SSL/TLS Server Information

Starting report generation at Mon May 20 15:37:23 CEST 2013

Resolving hostname...
IP address for server is 69.58.181.89

Connecting to www.verisign.com:443...
TCP connection established.

Starting SSLv3/TLS handshake...

ssl_debug(197): Starting handshake (iSaSiLk 4.4 Evaluation Version)...
ssl_debug(197): Sending v3 client_hello message to www.verisign.com:443, requesting version 3.2...
ssl_debug(197): Sending extensions: elliptic_curves (10), renegotiation_info (65281), ec_point_formats (11)
ssl_debug(197): Received v3 server_hello handshake message.
ssl_debug(197): Server selected SSL version 3.1.
ssl_debug(197): Server created new session C5:AF:52:83:0E:B7:6E:DA...
ssl_debug(197): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(197): CompressionMethod selected by server: NULL
ssl_debug(197): TLS extensions sent by the server: renegotiation_info (65281)
ssl_debug(197): Server supports secure renegotiation.
ssl_debug(197): Received certificate handshake message with server certificate.
ssl_debug(197): Server sent a 2048 bit RSA certificate, chain has 3 elements.
ssl_debug(197): Received server_hello_done handshake message.
ssl_debug(197): Sending client_key_exchange handshake...
ssl_debug(197): Sending change_cipher_spec message...
ssl_debug(197): Sending finished message...
ssl_debug(197): Received change_cipher_spec message.
ssl_debug(197): Received finished message.
ssl_debug(197): Handshake completed, statistics:
ssl_debug(197): Read 4703 bytes in 5 records, wrote 593 bytes in 4 records.
SSL/TLS connect successful.

Checking for TLS 1.1 support...
TLS 1.1 is NOT supported by this server.

Checking for TLS 1.0 support...
TLS 1.0 is supported by this server.

Checking for SSLv3 support...
SSLv3 is supported by this server.

Checking for SSLv2 support...
SSLv2 is NOT supported by this server.

Server name returned in HTTP request:
Apache

SSLv2 Summary

SSL 2.0 is not supported by this server.

SSLv3/TLS Summary

Checking server supported SSLv3/TLS ciphersuites (this may take a while)...

TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA

SSLv3/TLS ciphersuites NOT supported or not enabled by this server:

TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DH_DSS_WITH_AES_256_CBC_SHA
TLS_DH_RSA_WITH_AES_256_CBC_SHA
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_PSK_WITH_AES_256_CBC_SHA
TLS_DHE_PSK_WITH_AES_256_CBC_SHA
TLS_PSK_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
TLS_PSK_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_IDEA_CBC_SHA
SSL_DHE_DSS_WITH_RC4_128_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DH_DSS_WITH_AES_128_CBC_SHA
TLS_DH_RSA_WITH_AES_128_CBC_SHA
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_PSK_WITH_AES_128_CBC_SHA
TLS_RSA_PSK_WITH_RC4_128_SHA
TLS_DHE_PSK_WITH_AES_128_CBC_SHA
TLS_DHE_PSK_WITH_RC4_128_SHA
TLS_PSK_WITH_RC4_128_SHA
TLS_PSK_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DH_DSS_WITH_DES_CBC_SHA
SSL_DH_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_RSA_WITH_NULL_SHA
TLS_ECDH_ECDSA_WITH_NULL_SHA
TLS_ECDHE_ECDSA_WITH_NULL_SHA
TLS_ECDH_RSA_WITH_NULL_SHA
TLS_ECDHE_RSA_WITH_NULL_SHA
TLS_ECDH_anon_WITH_NULL_SHA
TLS_RSA_PSK_WITH_NULL_SHA
TLS_DHE_PSK_WITH_NULL_SHA
TLS_PSK_WITH_NULL_SHA
SSL_RSA_WITH_NULL_MD5

Supported cipher algorithms

Algorithm NameSupported
AES yes
Camellia yes
DES yes
DESede yes
IDEA no
NULL no
RC2 no
RC4 yes

Supported key exchange algorithms

Algorithm NameSupported
DHE_DSS no
DHE_DSS_EXPORT no
DHE_DSS_EXPORT1024 no
DHE_PSK no
DHE_RSA yes
DHE_RSA_EXPORT no
DH_DSS no
DH_DSS_EXPORT no
DH_RSA no
DH_RSA_EXPORT no
DH_anon no
DH_anon_EXPORT no
ECDHE_ECDSA no
ECDHE_RSA no
ECDH_ECDSA no
ECDH_RSA no
ECDH_anon no
PSK no
RSA yes
RSA_EXPORT no
RSA_EXPORT1024 no
RSA_PSK no

