Even if your certificate is valid or TLS is active, this could still mean your server poses security risks. We can use a simple yet effective tool called “testssl.sh” to test your server’s security. You can use it by pulling it into a Linux.
Bash
git clone https://github.com/testssl/testssl.shThen all you need to do is simply run the script as follows after navigating to the downloaded file.
Bash
cd testssl.sh
./testssl.sh alirodoplu.comYou can customize the command based on the port your server is serving on. For example, for a server serving on port 44365, you can run the script as follows.
Bash
./testssl.sh alirodoplu.com:44365Or you can also use IP for tests.
If we examine the output step by step;
First of all, it provides us with general information as follows.
Overall Grade: A-
ShellScript
Tool: testssl.sh version 3.3dev
Service: HTTP
Server: IP: 92.205.175.59
Server Software: Apache
Certificate: Provider: Let's Encrypt (R13)
Overall Grade: A-
Grade warning: TLS 1.3 is not supportedContinue to analysis,
ShellScript
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 not offered and downgraded to a weaker protocol
QUIC not offered or timed out
NPN/SPDY not offered
ALPN/HTTP2 h2, http/1.1 (offered)It is good that SSLv2, SSLv3, TLS 1, TLS1.1 are not offered on the server side, because these are relatively weak protocols.
Now let’s examine which cipher categories the server supports.
ShellScript
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered
Obsoleted CBC ciphers (AES, ARIA etc.) offered
Strong encryption (AEAD ciphers) with no FS offered (OK)
Forward Secrecy strong encryption (AEAD ciphers) offered (OK)- Null ciphers should not be offered because traffic transmitted without encryption is insecure.
- Export ciphers are also extremely breakable ciphers today.
- DES, RC4 and MD5 based ciphers are not offered either, so this is good news.
- Although 3DES was secure in the past, it is now considered insecure and is not offered.
- CBCs should not be used because they are susceptible to timing attacks. They should not have been offered here.
- It is good to use AEDA and Forward secrecy cipher sets because they are considered secure.
- It is also important that FS is active because even if the key is leaked, past traffic cannot be decrypted with the same key.
Let’s continue,
ShellScript
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
-
SSLv3
-
TLSv1
-
TLSv1.1
-
TLSv1.2 (server order)
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
xc028 ECDHE-RSA-AES256-SHA384 ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
xc027 ECDHE-RSA-AES128-SHA256 ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
xc014 ECDHE-RSA-AES256-SHA ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
xc013 ECDHE-RSA-AES128-SHA ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
x67 DHE-RSA-AES128-SHA256 DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
x33 DHE-RSA-AES128-SHA DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xccaa DHE-RSA-CHACHA20-POLY1305 DH 2048 ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xc0a3 DHE-RSA-AES256-CCM8 DH 2048 AESCCM8 256 TLS_DHE_RSA_WITH_AES_256_CCM_8
xc09f DHE-RSA-AES256-CCM DH 2048 AESCCM 256 TLS_DHE_RSA_WITH_AES_256_CCM
xc061 ECDHE-ARIA256-GCM-SHA384 ECDH 253 ARIAGCM 256 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
xc053 DHE-RSA-ARIA256-GCM-SHA384 DH 2048 ARIAGCM 256 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
xc0a2 DHE-RSA-AES128-CCM8 DH 2048 AESCCM8 128 TLS_DHE_RSA_WITH_AES_128_CCM_8
xc09e DHE-RSA-AES128-CCM DH 2048 AESCCM 128 TLS_DHE_RSA_WITH_AES_128_CCM
xc060 ECDHE-ARIA128-GCM-SHA256 ECDH 253 ARIAGCM 128 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
xc052 DHE-RSA-ARIA128-GCM-SHA256 DH 2048 ARIAGCM 128 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
xc077 ECDHE-RSA-CAMELLIA256-SHA384 ECDH 253 Camellia 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
xc4 DHE-RSA-CAMELLIA256-SHA256 DH 2048 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
xc076 ECDHE-RSA-CAMELLIA128-SHA256 ECDH 253 Camellia 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
xbe DHE-RSA-CAMELLIA128-SHA256 DH 2048 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
x88 DHE-RSA-CAMELLIA256-SHA DH 2048 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
x45 DHE-RSA-CAMELLIA128-SHA DH 2048 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
xc0a1 AES256-CCM8 RSA AESCCM8 256 TLS_RSA_WITH_AES_256_CCM_8
xc09d AES256-CCM RSA AESCCM 256 TLS_RSA_WITH_AES_256_CCM
xc051 ARIA256-GCM-SHA384 RSA ARIAGCM 256 TLS_RSA_WITH_ARIA_256_GCM_SHA384
xc0a0 AES128-CCM8 RSA AESCCM8 128 TLS_RSA_WITH_AES_128_CCM_8
xc09c AES128-CCM RSA AESCCM 128 TLS_RSA_WITH_AES_128_CCM
xc050 ARIA128-GCM-SHA256 RSA ARIAGCM 128 TLS_RSA_WITH_ARIA_128_GCM_SHA256
xc0 CAMELLIA256-SHA256 RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
xba CAMELLIA128-SHA256 RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLSv1.3The ciphers above are the ciphers that the server supports with TLS 1.2.
