLS_RSA_WITH_AES_256_CCM Suite ID: 0xc09d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM 256 bits Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a0 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM_8 128 bits Suite: TLS_RSA_WITH_AES_128_CCM Suite ID: 0xc09c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
20 Jan 2022 10:56 UTC 
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 TLS v1.1 TLS v1.0 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_AES_256_GCM_SHA384
Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_CHACHA20_POLY1305_SHA256 Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 384 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: secp384r1 Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 384 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xccaa Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9f Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9e Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (DHE 4096 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_DHE_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a3 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CCM_8 256 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CCM Suite ID: 0xc09f Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CCM 256 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a2 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CCM_8 128 bits (DHE 4096 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CCM Suite ID: 0xc09e Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CCM 128 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x6b Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x67 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) Suite: TLS_RSA_WITH_AES_256_CCM_8 Suite ID: 0xc0a1 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM_8 256 bits Suite: TLS_RSA_WITH_AES_256_CCM Suite ID: 0xc09d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CCM 256 bits Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CCM_8 Suite ID: 0xc0a0 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM_8 128 bits Suite: TLS_RSA_WITH_AES_128_CCM Suite ID: 0xc09c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CCM 128 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
Shows cipher suite configuration for this protocol version.TLS v1.1
Server preference 
Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.0
Server preference 
Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 4096 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x39 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits (DHE 4096 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC secp384r1 (384 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 384 bits) Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x33 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: DHE_RSA Key exchange strength: 4096 bits Forward secrecy: Yes PRF: SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits (DHE 4096 bits) 
These results have been retrieved from our cache. This row indicates when was that the original test ran.Retrieved from cache 
20 Jan 2022 13:00 UTC 
A certificate is a digital document that contains a public key, some information about the entity associated with it, and a digital signature from the certificate issuer. Itâ€™s a mechanism that enables us to exchange, store, and use public keys. Being able to reliably verify the identity of a remote server is crucial in order to achieve secure encrypted communication.
Names  *.mailbox.org mailbox.org 
Subject DN  CN=*.mailbox.org 
Subject Key Identifier  67757539e587ffbbfa1396e908a1b555c861aa08 
Serial  1e8dcf204376802dea9f259c9c33ac5 
Not Before  09 Jun 2021 00:00:00 UTC 
Not After  09 Jun 2022 23:59:59 UTC 
Validity period  366 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=Thawte TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US 
Certification Authority  DigiCert 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:a58cfe32cceb0f2cd419c608b80024885dc3c5b7 
Parent Certificate  http://cacerts.thawte.com/ThawteTLSRSACAG1.crt 
CRL  http://cdp.thawte.com/ThawteTLSRSACAG1.crl 
OCSP  http://status.thawte.com 
Certificate Transparency 

Signed Certificate Timestamps 
09 Jun 2021 10:50:31 UTC
 Google 'Xenon2022' log
 Qualified
09 Jun 2021 10:50:31 UTC  DigiCert Yeti2022 Log  Not Qualified 09 Jun 2021 10:50:31 UTC  DigiCert Nessie2022 Log  Qualified 
Fingerprints 

SHA1  7bf782e8a4d9e5a1a8d088ae2888bc768276330c 
SHA256  ef8a1a3da0285fe801553b10827acb6e7fa1f01384bc329927dd37122d9cf02a 
SPKI SHA256  996ad31d65e03f038b8ec950f6f26611529da03e3a283e4400cba2edd04b8a88 
Names  *.mailbox.org mailbox.org 
Subject DN  CN=*.mailbox.org 
Subject Key Identifier  67757539e587ffbbfa1396e908a1b555c861aa08 
Serial  1e8dcf204376802dea9f259c9c33ac5 
Not Before  09 Jun 2021 00:00:00 UTC 
Not After  09 Jun 2022 23:59:59 UTC 
Validity period  366 days 
Key Usage  digitalSignature, keyEncipherment 
Extended Key Usage  serverAuth, clientAuth 
Must Staple  No 
Issuer 

