Analysis

SSL Labs logo
Home Projects Qualys.com Contact

You are here: Home > Projects > SSL Server Test > gocpg.com > 104.18.35.232
SSL Report: gocpg.com (104.18.35.232)
Assessed on: Sat, 27 Jun 2015 16:40:15 UTC | HIDDEN | Clear cache
Summary
Overall Rating
A
Scan Another
0
20
40
60
80
100
Certificate
100
Protocol Support
95
Key Exchange
90
Cipher Strength
PRO version
Are you a developer? Try out the HTML to PDF API
pdfcrowd.com
90
Visit our documentation page for more information, configuration guides, and books. Known issues are documented
here.
This site works only in browsers with SNI support.
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
Authentication
Server Key and Certificate #1

Common names
sni117280.cloudflaressl.com
Prefix handling
Both (with and without WWW)
Valid from
Tue, 23 Jun 2015 00:00:00 UTC
Valid until
Sun, 08 May 2016 23:59:59 UTC (expires in 10 months and 11 days)
Key
EC 256 bits
Weak key (Debian)
No
Issuer
COMODO ECC Domain Validation Secure Server CA 2
Signature algorithm
SHA256withECDSA
Extended Validation
No
Certificate Transparency No
Revocation information CRL, OCSP
Revocation status
Good (not revoked)
Trusted
Yes
PRO version
pdfcrowd.com
Additional Certificates (if supplied)

Certificates provided 3 (3315 bytes)
Chain issues
None
#2
Subject
Fingerprint: 75cfd9bc5cefa104ecc1082d77e63392ccba5291
Valid until
Mon, 24 Sep 2029 23:59:59 UTC (expires in 14 years and 2 months)
Key
EC 256 bits
Issuer
COMODO ECC Certification Authority
Signature algorithm SHA384withECDSA
#3
Subject
Fingerprint: ae223cbf20191b40d7ffb4ea5701b65fdc68a1ca
Valid until
Sat, 30 May 2020 10:48:38 UTC (expires in 4 years and 11 months)
Key
EC 384 bits
Issuer
AddTrust External CA Root
Signature algorithm SHA384withRSA
Certification Paths
Path #1: Trusted
1
PRO version
Sent by server
Fingerprint: 75f57e587a6407e2d509cbdd668d915151a5d2c5
EC 256 bits / SHA256withECDSA
pdfcrowd.com
Sent by server
In trust store

COMODO ECC Certification Authority Self-signed
Fingerprint: 9f744e9f2b4dbaec0f312c50b6563b8e2d93c311
Path #2: Trusted

1
Sent by server
Sent by server
Sent by server
In trust store
Fingerprint: 75f57e587a6407e2d509cbdd668d915151a5d2c5
Fingerprint: ae223cbf20191b40d7ffb4ea5701b65fdc68a1ca
EC 384 bits / SHA384withRSA
AddTrust External CA Root Self-signed
Fingerprint: 02faf3e291435468607857694df5e45b68851868
RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate
Configuration
Protocols
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No
PRO version
pdfcrowd.com
Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) ECDH 256 bits (eq. 3072 bits RSA) FS
128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) ECDH 256 bits (eq. 3072 bits RSA) FS
128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH 256 bits (eq. 3072 bits RSA) FS
128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) ECDH 256 bits (eq. 3072 bits RSA) FS
256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) ECDH 256 bits (eq. 3072 bits RSA) FS
256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ECDH 256 bits (eq. 3072 bits RSA) FS
256
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) ECDH 256 bits (eq. 3072 bits RSA) FS
112
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14) ECDH 256 bits (eq. 3072 bits RSA) FS 256
Handshake Simulation
Android 2.3.7 No SNI 2
Android 4.0.4
Android 4.1.1
Android 4.2.2
Android 4.3
Android 4.4.2
Android 5.0.0
Baidu Jan 2015
BingPreview Jan 2015
Chrome 42 / OS X R
PRO version
Protocol or cipher suite mismatch

TLS 1.0
TLS 1.0
TLS 1.0
TLS 1.0
TLS 1.2
TLS 1.2
TLS 1.0
TLS 1.2
TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) FS
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) FS
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14) FS
Fail3
128
128
128
128
128
256
128
128
128
pdfcrowd.com
Firefox 31.3.0 ESR / Win

