www.practicalxenserver.org

Score 75/100

Web site information

Website image www.practicalxenserver.org
IP Address
Font Scripts
Google Font API
Web Servers
Nginx
Hosting Panels
Plesk
CMS
WordPress
JavaScript Frameworks
jQuery
Programming Languages
PHP

SEO data

Lighthouse

Performance
0/100
Accessibility
0/100
Best Practices
0/100
SEO
0/100
PWA
0/100

Web site external calls

fonts.googleapis.com
crt.comodoca.com

Protocols

SSLv2
not offered
SSLv3
not offered
TLS 1.0
offered (deprecated)
TLS 1.1
offered (deprecated)
TLS 1.2
offered
TLS 1.3
not offered + downgraded to weaker protocol
ALPN
not offered

Vulnerabilities

heartbleed
not vulnerable , timed out
CCS
not vulnerable
ticketbleed
not vulnerable, returned potential memory fragments do not differ
ROBOT
not vulnerable
SSL renegotiation
supported
SSL client renegotiation
not vulnerable
CRIME TLS
not vulnerable
BREACH
not vulnerable, no HTTP compression - only supplied '/' tested
POODLE SSL
not vulnerable, no SSLv3
fallback SCSV
supported
SWEET32
uses 64 bit block ciphers
FREAK
not vulnerable
DROWN
not vulnerable on this host and port
DROWN hint
Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=5F0A6421E460CD20B11BB1E1F189D5E45BB4CA9286556F9F66EF79917BE7641D
LOGJAM
not vulnerable, no DH EXPORT ciphers,
LOGJAM-common primes
no DH key with <= TLS 1.2
BEAST
VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)
LUCKY13
potentially vulnerable, uses TLS CBC ciphers
RC4
not vulnerable

Header Responses

Status code
200 OK ('/')
Clock skew
0 seconds from localtime
HSTS
not offered
HPKP
No support for HTTP Public Key Pinning
security headers
--

Server Defaults

TLS extensions
'server name/#0' 'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'heartbeat/#15' 'next protocol/#13172'
TLS session ticket
valid for 300 seconds only (<daily)
SSL sessionID support
yes
Session Ticket Resumption
supported
Session ID Resumption
not supported
TLS timestamp
off by -1 seconds from your localtime
cert numbers
1
Signature algorithm
SHA256 with RSA
Key size
RSA 2048 bits
Key usage
Digital Signature, Key Encipherment
Extended key usage
TLS Web Server Authentication, TLS Web Client Authentication
Serial number
9C6CA15EAFB167E2AF2DBD63653E7051
cert serialNumberLen
16
Fingerprint SHA1
B2CA95479CDDC6A502CFB670F884E2DDAA197AD6
Fingerprint SHA256
5F0A6421E460CD20B11BB1E1F189D5E45BB4CA9286556F9F66EF79917BE7641D
Certificate details
-----BEGIN CERTIFICATE----- MIIG6jCCBdKgAwIBAgIRAJxsoV6vsWfiry29Y2U+cFEwDQYJKoZIhvcNAQELBQAw gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg Q0EwHhcNMTgxMjE4MDAwMDAwWhcNMjEwMzE3MjM1OTU5WjBaMSEwHwYDVQQLExhE b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMR8w HQYDVQQDExZwcmFjdGljYWx4ZW5zZXJ2ZXIub3JnMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAszYMHWB6JuKaTTdmKG5MIg8QdNrdCc3iCKwIUWeFQCrr GpViPxyY54Y6+wYPsQF0To7qtq7pfbERTB44MrVH036uIaaNzMhhhXILmkrmo0ZI 2AzgEyXa6TlnLvF1aowHDgknXPPkflKgwOFtD1ITZZMQEgGOPL+e9hGK+jcU9WFN W4FyZgf0Uh1c9FKIVkcfLhX1CHNqo/8EGhMRF2E1M+2e2MUn19LImsHnXGtuZt25 saxsROtAThoTWeSm7+PHezHiGdBGPjOUeOyzb4DsQJE2xhI3YllKpW41BV2UTB0t bYpfIurAzKqkE5TiuLDBD1oebXTeYep/pW3BZUrOCwIDAQABo4IDcjCCA24wHwYD VR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFE1+WjndZyAr ImWf25JVo2Kx5vt8MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEB AgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BT MAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2Nh LmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3Js MIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2Rv Y2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA9BgNVHREE NjA0ghZwcmFjdGljYWx4ZW5zZXJ2ZXIub3Jnghp3d3cucHJhY3RpY2FseGVuc2Vy dmVyLm9yZzCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYAu9nfvB+KcbWTlCOX qpJ7RzhXlQqrUugakJZkNo4e0YUAAAFnv5U4MgAABAMARzBFAiABKQ70jPwfrrii FCpi7jbu8tbxKxu0Lqx1qTEDLY8K+wIhAPMIEjfpYb1CpE6VJsSIIVCmOWqRjJOe jFS6G8jkJEuPAHcARJRlLrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFn v5U4dgAABAMASDBGAiEAmkwQukmszrmZfM8MEc8Qy2cC1QA5yTZKbqbAfxBgqZ0C IQDxdmZw13elqggI2ijBLuDO/fRqf1gs1OMOiM8jDRjJhwB2AFzcQ5L+5qtFRLFe mtRW5hA3+9X6R9yhc5SyXub2xw7KAAABZ7+VOlcAAAQDAEcwRQIhAKxcihNDNlHK B9xwvOyus23Se5ibWFGs9cBvbiTCYi3sAiARP8WMmf+C0/y9yNptsASQH/Y9Uo5a mXlaNXcyqQoq8DANBgkqhkiG9w0BAQsFAAOCAQEAK0aLVTw25A56vSUhNmQtmy6D kJJvuv0fcXRdX+MPbusJRBI5W1mDTwRe9MlCrdSfV2+dOcZRLeOY4m8jQuAtfJ2s 0yne0bpyK5yt9pTA6T1KfMOAm3lBlETjihcAq6Ed6WBgstBsDtYKDGZF8/bcyGJp ms/onRM8tdHh9dGW24aOMjyeGBB1jUpEfRLk4O9f1u7+ztdNj+fBl6bu1fUV2FeE gLO8MTFDW8tZPsIJOmA/nB2MZpkp+RmrdJBs0CaEpkv/GkqNI+ABCXFuDxIsvwzD BDAXBJyAJAXX91eJXrc1PtThD6lcHFSCo+OV3IAFa1jXdpmhJXJ7EFiNsNa1sw== -----END CERTIFICATE-----
Common names
practicalxenserver.org
Service Name Indication
www.rocket-powered.com
SubjectAlternative Name
practicalxenserver.org www.practicalxenserver.org
Certificate authority issuers
COMODO RSA Domain Validation Secure Server CA (COMODO CA Limited from GB)
Certificate trusted
Ok via SAN (SNI mandatory)
Certificate chain trusted
failed (expired).
Is certificate Extended Validation
no
cert eTLS
not present
cert expirationStatus
expired
Valid from
2018-12-18 00:00
Valid until
2021-03-17 23:59
cert validityPeriod
No finding
Chain
3
certs list ordering problem
no
cert crlDistributionPoints
http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
Online Certificate Status Protocol URL
http://ocsp.comodoca.com
OCSP stapling
not offered
cert mustStapleExtension
--
DNS CAArecord
--
certificate transparency
yes (certificate extension)