Issuer DN  CN=Thawte TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US 
Certification Authority  DigiCert 
Validation Type  Domain Validation (DV) 
Authority Key Identifier  keyid:a58cfe32cceb0f2cd419c608b80024885dc3c5b7 
Parent Certificate  http://cacerts.thawte.com/ThawteTLSRSACAG1.crt 
CRL  http://cdp.thawte.com/ThawteTLSRSACAG1.crl 
OCSP  http://status.thawte.com 
Certificate Transparency 

Signed Certificate Timestamps 
09 Jun 2021 10:50:31 UTC
 Google 'Xenon2022' log
 Qualified
09 Jun 2021 10:50:31 UTC  DigiCert Yeti2022 Log  Not Qualified 09 Jun 2021 10:50:31 UTC  DigiCert Nessie2022 Log  Qualified 
Fingerprints 

SHA1  7bf782e8a4d9e5a1a8d088ae2888bc768276330c 
SHA256  ef8a1a3da0285fe801553b10827acb6e7fa1f01384bc329927dd37122d9cf02a 
SPKI SHA256  996ad31d65e03f038b8ec950f6f26611529da03e3a283e4400cba2edd04b8a88 
Subject DN  CN=Thawte TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US 
Subject Key Identifier  a58cfe32cceb0f2cd419c608b80024885dc3c5b7 
Serial  90ee8c5de5bfa62d2ae2ff7097c4857 
Not Before  02 Nov 2017 12:24:25 UTC 
Not After  02 Nov 2027 12:24:25 UTC 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Extended Key Usage  serverAuth, clientAuth 
Issuer 

Issuer DN  CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US 
Certification Authority  DigiCert 
Validation Type  Not Applicable 
Authority Key Identifier  keyid:4e2254201895e6e36ee60ffafab912ed06178f39 
CRL  http://crl3.digicert.com/DigiCertGlobalRootG2.crl 
OCSP  http://ocsp.digicert.com 
CA certificate  Yes (pathlen 0) 
Fingerprints 

SHA1  c9fefc763d9548b487696f047acba0abe45c7bc1 
SHA256  4bcc5e234fe81ede4eaf883aa19c31335b0b26e85e066b9945e4cb6153eb20c2 
SPKI SHA256  e366fd44d3a7c9bded942d0a62d34f03728aa4996eb24c94e9a1be0a2a5499a3 
Subject DN  CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US 
Subject Key Identifier  4e2254201895e6e36ee60ffafab912ed06178f39 
Serial  33af1e6a711a9a0bb2864b11d09fae5 
Not Before  01 Aug 2013 12:00:00 UTC 
Not After  15 Jan 2038 12:00:00 UTC 
Key Usage  digitalSignature, keyCertSign, cRLSign 
Issuer 

Issuer DN  CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US 
Certification Authority  DigiCert 
Validation Type  Selfsigned 
CA certificate  Yes (pathlen unlimited) 
Fingerprints 

