概 述
检测部署SSL/TLS的服务是否符合行业最佳实践,PCI DSS支付卡行业安全标准,Apple ATS规范。
降级原因:
- 1. 服务器支持弱Diffie-Hellman(DH)密钥交换参数,降级为C
配置指南:
-
1. 需要配置符合PFS规范的加密套件,推荐配置:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE ; - 2. 需要在服务端TLS协议中启用TLS1.2,推荐配置:TLSv1 TLSv1.1 TLSv1.2 ;
- 3. 需要保证当前域名与所使用的证书匹配;
- 4. 需要保证证书在有效期内;
- 5. 需要使用SHA-2签名算法的证书;
- 6. 需要保证证书签发机构是可信的CA机构。
- 7. HSTS(HTTP严格传输安全)的 max-age 需要大于15768000秒。
- 8. 《HTTPS 安全最佳实践》
证书信息
信任状态 | 可信 |
是 | |
通用名称 | cash4teens.com |
颁发者 | R3 |
启用SNI | 是 |
弱密钥检测 | 否 |
加密算法 | RSA 4096 bits |
签名算法 | SHA256WithRSA |
证书透明(CT) | 是 (Google: (来自证书,有效); Apple: (来自证书,有效)) |
证书品牌 | IdenTrust |
证书类型 | DV SSL |
开始时间 | 2021-12-18 14:32:22 |
结束时间 | 2022-03-18 14:32:21 |
吊销状态 | 正常 |
OCSP装订状态 | 不支持 |
OCSP 必须装订 | 否 |
组织机构 | -- |
部门 | -- |
备用名称 | *.1free-host.com *.boacktube.com *.caricatureinnewyorkphotoshopindrawntogethernyc.com *.carreteenoandemiasantiago.com *.cash4teens.com ...... 查看全部 *.1free-host.com *.boacktube.com *.caricatureinnewyorkphotoshopindrawntogethernyc.com *.carreteenoandemiasantiago.com *.cash4teens.com *.club57blogspot.com *.correoeletronicogmail.com *.elysiumcase.com *.finomarkets.org *.fixitpatagonia.com *.flowerpowerfreddie.com *.getuptome.com *.harrisonzone.com *.hdfullhd.club *.inkedcollector.com *.moviesbro.org *.picfair.co *.ramanandaryadavcollegekurla.com *.sakachibabutan.com *.samsamoy.com *.sedeeelectronicaautomovil.com *.senpaiedicion.com *.sentonespornhub.com *.sinugoogle.com *.skittiesdv.biz *.speacoastonline.com *.spotbusinessmxl.com *.sprengerhealth.com *.stdumpor.com *.sugarbabestore.com *.tallesthomepageoninternet.com *.templatestartuprev.com *.templrios.com *.testertero.com *.testsmartdyspnea.com *.the10tclub.com *.theworldslongestad.com *.totolinkex200.com *.tquguaiwitter.com *.transferfromethztoivy.com *.tubntilepro.com *.uf955d.com *.ukdsorgulama.com *.vacationrental.com.au *.viejostetones.com *.viralvacacinideas.com *.virtual-transport.com *.warnaabuabu.com *.warnanila.com *.whitewaterraftingalabama.com 1free-host.com boacktube.com caricatureinnewyorkphotoshopindrawntogethernyc.com carreteenoandemiasantiago.com cash4teens.com club57blogspot.com correoeletronicogmail.com elysiumcase.com finomarkets.org fixitpatagonia.com flowerpowerfreddie.com getuptome.com harrisonzone.com hdfullhd.club inkedcollector.com moviesbro.org picfair.co ramanandaryadavcollegekurla.com sakachibabutan.com samsamoy.com sedeeelectronicaautomovil.com senpaiedicion.com sentonespornhub.com sinugoogle.com skittiesdv.biz