To strona typu https, a więc bezpieczna, związana z firmą, w której pracuję,
chciałbym się na niej zalogować ale ona w ogóle się nie otwiera.
Wiem, że to kwestia niezaufanych certyfikatów. Kiedyś we wcześniejszych wersjach Firefoxa
otwierałem ją bez problemu, potem musiałem to robić w Internet Explorerze, gdy i tam
przestała się otwierać logowałem się w Androidzie ale i nawet tam ostatnio przestało się to otwierać.
Wypróbowałem już Chrome i Safari w Windows 10 oraz Operę, Chrome i Dolphin w Androidzie 5 i wszystko na nic.
W Firefoxie 50.0 zmieniłem nawet dwa wiersze ustawienia: security.ssl3.dhe_rsa_aes z true na false ale i to nic nie dało.
Grzebałem też w ustawieniach Firefoxa w certyfikatach, gdy chciałem ustawić wyjątek dla tej strony dostałem komunikat,
że certyfikat jest prawidłowy a jednak strona się nie otwiera.
Odinstalowałem i ponownie zainstalowałem Firefoxa, wyłączyłem Avasta by wykluczyć jego wpływ, oczywiście wszystko bez pozytywnego rezultatu.
Komunikaty jakie podają teraz strony są w rodzaju, że podana strona spowodowała zbyt wiele przekierowań.
Wiem, że podana strona jest bezpieczna, chciałbym ją otworzyć, może istnieje jakiś sposób by dodać tą stronę do zaufanych ?
Poniżej zamieszczam jeszcze raport na temat tej strony, może ktoś będzie wiedział o co w tym wszystkim chodzi.
- Kod: Zaznacz cały
You are here: Home > Projects > SSL Server Test > internet-pcp.eurocash.pl
SSL Report: internet-pcp.eurocash.pl (193.105.251.25)
Assessed on: Sun, 27 Nov 2016 15:35:37 UTC | Hide | Clear cache
Scan Another »
Summary
Overall Rating
F
0
20
40
60
80
100
Certificate
Protocol Support
Key Exchange
Cipher Strength
Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.
This server supports insecure Diffie-Hellman (DH) key exchange parameters (Logjam). Grade set to F. MORE INFO »
This server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F. MORE INFO »
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO »
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO »
This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B. MORE INFO »
The server does not support Forward Secrecy with the reference browsers. MORE INFO »
This server's certificate chain is incomplete. Grade capped to B.
Certificate #1: RSA 4096 bits (SHA256withRSA)
Server Key and Certificate #1
Subject *.eurocash.pl
Fingerprint SHA1: 9c84c4ac91df9ff107179019d39f4a8b4dfe5e68
Pin SHA256: ed6d7muREw60TCnJNEGCTGBf4gJ/+Qx2LBJXOFEAUoE=
Common names *.eurocash.pl
Alternative names *.eurocash.pl eurocash.pl
Valid from Mon, 11 May 2015 01:29:24 UTC
Valid until Wed, 04 Jan 2017 04:41:02 UTC (expires in 1 month and 7 days)
Key RSA 4096 bits (e 65537)
Weak key (Debian) No
Issuer RapidSSL SHA256 CA - G3
AIA: http://gv.symcb.com/gv.crt
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency No
OCSP Must Staple No
Revocation information CRL, OCSP
CRL: http://gv.symcb.com/gv.crl
OCSP: http://gv.symcd.com
Revocation status Good (not revoked)
Trusted Yes
Additional Certificates (if supplied)
Certificates provided 1 (1454 bytes)
Chain issues Incomplete
[Show Certification Paths] Certification Paths
Click here to expand
Configuration
Protocols
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3 INSECURE Yes
SSL 2 No
Cipher Suites (sorted by strength as the server has no preference; deprecated and SSL 2 suites at the end)
TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3) INSECURE 40
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8) INSECURE 40
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x14) DH 512 bits FS INSECURE 40
TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK 56
TLS_DHE_RSA_WITH_DES_CBC_SHA (0x15) DH 768 bits FS INSECURE 56
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 768 bits FS INSECURE 112
TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE 128
TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 768 bits FS INSECURE 128
Handshake Simulation
Android 2.3.7 No SNI 2 RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 No FS RC4
Android 4.0.4 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH 768 FS
Android 4.1.1 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH 768 FS
Android 4.2.2 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH 768 FS
Android 4.3 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH 768 FS
Android 4.4.2 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH 768 FS
Android 5.0.0 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH 768 FS
Android 6.0 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH 768 FS
Android 7.0 RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Baidu Jan 2015 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH 768 FS
BingPreview Jan 2015 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH 768 FS
Chrome 49 / XP SP3 RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Chrome 51 / Win 7 R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Firefox 31.3.0 ESR / Win 7 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH 768 FS
Firefox 47 / Win 7 R Client does not support DH parameters < 1023 bits
RSA 4096 (SHA256) | TLS 1.0 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DH 768