Server Preferences

order
server
Which protocol negotiated
Default protocol TLS1.2
negotiated
ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
order TLSv1
ECDHE-RSA-AES256-SHA
order TLSv1 1
ECDHE-RSA-AES256-SHA
order TLSv1 2
ECDHE-RSA-AES256-GCM-SHA384

Perfect Forward Secrecy

PFS
offered
PFS s
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
PFS ECDHE curves
prime256v1

Ciphers

ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(0xc030)
ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
(0xc028)
ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(0xc014)
AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
(0x9d)
AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
(0x3d)
AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
(0x35)
CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
(0x84)
ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(0xc02f)
ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(0xc027)
ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(0xc013)
AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
(0x9c)
AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
(0x3c)
AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
(0x2f)
CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
(0x41)
ECDHE-RSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
(0xc012)
DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
(0x0a)

Browser Simulations

Android 4.4.2
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Android 5.0.0
TLSv1.2 ECDHE-RSA-AES256-SHA
Android 6.0
TLSv1.2 ECDHE-RSA-AES256-SHA
Android 7.0
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-android 81
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-android 90
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-android X
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-chrome 74 win10
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-chrome 79 win10
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-firefox 66 win81
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-firefox 71 win10
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Windows XP Internet Explorer 6
No connection
Windows 7 Internet Explorer 8
TLSv1.0 ECDHE-RSA-AES256-SHA
Windows XP Internet Explorer 8
TLSv1.0 DES-CBC3-SHA
Windows 7 Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES256-SHA384
Windows 8.1 Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES256-SHA384
clientsimulation-ie 11 winphone81
TLSv1.2 ECDHE-RSA-AES256-SHA
Windows 10 Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-edge 15 win10
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-edge 17 win10
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-opera 66 win10
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-safari 9 ios9
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
MacOSX 10.11 Safari 9
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
MacOSX 10.12 Safari 10
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-safari 121 ios 122
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-safari 130 osx 10146
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
iOS 9 App Transport Security 9
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Java 6 update 45
TLSv1.0 AES128-SHA
Java 7 update 25
TLSv1.0 ECDHE-RSA-AES128-SHA
clientsimulation-java 8u161
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-java1102
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-java1201
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
OpenSSL 1.0.2e
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-openssl 110l
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-openssl 111d
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
clientsimulation-thunderbird 68 3 1
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384