The following are the strongest cipher combinations because they support FS + AEDA.
ECDHE-RSA-AES256-GCM-SHA384ECDHE-RSA-AES128-GCM-SHA256DHE-RSA-AES256-GCM-SHA384ECDHE-RSA-CHACHA20-POLY1305DHE-RSA-CHACHA20-POLY1305ECDHE-RSA-ARIA256/128-GCM-SHA384/SHA256DHE-RSA-ARIA256/128-GCM-SHA384/SHA256
The following are in CBC mode and are not considered very reliable today.
ECDHE-RSA-AES256-SHA384ECDHE-RSA-AES128-SHA256DHE-RSA-AES256-SHA256ECDHE-RSA-CAMELLIA256-SHA384DHE-RSA-ARIA128/256-CBCTLS_RSA_WITH_AES_128_CBC_SHA,...AES_256_CBC_SHA,...CAMELLIA...
The following are also RSA-based and do not have FS. Therefore, they should not be preferred.
TLS_RSA_WITH_AES_256_GCM_SHA384TLS_RSA_WITH_AES_128_GCM_SHA256TLS_RSA_WITH_CAMELLIA_256_CBC_SHATLS_RSA_WITH_ARIA_128_GCM_SHA256
ShellScript
Has server cipher order? yes (OK)
Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
FS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305
DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA
ECDHE-RSA-CAMELLIA256-SHA384 DHE-RSA-CAMELLIA256-SHA256 DHE-RSA-CAMELLIA256-SHA
DHE-RSA-ARIA256-GCM-SHA384 ECDHE-ARIA256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA
ECDHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA
DHE-RSA-ARIA128-GCM-SHA256 ECDHE-ARIA128-GCM-SHA256
Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448
DH group offered: RFC3526/Oakley Group 14 (2048 bits)
TLS 1.2 sig_algs offered: RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384
RSA+SHA512 RSA+SHA224 RSA+SHA1This part tests the server’s support for TLS key exchange, cipher sequencing, and Forward Secrecy.
- “Has server cipher order? yes (OK)” means that the server imposes its own cipher order, which is nice because the order is not determined by the client and thus the weak cipher is not offered by the client.
- We can see that FS is also recommended, which is nice.
- Strong FS supported ciphers and elliptic curve set are recommended.
