The security settings and config default not ok anymore now intermedi..

ikkeben

Verified User
Joined
May 22, 2014
Messages
1,552
Location
Netherlands Germany
Sorry but this is nog good default settings DA and config port 21, 465 and 443 a RED D
Here some info's about scan config is intermedi..


:

D
is the overall score for

Crypto on this site is broken and is likely not to provide enough security.



down arrow
Crypto Services Discovered
Below we list all of the machines detected. For each machine, we list the cryptographic services found. For each service, we give the reasons behind the grading. To see the full details of the cryptography offered by a service, click on "show details".


TLS FTP (port 21)
Rules applicable 17
D
A A! B C D F
12 1 0 3 1 0

SSH (port 22)
Rules applicable 0
A
A A! B C D F
0 0 0 0 0 0

TLS HTTP (port 443)
Rules applicable 17
D
A A! B C D F
14 1 0 1 1 0

TLS SMTP (port 465)
Rules applicable 17
D
A A! B C D F
14 1 0 1 1 0
TLS (port 21 – FTP)
Show scan details
D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: serverAuth, clientAuth.
Context
Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R9: Prefer AES or ChaCha20
Trigger The server can encrypt bulk data with a mechanism that is not AES, ChaCha20, Camellia or ARIA.
Context
Recommendation R9 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context
Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server can hash data with a hash function that is not of the SHA-2 family.
Context
Recommendation R11 (ANSSI recommendations for TLS)

R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context
Recommendation R3 (ANSSI recommendations for TLS)


D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: serverAuth, clientAuth.
Context
Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context
Recommendation R10 (ANSSI recommendations for TLS)


R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context
Recommendation R3 (ANSSI recommendations for TLS)


TLS (port 465 – SMTP)
Show scan details
D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: serverAuth, clientAuth.
Context
Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context
Recommendation R10 (ANSSI recommendations for TLS)


R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context
Recommendation R3 (ANSSI recommendations for TLS)



TLS FTP (port 21)
Rules applicable 17
D
A A! B C D F
12 1 0 3 1 0

SSH (port 22)
Rules applicable 0
A
A A! B C D F
0 0 0 0 0 0

TLS HTTP (port 443)
Rules applicable 17
D
A A! B C D F
14 1 0 1 1 0

TLS SMTP (port 465)
Rules applicable 17
D
A A! B C D F
14 1 0 1 1 0
TLS (port 21 – FTP)
Show scan details
D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: serverAuth, clientAuth.
Context
Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R9: Prefer AES or ChaCha20
Trigger The server can encrypt bulk data with a mechanism that is not AES, ChaCha20, Camellia or ARIA.
Context
Recommendation R9 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context
Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server can hash data with a hash function that is not of the SHA-2 family.
Context
Recommendation R11 (ANSSI recommendations for TLS)




D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: serverAuth, clientAuth.
Context
Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context
Recommendation R10 (ANSSI recommendations for TLS)



D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: serverAuth, clientAuth.
Context
Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context
Recommendation R10 (ANSSI recommendations for TLS)
 
Back
Top