SHA1  df3c24f9bfd666761b268073fe06d1cc8d4f82a4 
SHA256  cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f 
SPKI SHA256  8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26 
DNSbased Authentication of Named Entities (DANE) is a bridge between DNSSEC and TLS. In one possible scenario, DANE can be used for public key pinning, building on an existing publiclytrusted certificate. In another approach, it can be used to completely bypass the CA ecosystem and establish trust using DNSSEC alone.
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  4758af6f02dfb5dc8795fa402e77a8a0486af5e85d2ca60c294476aadc40b220 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  e41cc7633029afdba53744d7e5fc31ef507e592de9dfb33557bf3b9a79239446 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data 
996ad31d65e03f038b8ec950f6f26611529da03e3a283e4400cba2edd04b8a88
Leaf certificate: RSA 4096 bits 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  4758af6f02dfb5dc8795fa402e77a8a0486af5e85d2ca60c294476aadc40b220 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  e41cc7633029afdba53744d7e5fc31ef507e592de9dfb33557bf3b9a79239446 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data 
996ad31d65e03f038b8ec950f6f26611529da03e3a283e4400cba2edd04b8a88
Leaf certificate: RSA 4096 bits 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data 
996ad31d65e03f038b8ec950f6f26611529da03e3a283e4400cba2edd04b8a88
Leaf certificate: RSA 4096 bits 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  e41cc7633029afdba53744d7e5fc31ef507e592de9dfb33557bf3b9a79239446 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  4758af6f02dfb5dc8795fa402e77a8a0486af5e85d2ca60c294476aadc40b220 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data 
996ad31d65e03f038b8ec950f6f26611529da03e3a283e4400cba2edd04b8a88
Leaf certificate: RSA 4096 bits 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  e41cc7633029afdba53744d7e5fc31ef507e592de9dfb33557bf3b9a79239446 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  4758af6f02dfb5dc8795fa402e77a8a0486af5e85d2ca60c294476aadc40b220 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data 
996ad31d65e03f038b8ec950f6f26611529da03e3a283e4400cba2edd04b8a88
Leaf certificate: RSA 4096 bits 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  4758af6f02dfb5dc8795fa402e77a8a0486af5e85d2ca60c294476aadc40b220 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  e41cc7633029afdba53744d7e5fc31ef507e592de9dfb33557bf3b9a79239446 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data 
996ad31d65e03f038b8ec950f6f26611529da03e3a283e4400cba2edd04b8a88
Leaf certificate: RSA 4096 bits 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  4758af6f02dfb5dc8795fa402e77a8a0486af5e85d2ca60c294476aadc40b220 
Specifies which certificate in the chain is being pinned and how validation should be performed.Certificate Usage 
Domainissued certificate / DANEEE (3)
Creates a leaf pin for a certificate that must be present in the certificate chain. PKIX validation is not performed and the pinned certificate is assumed to be trusted. 
Determines if the association is made with a certificate or with a public key (via its SPKI structure).Selector 
SPKI structure (1) 
Determines how matching is done; directly or via a hash. Matching Type  SHA2256 (1) 
Contains the data necessary to perform the matching. Data  e41cc7633029afdba53744d7e5fc31ef507e592de9dfb33557bf3b9a79239446 
Sender Policy Framework (SPF) is a protocol that allows domain name owners to control which internet hosts are allowed to send email on their behalf. This simple mechanism can be used to reduce the effect of email spoofing and cut down on spam.
Host where this policy is located.Location  smartfixmarburg.de 
SPF version used by this policy.v  spf1 
Evaluates SPF policy specified in another DNS location. This directive is typically used to allow hosts controlled by another organization. include 
mailbox.org 
Evaluates SPF policy specified in another DNS location. This directive is typically used to allow hosts controlled by another organization. include 
_spf.smtp.com 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. ~all 
Policy text: v=spf1 include:mailbox.org include:_spf.smtp.com ~all
Location: smartfixmarburg.de
Lookups: 3
Host where this policy is located.Location  mailbox.org 
SPF version used by this policy.v  spf1 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
213.203.238.0/25 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
195.10.208.0/24 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
91.198.250.0/24 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
80.241.56.0/21 
This mechanism tests whether the IP address being tested is contained within a given IPv6 network. ip6 
2001:67c:2050::/48 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
80.241.60.0/24 
This mechanism matches if the sending IP address is one of the MX hosts for the domain name. mx 