RSA Certificate Chain

Certificate 0

Version 3
Serial Number 0x570696d753b97229405a3f69fe9aac2
Signature Algorithm SHA/RSA
Subject CN = www.verisign.com
= Symantec Corporation
OU = Infrastructure Operations
1.3.6.1.4.1.311.60.2.1.3 = US
1.3.6.1.4.1.311.60.2.1.2 = Delaware
2.5.4.15 = Private Organization
serialNumber = 2158113
postalCode = 94043
STREET = 350 Ellis Street
ST = California
= US
= Mountain View
Valid Not Before Wed Oct 10 02:00:00 CEST 2012
Not After Sat Oct 11 01:59:59 CEST 2014
Issuer CN = VeriSign Class 3 Extended Validation SSL SGC CA
= VeriSign, Inc.
OU = VeriSign Trust Network
OU = Terms of use at https://www.verisign.com/rpa (c)06
= US
Public Key Algorithm RSA
Key length2048 bit
Modulus  2589862199958818546187477607289716156776
 7181499943338266469217282586073122506388
 0269516711424249154490810716885012545548
 6524751769064359986174815992785777995977
 9128559512762161259253700529439680609402
 8601445664445848584389660052020790692108
 1561107546513764997344690887328792942015
 6423326851084205898016682168248601693281
 6172828206712992799345455224544856983713
 8090584405533326089060255083166627077035
 8715426737628316366285579034836666200132
 5064577830156908372496702870124428208528
 0173800045590377137815553631647105643950
 5655465037225640228170818890959844509663
 1929524646390717811851916086383151985436
 65785382236477191
Public Exponent  65537
Extension 1 KeyUsage:
digitalSignature | keyEncipherment
Extension 2 CertificatePolicies:
certificatePolicy[0]: policyIdentifier: 2.16.840.1.113733.1.
7.23.6
policyQualifiers[0]: policyQualifierId: id-pkix-cps
CPS URI: https://www.verisign.com/cps
Extension 3 SubjectKeyIdentifier:
85:A3:91:F2:85:66:C2:8B:53:45:2A:78:8C:EB:16:07:BA:BA:14:50
Extension 4 CRLDistributionPoints:
DistributionPoint: uniformResourceIdentifier: http://EVIntl-
crl.verisign.com/EVIntl2006.crl
Extension 5 AuthorityInfoAccess:
accessMethod: OBJECT ID = ocsp
accessLocation: uniformResourceIdentifier: http://EVIntl-ocs
p.verisign.com
accessMethod: OBJECT ID = caIssuers
accessLocation: uniformResourceIdentifier: http://EVIntl-aia
.verisign.com/EVIntl2006.cer
Extension 6 ExtendedKeyUsage:
KeyPurposeId 0:  TLS Web server authentication
KeyPurposeId 1:  TLS Web client authentication
KeyPurposeId 2:  Netscape Server Gated Cryptography
Extension 7 BasicConstraints:
CA: no
Extension 8 AuthorityKeyIdentifier:
KeyIdentifier: 4E:43:C8:1D:76:EF:37:53:7A:4F:F2:58:6F:94:F3:
38:E2:D5:BD:DF
Extension 9 SubjectAltName:
dNSName: www.verisign.com
dNSName: verisign.com
dNSName: www.verisign.net
dNSName: verisign.net
dNSName: www.verisign.mobi
dNSName: verisign.mobi
dNSName: www.verisign.eu
dNSName: verisign.eu
dNSName: forms.ws.symantec.com
dNSName: sslreview.com
dNSName: www.sslreview.com