ShellScript
Testing server defaults (Server Hello)
TLS extensions (standard) "server name/#0" "max fragment length/#1" "EC point formats/#11"
"application layer protocol negotiation/#16" "encrypt-then-mac/#22"
"extended master secret/#23" "session ticket/#35" "renegotiation info/#65281"
Session Ticket RFC 5077 hint 300 seconds, session tickets keys seems to be rotated < daily
SSL Session ID support yes
Session Resumption Tickets: yes, ID: yes
TLS clock skew Random values, no fingerprinting possible
Client Authentication none
Signature Algorithm SHA256 with RSA
Server key size RSA 2048 bits (exponent is 65537)
Server key usage Digital Signature, Key Encipherment
Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication
Serial 05341F531FC1C0E5ADCA0488DA757E81182F (OK: length 18)
Fingerprints SHA1 1F8537C2CF207CB54CC90DDDC287D23525D333CB
SHA256 9D2E25DA76DCDEFA45A6570E34886C485E11F10237C91ABE6867B2732C3D661D
Common Name (CN) webdisk.alirodoplu.com (CN in response to request w/o SNI: *.prod.sxb1.secureserver.net )
subjectAltName (SAN) alirodoplu.com autodiscover.alirodoplu.com cpanel.alirodoplu.com mail.alirodoplu.com
webdisk.alirodoplu.com webmail.alirodoplu.com www.alirodoplu.com
Trust (hostname) Ok via SAN (SNI mandatory)
wildcard certificate could be problematic, see other hosts at
https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=9D2E25DA76DCDEFA45A6570E34886C485E11F10237C91ABE6867B2732C3D661D
Chain of trust Ok
EV cert (experimental) no
Certificate Validity (UTC) 75 >= 30 days (2025-10-02 02:49 --> 2025-12-31 02:49)
ETS/"eTLS", visibility info not present
Certificate Revocation List http://r13.c.lencr.org/48.crl
OCSP URI --
OCSP stapling not offered
OCSP must staple extension --
DNS CAA RR (experimental) not offered
Certificate Transparency yes (certificate extension)
Certificates provided 2
Issuer R13 (Let's Encrypt from US)
Intermediate cert validity #1: ok > 40 days (2027-03-12 23:59). R13 <-- ISRG Root X1
Intermediate Bad OCSP (exp.) Ok
Testing HTTP header response @ "/"
HTTP Status Code 301 Moved Permanently, redirecting to "https://www.alirodoplu.com/"
HTTP clock skew -1 sec from localtime
Strict Transport Security not offered
Public Key Pinning --
Server banner Apache
Application banner X-Powered-By: PHP/7.4.33
Cookie(s) (none issued at "/") -- maybe better try target URL of 30x
Security headers Upgrade: h2,h2c
Reverse Proxy banner --We can see that the server supports secure TLS extensions such as:
- “encrypt-then-mac”
- “extended master secret”
- “ALPN”
- “renegotiation info”
The server also supports daily rotation of keys in a FS-compatible manner.
CN: webdisk.alirodoplu.com
SAN: alirodoplu.com, mail.alirodoplu.com, www.alirodoplu.com vb.
Trust (hostname): OK via SAN
- We can also see the server certificate and authentication.
- SAN is correctly defined.
- Chain is valid via Let’s Encrypt -> ISRF Root X1.
However, a wildcard certificate is visible, which can sometimes be a problem. You should check whether other domains are also using it.
Also,
- No OSCP Stapling
- No DNS CAA records
- Some HTTP security headers are missing, no HSTS, etc.
ShellScript
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)
Opossum (CVE-2025-49812) not vulnerable (OK)
ROBOT not vulnerable (OK)
Secure Renegotiation (RFC 5746) supported (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) potentially NOT ok, "br" HTTP compression detected. - only supplied "/" tested
Can be ignored for static pages or if no secrets in the page
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=9D2E25DA76DCDEFA45A6570E34886C485E11F10237C91ABE6867B2732C3D661D
LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: RFC3526/Oakley Group 14 (2048 bits),
but no DH EXPORT ciphers
BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1
LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
Winshock (CVE-2014-6321), experimental not vulnerable (OK) - ARIA, CHACHA or CCM ciphers found
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)This part tests whether the server is vulnerable to known TLS/SSL attacks.
The attack is largely secure and none of the old vulnerabilities are active. It is only necessary to pay attention to one or two vulnerabilities such as BREACH.
ShellScript
Rating (experimental)
Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009r from 2025-05-16)
Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
Protocol Support (weighted) 100 (30)
Key Exchange (weighted) 90 (27)
Cipher Strength (weighted) 90 (36)
Final Score 93
Overall Grade A-
Grade warning TLS 1.3 is not supportedFinally, a general summary is presented, and based on three categories, such as
- Protocol Support
- Key Exchange
- Cipher Strength
the server receives a score of 93. This corresponds to an A- grade.
The most important caveat here is that TLS 1.3 is not actually supported by the server.
Leave a Reply