How's My SSL?

Your SSL client is Bad.

Check out the sections below for information about the SSL/TLS client you used to render this page.

Yeah, we really mean "TLS", not "SSL".

Version

Bad Your client is using TLS 1.0, which is very old, possibly susceptible to the BEAST attack, and doesn't have the best cipher suites available on it. Additions like AES-GCM, and SHA256 to replace MD5-SHA-1 are unavailable to a TLS 1.0 client as well as many more modern cipher suites.

Learn More

Ephemeral Key Support

Good Ephemeral keys are used in some of the cipher suites your client supports. This means your client may be used to provide forward secrecy if the server supports it. This greatly increases your protection against snoopers, including global passive adversaries who scoop up large amounts of encrypted traffic and store them until their attacks (or their computers) improve.

Learn More

Session Ticket Support

Improvable Session tickets are not supported in your client. Without them, services will have a harder time making your client's connections fast. Generally, clients with ephemeral key support get this for free.

Learn More

TLS Compression

Good Your TLS client does not attempt to compress the settings that encrypt your connection, avoiding information leaks from the CRIME attack.

Learn More

BEAST Vulnerability

Bad Your client is open to the BEAST attack. It's using TLS 1.0 or earlier while also supporting a cipher suite that uses Cipher-Block Chaining and doesn't implement the 1/n-1 record splitting mitigation. That combination will leak information.

Learn More

Insecure Cipher Suites

Bad Your client supports cipher suites that are known to be insecure:

  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: This cipher use RC4 which has insecure biases in its output.
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA: This cipher use RC4 which has insecure biases in its output.
  • TLS_ECDH_ECDSA_WITH_RC4_128_SHA: This cipher use RC4 which has insecure biases in its output.
  • TLS_ECDH_RSA_WITH_RC4_128_SHA: This cipher use RC4 which has insecure biases in its output.
  • TLS_RSA_WITH_RC4_128_MD5: This cipher use RC4 which has insecure biases in its output.
  • TLS_RSA_WITH_RC4_128_SHA: This cipher use RC4 which has insecure biases in its output.

Learn More

Given Cipher Suites

The cipher suites your client said it supports, in the order it sent them, are:

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA
  • TLS_RSA_WITH_RC4_128_SHA
  • TLS_ECDH_ECDSA_WITH_RC4_128_SHA
  • TLS_ECDH_RSA_WITH_RC4_128_SHA
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_RC4_128_MD5
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Learn More