Firefox 49 / XP SP3 Client does not support DH parameters < 1023 bits
RSA 4096 (SHA256) | TLS 1.0 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DH 768
Firefox 49 / Win 7 R Client does not support DH parameters < 1023 bits
RSA 4096 (SHA256) | TLS 1.0 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DH 768
Googlebot Feb 2015 RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_RC4_128_SHA No FS RC4
IE 6 / XP No FS 1 No SNI 2 RSA 4096 (SHA256) SSL 3 TLS_RSA_WITH_RC4_128_MD5 RC4
IE 7 / Vista RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
IE 8 / XP No FS 1 No SNI 2 RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 RC4
IE 8-10 / Win 7 R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
IE 11 / Win 7 R Client does not support DH parameters < 1024 bits
RSA 4096 (SHA256) | TLS 1.0 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DH 768
IE 11 / Win 8.1 R Client does not support DH parameters < 1024 bits
RSA 4096 (SHA256) | TLS 1.0 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DH 768
IE 10 / Win Phone 8.0 RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
IE 11 / Win Phone 8.1 R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
IE 11 / Win Phone 8.1 Update R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
IE 11 / Win 10 R Client does not support DH parameters < 1024 bits
RSA 4096 (SHA256) | TLS 1.0 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DH 768
Edge 13 / Win 10 R Client does not support DH parameters < 1024 bits
RSA 4096 (SHA256) | TLS 1.0 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DH 768
Edge 13 / Win Phone 10 R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Java 6u45 No SNI 2 RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 No FS RC4
Java 7u25 RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Java 8u31 RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
OpenSSL 0.9.8y RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH 768 FS
OpenSSL 1.0.1l R RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH 768 FS
OpenSSL 1.0.2e R RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH 768 FS
Safari 5.1.9 / OS X 10.6.8 RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Safari 6 / iOS 6.0.1 RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Safari 6.0.4 / OS X 10.8.4 R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Safari 7 / iOS 7.1 R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Safari 7 / OS X 10.9 R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Safari 8 / iOS 8.4 R RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH 768 FS
Safari 8 / OS X 10.10 R RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH 768 FS
Safari 9 / iOS 9 R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Safari 9 / OS X 10.11 R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Safari 10 / iOS 10 R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Safari 10 / OS X 10.12 R RSA 4096 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Apple ATS 9 / iOS 9 R Server sent fatal alert: handshake_failure
Yahoo Slurp Jan 2015 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH 768 FS
YandexBot Jan 2015 RSA 4096 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH 768 FS
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
Protocol Details
DROWN (experimental)
IP Address Port Export Special Status
193.105.251.21 443 No No handshake_failure
193.105.251.33 443 No No handshake_failure
(1) For a better understanding of this test, please read this longer explanation
(2) Key usage data kindly provided by the Censys network search engine; original DROWN test here
(3) Censys data is only indicative of possible key and certificate reuse; possibly out-of-date and incomplete
(4) We perform real-time key reuse checks, but stop checking after first confirmed vulnerability
(5) The "Special" column indicates vulnerable OpenSSL version; "Export" refers to export cipher suites
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation Yes
Insecure Client-Initiated Renegotiation No
BEAST attack Not mitigated server-side (more info) SSL 3: 0x8, TLS 1.0: 0x8
POODLE (SSLv3) Vulnerable INSECURE (more info) SSL 3: 0x8
POODLE (TLS) No (more info)
Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more info)
SSL/TLS compression No
RC4 Yes INSECURE (more info)
Heartbeat (extension) No
Heartbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
OpenSSL Padding Oracle vuln.
(CVE-2016-2107) No (more info)
Forward Secrecy Insecure key exchange INSECURE
ALPN No
NPN No
Session resumption (caching) Yes
Session resumption (tickets) No
OCSP stapling No
Strict Transport Security (HSTS) No
HSTS Preloading Not in: Chrome Edge Firefox IE
Public Key Pinning (HPKP) No
Public Key Pinning Report-Only No
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance No
Incorrect SNI alerts No
Uses common DH primes No
DH public server param (Ys) reuse No
SSL 2 handshake compatibility Yes
HTTP Requests
1 https://internet-pcp.eurocash.pl/ (HTTP/1.1 200 OK)
Miscellaneous
Test date Sun, 27 Nov 2016 15:33:45 UTC
Test duration 111.975 seconds
HTTP status code 200
HTTP server signature PCP
Server hostname internet-pcp.eurocash.pl...........in-addr.arpa
SSL Report v1.25.2