SSL/TLS Capabilities of Your Browser
User Agent: CCBot/2.0 (https://commoncrawl.org/faq/)

Protocol Support
Please wait, checking protocol support...
CVE-2020-0601 (CurveBall) Vulnerability
Please wait, checking if your user agent is vulnerable...
For more information about the CVE-2020-0601 (CurveBall) Vulnerability, please go to CVE-2020-0601.
To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site.
Logjam Vulnerability
Please wait, checking if your user agent is vulnerable...
For more information about the Logjam attack, please go to weakdh.org.
To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site.
FREAK Vulnerability
Please wait, checking if your user agent is vulnerable...
For more information about the FREAK attack, please go to www.freakattack.com.
To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site.
POODLE Vulnerability
Please wait, checking if your user agent is vulnerable...
For more information about the POODLE attack, please read this blog post.
SSL 2 Protocol Support
Your user agent supports SSL 2. You should upgrade.
SSL 2 is a very old, obsolete, and insecure version of the SSL protocol. You can usually disable this protocol version in configuration, but modern clients don't support it at all. This really means that you should upgrade your software to a better version.
iOS and OS X TLS Authentication Vulnerability
Please wait, checking if your user agent is vulnerable...
To test manually, click here. If your user agent refuses to connect, you are not vulnerable. This test requires a connection to the SSL Labs server on port 10443. A strict outbound firewall might interfere. You should test Safari running on iOS or OS X. Chrome and Firefox are not vulnerable, even when running on a vulnerable operating system. MORE »
Protocol Features
Protocols
TLS 1.3 Yes
TLS 1.2 Yes*
TLS 1.1 Yes*
TLS 1.0 Yes*
SSL 3 Yes*
SSL 2 No
(*) Without JavaScript, this test reliably detects only the highest supported protocol.


Cipher Suites (in order of preference)
TLS_AES_256_GCM_SHA384 (0x1302)   Forward Secrecy 256
TLS_AES_128_GCM_SHA256 (0x1301)   Forward Secrecy 128
TLS_CHACHA20_POLY1305_SHA256 (0x1303)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)  WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)  WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)  WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)  WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)  WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)  WEAK 128
(1) When a browser supports SSL 2, its SSL 2-only suites are shown only on the very first connection to this site. To see the suites, close all browser windows, then open this exact page directly. Don't refresh.


Protocol Details
Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets No
OCSP stapling Yes
Signature algorithms SHA256/ECDSA, SHA384/ECDSA, SHA512/ECDSA, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, Unknown (0x8)/Unknown (0x9), Unknown (0x8)/Unknown (0xa), Unknown (0x8)/Unknown (0xb), SHA256/RSA, SHA384/RSA, SHA512/RSA, SHA256/DSA, SHA224/ECDSA, SHA224/RSA, SHA224/DSA, SHA1/ECDSA, SHA1/RSA, SHA1/DSA
Named Groups x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
Next Protocol Negotiation No
Application Layer Protocol Negotiation Yes   h2 http/1.1
SSL 2 handshake compatibility No