TLS 1.3 KEM configuration
Server info
- UBI9 Base Image
- OpenSSL version: 3.5.4
- nginx version: nginx/1.29.3
nginx configuration
server {
listen 8443 ssl;
listen [::]:8443 ssl;
server_name keysupport.net;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
ssl_certificate ...;
ssl_certificate_key ...;
ssl_protocols TLSv1.3;
ssl_early_data off;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve SecP384r1MLKEM1024:SecP256r1MLKEM768:X25519MLKEM768:secp384r1;
ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256;
...
}
TestSSL.sh results as of 20251107
testssl.sh
#####################################################################
testssl.sh version 3.3dev from https://testssl.sh/dev/
(f219fd6c 2025-11-03 23:39:04)
This program is free software. Distribution and modification under
GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
Please file bugs @ https://testssl.sh/bugs/
#####################################################################
Using OpenSSL 3.5.4 (Nov 3 2025) [~96 ciphers]
on Vostro:/usr/local/openssl/bin/openssl
Testing all IPv4 addresses (port 443): 71.185.218.5
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Start 2025-11-07 19:32:15 -->> 71.185.218.5:443 (keysupport.net) <<--
rDNS (71.185.218.5): pool-71-185-218-5.phlapa.fios.verizon.net.
Service detected: HTTP
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 not offered
TLS 1.3 offered (OK): final
QUIC not offered or timed out
NPN/SPDY There's no such thing as NPN on TLS 1.3-only hosts
ALPN/HTTP2 h2, http/1.1 (offered)
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered
Obsoleted CBC ciphers (AES, ARIA etc.) not offered
Strong encryption (AEAD ciphers) with no FS not offered
Forward Secrecy strong encryption (AEAD ciphers) offered (OK)
Testing server's cipher preferences
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
-
SSLv3
-
TLSv1
-
TLSv1.1
-
TLSv1.2
-
TLSv1.3 (server order)
x1302 TLS_AES_256_GCM_SHA384 ECDH/MLKEM AESGCM 256 TLS_AES_256_GCM_SHA384
x1301 TLS_AES_128_GCM_SHA256 ECDH/MLKEM AESGCM 128 TLS_AES_128_GCM_SHA256
x1304 TLS_AES_128_CCM_SHA256 ECDH/MLKEM AESCCM 128 TLS_AES_128_CCM_SHA256
Has server cipher order? yes (TLS 1.3 only)
Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
FS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_AES_128_CCM_SHA256
KEMs offered SecP256r1MLKEM768 X25519MLKEM768 SecP384r1MLKEM1024
Elliptic curves offered: secp384r1
TLS 1.3 sig_algs offered: RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512
Testing server defaults (Server Hello)
TLS extensions (standard) "server name/#0" "supported_groups/#10" "supported versions/#43" "key share/#51"
Session Ticket RFC 5077 hint no -- no lifetime advertised
SSL Session ID support no
Session Resumption tickets no, ID: no
TLS 1.3 early data support no early data (no SSL session ID)
TLS clock skew Random values, no fingerprinting possible
Certificate Compression none
Client Authentication none
Signature Algorithm SHA256 with RSA
Server key size RSA 4096 bits (exponent is 65537)
Server key usage Digital Signature, Key Encipherment
Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication
Serial 060F34CE6403B02A6B922A49E18B12EE2BBE (OK: length 18)
Fingerprints SHA1 9C2A62B3EC8E01A4E8BF70A5450C07F2E3253263
SHA256 284F5141A347BFBDE45CB356F4B99836EEF5B5DD62ECD55062A814CF2C9245AD
Common Name (CN) home.keysupport.net
subjectAltName (SAN) home.keysupport.net home.keysupport.org keysupport.net
Trust (hostname) Ok via SAN (same w/o SNI)
Chain of trust Ok
EV cert (experimental) no
Certificate Validity (UTC) 88 >= 30 days (2025-11-06 16:48 --> 2026-02-04 16:48)
ETS/"eTLS", visibility info not present
Certificate Revocation List http://r12.c.lencr.org/63.crl
OCSP URI --
OCSP stapling not offered
OCSP must staple extension --
DNS CAA RR (experimental) available - please check for match with "Issuer" below
issue=amazon.com, issue=letsencrypt.org
Certificate Transparency yes (certificate extension)
Certificates provided 2
Issuer R12 (Let's Encrypt from US)
Intermediate cert validity #1: ok > 40 days (2027-03-12 23:59). R12 <-- ISRG Root X1
Intermediate Bad OCSP (exp.) Ok
Testing HTTP header response @ "/"
HTTP Status Code 200 OK
HTTP clock skew 0 sec from localtime
Strict Transport Security 730 days=63072000 s, includeSubDomains, preload
Public Key Pinning --
Server banner nginx/1.29.3'
Application banner --
Cookie(s) (none issued at "/")
Security headers X-Content-Type-Options: nosniff
Reverse Proxy banner --
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session ticket extension
Opossum (CVE-2025-49812) not vulnerable (OK)
ROBOT Server does not support any cipher suites that use RSA key transport
Secure Renegotiation (RFC 5746) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/" tested
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), TLS 1.3 is the only protocol
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=284F5141A347BFBDE45CB356F4B99836EEF5B5DD62ECD55062A814CF2C9245AD
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1
LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK)
Winshock (CVE-2014-6321), experimental not vulnerable (OK)
RC4 (CVE-2013-2566, CVE-2015-2808) not vulnerable (OK)
Running client simulations (HTTP) via sockets
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 7.0 (native) No connection
Android 8.1 (native) No connection
Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Android 11/12 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Android 13/14 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Android 15 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 X25519MLKEM768
Chrome 101 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Chromium 137 (Win 11) TLSv1.3 TLS_AES_256_GCM_SHA384 X25519MLKEM768
Firefox 100 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Firefox 137 (Win 11) TLSv1.3 TLS_AES_256_GCM_SHA384 X25519MLKEM768
IE 8 Win 7 No connection
IE 11 Win 7 No connection
IE 11 Win 8.1 No connection
IE 11 Win Phone 8.1 No connection
IE 11 Win 10 No connection
Edge 15 Win 10 No connection
Edge 101 Win 10 21H2 TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Edge 133 Win 11 23H2 TLSv1.3 TLS_AES_256_GCM_SHA384 X25519MLKEM768
Safari 18.4 (iOS 18.4) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Safari 15.4 (macOS 12.3.1) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Safari 18.4 (macOS 15.4) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Java 7u25 No connection
Java 8u442 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Java 17.0.3 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Java 21.0.6 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
go 1.17.8 TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
LibreSSL 3.3.6 (macOS) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
OpenSSL 1.0.2e No connection
OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
OpenSSL 3.0.15 (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
OpenSSL 3.5.0 (git) TLSv1.3 TLS_AES_256_GCM_SHA384 X25519MLKEM768
Apple Mail (16.0) No connection
Thunderbird (91.9) TLSv1.3 TLS_AES_256_GCM_SHA384 384 bit ECDH (P-384)
Rating (experimental)
Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009r from 2025-05-16)
Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
Protocol Support (weighted) 100 (30)
Key Exchange (weighted) 100 (30)
Cipher Strength (weighted) 90 (36)
Final Score 96
Overall Grade A+
Done 2025-11-07 19:33:19 [ 66s] -->> 71.185.218.5:443 (keysupport.net) <<--
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Done testing now all IP addresses (on port 443): 71.185.218.5