TLS 1.2
7
Firefox 37 / OS X R
TLS 1.2
Googlebot Feb 2015
TLS 1.2
IE 6 / XP No FS 1 No
SNI 2
IE 7 / Vista
IE 8 / XP No FS 1 No
SNI 2
IE 8-10 / Win 7 R
IE 11 / Win 7 R
IE 11 / Win 8.1 R
IE Mobile 10 / Win Phone
8.0
IE Mobile 11 / Win Phone
8.1
128
128
128
Fail3
TLS 1.0
128
Fail3
TLS 1.0
TLS 1.2
TLS 1.2
128
128
128
TLS 1.0
128
TLS 1.2
128
Java 6u45 No SNI 2

Java 7u25
Java 8u31
OpenSSL 0.9.8y
TLS 1.0
TLS 1.2
OpenSSL 1.0.1l R
TLS 1.2
OpenSSL 1.0.2 R
TLS 1.2
Safari 5.1.9 / OS X 10.6.8 TLS 1.0
Safari 6 / iOS 6.0.1 R
TLS 1.2
Safari 6.0.4 / OS X 10.8.4
TLS 1.0
R
Safari 7 / iOS 7.1 R
TLS 1.2
Safari 7 / OS X 10.9 R
TLS 1.2
/ iOS 8.1.2
R HTMLTLS
Are you a8developer?
Try out the
to PDF1.2
API
PRO version Safari
Fail3
128
128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) FS
Fail3
128
128
128
128
128
128
128
128
pdfcrowd.com
Safari 8 / iOS 8.1.2 R

TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) FS
128
Safari 8 / OS X 10.10 R TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) FS
128
Yahoo Slurp Jan 2015
TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) FS
128
YandexBot Jan 2015
TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) FS
128
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers tend to retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
Protocol Details
Secure Renegotiation
Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No
BEAST attack
Not mitigated server-side (more info) TLS 1.0: 0xc009
POODLE (SSLv3)
No, SSL 3 not supported (more info)
POODLE (TLS)
No (more info)
Downgrade attack prevention
Yes, TLS_FALLBACK_SCSV supported (more info)
TLS compression
No
RC4
No
Heartbeat (extension)
No
Heartbleed (vulnerability)
No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
Forward Secrecy
Yes (with most browsers) ROBUST (more info)
Next Protocol Negotiation (NPN)
Yes spdy/3.1 http/1.1
PRO version
pdfcrowd.com
Session resumption (caching)

Session resumption (tickets)
OCSP stapling
Strict Transport Security (HSTS)
Public Key Pinning (HPKP)
Long handshake intolerance
TLS extension intolerance
TLS version intolerance
Incorrect SNI alerts
Uses common DH prime
SSL 2 handshake compatibility
No (IDs assigned but not accepted)

Yes
Yes
No
No
No
No
No
No
No
Miscellaneous
Test date
Sat, 27 Jun 2015 16:39:03 UTC
Test duration
72.244 seconds
HTTP status code
200
HTTP server signature cloudflare-nginx
Server hostname
-
SSL Report v1.18.1

Copyright 2009-2015 Qualys, Inc. All Rights Reserved.
PRO version
Terms and Conditions
pdfcrowd.com

Analysis

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Analysis

Uploaded by

Copyright:

Available Formats

SSL Labs logo

Home Projects Qualys.com Contact

Are you a developer? Try out the HTML to PDF API

Server Key and Certificate #1

Are you a developer? Try out the HTML to PDF API

Additional Certificates (if supplied)

Are you a developer? Try out the HTML to PDF API

COMODO ECC Domain Validation Secure Server CA 2

Path #2: Trusted

Are you a developer? Try out the HTML to PDF API

Protocol or cipher suite mismatch

Are you a developer? Try out the HTML to PDF API

Firefox 31.3.0 ESR / Win

Protocol or cipher suite mismatch

Protocol or cipher suite mismatch

Java 6u45 No SNI 2

Protocol or cipher suite mismatch

Protocol or cipher suite mismatch

Safari 8 / iOS 8.1.2 R

Are you a developer? Try out the HTML to PDF API

Session resumption (caching)

No (IDs assigned but not accepted)

SSL Report v1.18.1

Are you a developer? Try out the HTML to PDF API

Terms and Conditions

You might also like