Certificate 1

Version 3
Serial Number 0x2c48dd930df5598ef93c99547a60ed43
Signature Algorithm SHA/RSA
Subject CN = VeriSign Class 3 Extended Validation SSL SGC CA
= VeriSign, Inc.
OU = VeriSign Trust Network
OU = Terms of use at https://www.verisign.com/rpa (c)06
= US
Valid Not Before Wed Nov 08 01:00:00 CET 2006
Not After Tue Nov 08 00:59:59 CET 2016
Issuer CN = VeriSign Class 3 Public Primary Certification Authority - G5
= VeriSign, Inc.
OU = VeriSign Trust Network
OU = (c) 2006 VeriSign, Inc. - For authorized use only
= US
Public Key Algorithm RSA
Key length2048 bit
Modulus  2390171119183809993740414008071082901363
 1056358593286763210673938241770256101806
 7365818937971549554939068316172891793966
 4688558360194434381036003841728561311509
 9118403994916840598237565779113683553432
 6623320704101756570578835546050152490960
 3380231993383311457866682219385585843027
 3887194999338349181130630644930384459646
 1399356935729448078394432846523165068901
 3680492859878377305340642978047388701523
 9520839924385528242011308616422401892092
 7599107026354095728333791384116892169310
 9020482137849009477822199323437998194637
 7088361849912289932759153451369235008727
 0276824903840299796075330390890196500204
 64332061993915679
Public Exponent  65537
Extension 1 KeyUsage:
keyCertSign | cRLSign
Extension 2 BasicConstraints:
CA: yes
PathLenConstraint: 0
Extension 3 CertificatePolicies:
certificatePolicy[0]: policyIdentifier: anyPolicy
policyQualifiers[0]: policyQualifierId: id-pkix-cps
CPS URI: https://www.verisign.com/cps
Extension 4 SubjectKeyIdentifier:
4E:43:C8:1D:76:EF:37:53:7A:4F:F2:58:6F:94:F3:38:E2:D5:BD:DF
Extension 5 CRLDistributionPoints:
DistributionPoint: uniformResourceIdentifier: http://EVSecur
e-crl.verisign.com/pca3-g5.crl
Extension 6 1.3.6.1.5.5.7.1.12:
UnknownExtension:     OBJECT ID = 1.3.6.1.5.5.7.1.12
SEQUENCE[C] = 1 elements
Extension 7 AuthorityInfoAccess:
accessMethod: OBJECT ID = ocsp
accessLocation: uniformResourceIdentifier: http://EVSecure-o
csp.verisign.com
Extension 8 NetscapeCertType:
NetscapeCertType: SSL CA | S/MIME CA
Extension 9 ExtendedKeyUsage:
KeyPurposeId 0:  Netscape Server Gated Cryptography
KeyPurposeId 1:  2.16.840.1.113733.1.8.1
KeyPurposeId 2:  TLS Web server authentication
KeyPurposeId 3:  TLS Web client authentication
Extension 10 AuthorityKeyIdentifier:
KeyIdentifier: 7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:
02:AF:33:31:33
Extension 11 SubjectAltName:
directoryName: CN=Class3CA2048-1-48

Certificate 2

Version 3
Serial Number 0x35973187f3873a07327ece580c9b7eda
Signature Algorithm SHA/RSA
Subject CN = VeriSign Class 3 Public Primary Certification Authority - G5
= VeriSign, Inc.
OU = VeriSign Trust Network
OU = (c) 2006 VeriSign, Inc. - For authorized use only
= US
Valid Not Before Wed Nov 08 01:00:00 CET 2006
Not After Mon Nov 08 00:59:59 CET 2021
Issuer = VeriSign, Inc.
OU = Class 3 Public Primary Certification Authority
= US
Public Key Algorithm RSA
Key length2048 bit
Modulus  2210947110205967138379664271494239363114
 9792360856487955190294587841800871022486
 2526526121631963608329383676087639780138
 7684494423757670423720690207281037618036
 6897841695320192789360300658269712766474
 2250420972614561892647726863007056723286
 9187146494553651383176859638389412279858
 1104077921511815271705394605095257256954
 3813661396447408779560167594140805579484
 5941716007417331308240942202396758498409
 9389949088073277478112907997447136173994
 4331250254798127905909437370386965902668
 4053439668333718129538317534454812009770
 0121250428676269067140626584500149856482
 3884983172039077902095035139662238212538
 56296202557465877
Public Exponent  65537
Extension 1 KeyUsage:
keyCertSign | cRLSign
Extension 2 BasicConstraints:
CA: yes
Extension 3 SubjectKeyIdentifier:
7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33
Extension 4 CertificatePolicies:
certificatePolicy[0]: policyIdentifier: anyPolicy
policyQualifiers[0]: policyQualifierId: id-pkix-cps
CPS URI: https://www.verisign.com/cps
Extension 5 CRLDistributionPoints:
DistributionPoint: uniformResourceIdentifier: http://crl.ver
isign.com/pca3.crl
Extension 6 1.3.6.1.5.5.7.1.12:
UnknownExtension:     OBJECT ID = 1.3.6.1.5.5.7.1.12
SEQUENCE[C] = 1 elements
Extension 7 AuthorityInfoAccess:
accessMethod: OBJECT ID = ocsp
accessLocation: uniformResourceIdentifier: http://ocsp.veris
ign.com
Extension 8 ExtendedKeyUsage:
KeyPurposeId 0:  Netscape Server Gated Cryptography
KeyPurposeId 1:  2.16.840.1.113733.1.8.1
KeyPurposeId 2:  TLS Web server authentication
KeyPurposeId 3:  TLS Web client authentication

Back to the server selection page.

Generated by IAIK SSL/TLS ServerInfo using the iSaSiLk and IAIK JCE Java cryptography libraries, (c) 2002 IAIK, (c) 2003 - 2012 SIC. For more information see http://jce.iaik.tugraz..at/ or mailto:jce-sales@iaik.tugraz.at.