This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. ~all 
Host where this policy is located.Location  _spf.smtp.com 
SPF version used by this policy.v  spf1 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
192.40.160.0/19 
This mechanism tests whether the IP address being tested is contained within a given IPv4 network. ip4 
74.91.80.0/20 
This policy element always matches. It's normally used at the end of a policy to specify the handling of hosts that don't match earlier mechanisms. ~all 
Domainbased Message Authentication, Reporting, and Conformance (DMARC) is a scalable mechanism by which a mailoriginating organization can express domainlevel policies and preferences for message validation, disposition, and reporting, that a mailreceiving organization can use to improve mail handling.
The location from which we obtained this policy.Policy location  _dmarc.smartfixmarburg.de 
DMARC version used by this policy.v  DMARC1 
Indicates the policy to be enacted by the receiver at the request of the domain owner. Possible values are: none, quarantine, and reject.p 
reject 
Percentage of messages from mail stream to which the DMARC policy is to be applied.pct 
100 
Addresses to which aggregate feedback is to be sent.rua  mailto:re+udpvhnfoskd@dmarc.postmarkapp.com 
Policy: v=DMARC1; p=reject; pct=100; rua=mailto:re+udpvhnfoskd@dmarc.postmarkapp.com;
Host: _dmarc.smartfixmarburg.de
Permission record location: smartfixmarburg.de._report._dmarc.dmarc.postmarkapp.com
External destination: mailto:re+udpvhnfoskd@dmarc.postmarkapp.com
Permission record contents: v=DMARC1;
SMTP Mail Transfer Agent Strict Transport Security (MTASTS) is a mechanism enabling mail service providers to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections, and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.
SMTP TLS Reporting (RFC 8460), or TLSRPT for short, describes a reporting mechanism and format by which systems sending email can share statistics and specific information about potential failures with recipient domains. Recipient domains can then use this information to both detect potential attacks and diagnose unintentional misconfigurations. TLSRPT can be used with DANE or MTASTS.
To observe your HTTP implementation, we submit a request to the homepage of your site on port 80, follow all redirections (even when they take us to other domain names), and record the returned HTTP headers.
Header value: PHP/7.4.27
Header name: xpoweredby
Header value: PHP/7.4.27
Header name: xpoweredby
To observe your HTTPS implementation, we submit a request to the homepage of your site on port 443, follow all redirections (even when they take us to other domain names), and record the returned HTTP headers. We use the most recent set of headers returned from the tested hostname for further tests such as HSTS and HPKP.
Header value: PHP/7.4.27
Header name: xpoweredby
Header value: PHP/7.4.27
Header name: xpoweredby
Transport Layer Security (TLS) is the most widely used encryption protocol on the Internet. In combination with valid certificates, servers can establish trusted communication channels even with users who have never visited them before. Network attackers can't uncover what is being communicated, even when they can see all the traffic.
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Suite ID: 0xc014 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0x9d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Suite: TLS_RSA_WITH_AES_256_CBC_SHA Suite ID: 0x35 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0xc027 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Suite ID: 0x3c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Suite ID: 0xc028 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Suite ID: 0x3d Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits 
SCT transports: CERT
SCT transports: CERT
Encryption protocol version determines what features are available for negotiation between client and server.Supported protocols 
TLS v1.3
TLS v1.2 
Servers should always enforce their own cipher suite preference, as that is the only approach that guarantees that the best possible suite is selected.Server suite preference 

Shows cipher suite configuration for this protocol version.TLS v1.3
Server preference 
Suite: TLS_CHACHA20_POLY1305_SHA256
Suite ID: 0x1303 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_AES_128_GCM_SHA256 Suite ID: 0x1301 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_AES_256_GCM_SHA384 Suite ID: 0x1302 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ecdh_x25519 Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA384 TLS_AES_256_GCM_SHA384 256 bits (ECDHE 256 bits) 
Shows cipher suite configuration for this protocol version.TLS v1.2
Server preference 
Suite: AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Suite ID: 0xcc13 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 AGL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Suite ID: 0xcca8 Cipher name: CHACHA20 Cipher strength: 256 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0xc02f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits (ECDHE 256 bits) Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Suite ID: 0xc013 Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: ECDHE_RSA Key exchange strength: EC ecdh_x25519 (256 bits) Forward secrecy: Yes PRF: SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits (ECDHE 256 bits) Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 Suite ID: 0x9c Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Suite: TLS_RSA_WITH_AES_128_CBC_SHA Suite ID: 0x2f Cipher name: AES Cipher strength: 128 bits Cipher block size: 128 bits Cipher mode: CBC Key exchange: RSA Key exchange strength: 2048 bits Forward secrecy: No (WEAK) PRF: SHA TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Suite ID: 0xc030 Cipher name: AES Cipher strength: 256 bits Cipher block size: 128 bits Cipher mode: AEAD Key exchange: ECDHE_RSA Key exchange strength: EC e 