speacoastonline.com spotbusinessmxl.com sprengerhealth.com stdumpor.com sugarbabestore.com tallesthomepageoninternet.com templatestartuprev.com templrios.com testertero.com testsmartdyspnea.com the10tclub.com theworldslongestad.com totolinkex200.com tquguaiwitter.com transferfromethztoivy.com tubntilepro.com uf955d.com ukdsorgulama.com vacationrental.com.au viejostetones.com viralvacacinideas.com virtual-transport.com warnaabuabu.com warnanila.com whitewaterraftingalabama.com |
证书链信息 了解详细 下载证书链
颁发给: | cash4teens.com(根证书来自服务器,会增加额外的握手开销) |
颁发者: | R3 |
加密算法: | RSA 4096 bits |
签名算法: | SHA256WithRSA |
证书指纹: | 1E0C34310D227FDB579B28BC9BE602EE3265549A |
公钥PIN值: | 9ErcXYEHb7zNQ20BZqsisMbivmVbPP4wf4BYnUiB+CU= |
有效期: | 2021-12-18 ~ 2022-03-18 (剩余 -775 天) |
颁发给: | R3(根证书来自服务器,会增加额外的握手开销) |
颁发者: | ISRG Root X1 |
加密算法: | RSA 2048 bits |
签名算法: | SHA256WithRSA |
证书指纹: | A053375BFE84E8B748782C7CEE15827A6AF5A405 |
公钥PIN值: | jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0= |
有效期: | 2020-09-04 ~ 2025-09-16 (剩余 502 天) |
颁发给: | ISRG Root X1(根证书来自服务器,会增加额外的握手开销) |
颁发者: | DST Root CA X3 |
加密算法: | RSA 4096 bits |
签名算法: | SHA256WithRSA |
证书指纹: | 933C6DDEE95C9C41A40F9F50493D82BE03AD87BF |
公钥PIN值: | C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M= |
有效期: | 2021-01-21 ~ 2024-10-01 (剩余 152 天) |
颁发给: | cash4teens.com (根证书来自服务器,会增加额外的握手开销) |
颁发者: | R3 |
有效期: | 2021-12-18 ~ 2022-03-18 (剩余 -775 天) |
颁发给: | R3 (根证书来自服务器,会增加额外的握手开销) |
颁发者: | ISRG Root X1 |
有效期: | 2020-09-04 ~ 2025-09-16 (剩余 502 天) |
颁发给: | ISRG Root X1 (根证书来自服务器,会增加额外的握手开销) |
颁发者: | DST Root CA X3 |
有效期: | 2021-01-21 ~ 2024-10-01 (剩余 152 天) |
信任状态 | 域名不匹配 (主流浏览器访问不受影响,影响少数不支持SNI的旧浏览器) |
否 | |
通用名称 | xjh.co (不匹配) |
颁发者 | R3 |
启用SNI | 否 |
弱密钥检测 | 否 |
加密算法 | RSA 4096 bits |
签名算法 | SHA256WithRSA |
证书透明(CT) | 是 (Google: (来自证书,有效); Apple: (来自证书,有效)) |
证书品牌 | IdenTrust |
证书类型 | DV SSL |
开始时间 | 2021-11-16 13:26:25 |
结束时间 | 2022-02-14 13:26:24 |
吊销状态 | 正常 |
OCSP装订状态 | 不支持 |
OCSP 必须装订 | 否 |
组织机构 | -- |
部门 | -- |
备用名称 | *.adhdmedsprepreddit.co *.apoviewbeachhouse.com *.arfad1.net *.azylovydum.pro *.belleloly.com ...... 查看全部 *.adhdmedsprepreddit.co *.apoviewbeachhouse.com *.arfad1.net *.azylovydum.pro *.belleloly.com *.bkhgames.com *.blackfridayhubs.com *.blislebenon.org *.car-review.site *.creditcardinterest.com.au *.cuttee.top *.dirty-dreamss1.com *.eclincer.com *.eleicao.site *.elpoderunomx.com *.eromiromix.net *.gamerstrack.com *.golgexch.co *.hanssama.com *.hydhkj.com *.indianartifactsonline.com *.ladentist.in *.lagu360.co *.lightgatethailand.com *.maidesite.co *.makingdivinesuper.co *.mediafire.store *.modestal.shop *.nhamarlksowa.com *.pedroesquinas.com *.pylo.si *.receso2020sonora.mx *.revan.co *.sd-styld.shop *.searx.us *.senecabreezeberries.com *.serialitebg.com *.sexihuset.com *.theguardianinfluentialbrands.com *.tokyocity.town *.topropertyhouses.com *.topsurjery.net *.torrent.house *.vanpropack.com *.wetryhardware.com *.wwwmylocalmcds.com *.xjh.co *.yourpreferredloan.com *.zaheertech.com *.zengtengpeng.com adhdmedsprepreddit.co apoviewbeachhouse.com arfad1.net azylovydum.pro belleloly.com bkhgames.com blackfridayhubs.com blislebenon.org car-review.site creditcardinterest.com.au cuttee.top dirty-dreamss1.com eclincer.com eleicao.site elpoderunomx.com eromiromix.net gamerstrack.com golgexch.co hanssama.com hydhkj.com indianartifactsonline.com ladentist.in lagu360.co lightgatethailand.com maidesite.co makingdivinesuper.co mediafire.store modestal.shop nhamarlksowa.com pedroesquinas.com pylo.si receso2020sonora.mx revan.co sd-styld.shop searx.us senecabreezeberries.com serialitebg.com sexihuset.com theguardianinfluentialbrands.com tokyocity.town topropertyhouses.com topsurjery.net torrent.house vanpropack.com wetryhardware.com wwwmylocalmcds.com xjh.co yourpreferredloan.com zaheertech.com zengtengpeng.com |
证书链信息 了解详细 下载证书链
颁发给: | xjh.co(根证书来自服务器,会增加额外的握手开销) |
颁发者: | R3 |
加密算法: | RSA 4096 bits |
签名算法: | SHA256WithRSA |
证书指纹: | F74BE33C361E6B08266F2441CD55498353BBC4E1 |
公钥PIN值: | jvHt38tzA5foDea4vD//V8CR6oflsdBNL7wJ8kLlTok= |
有效期: | 2021-11-16 ~ 2022-02-14 (剩余 -807 天) |
颁发给: | R3(根证书来自服务器,会增加额外的握手开销) |
颁发者: | ISRG Root X1 |
加密算法: | RSA 2048 bits |
签名算法: | SHA256WithRSA |
证书指纹: | A053375BFE84E8B748782C7CEE15827A6AF5A405 |
公钥PIN值: | jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0= |
有效期: | 2020-09-04 ~ 2025-09-16 (剩余 502 天) |
颁发给: | ISRG Root X1(根证书来自服务器,会增加额外的握手开销) |
颁发者: | DST Root CA X3 |
加密算法: | RSA 4096 bits |
签名算法: | SHA256WithRSA |
证书指纹: | 933C6DDEE95C9C41A40F9F50493D82BE03AD87BF |
公钥PIN值: | C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M= |
有效期: | 2021-01-21 ~ 2024-10-01 (剩余 152 天) |
颁发给: | xjh.co (根证书来自服务器,会增加额外的握手开销) |
颁发者: | R3 |
有效期: | 2021-11-16 ~ 2022-02-14 (剩余 -807 天) |
颁发给: | R3 (根证书来自服务器,会增加额外的握手开销) |
颁发者: | ISRG Root X1 |
有效期: | 2020-09-04 ~ 2025-09-16 (剩余 502 天) |
颁发给: | ISRG Root X1 (根证书来自服务器,会增加额外的握手开销) |
颁发者: | DST Root CA X3 |
有效期: | 2021-01-21 ~ 2024-10-01 (剩余 152 天) |
支持协议
TLS 1.3 | 不支持 | ||
TLS 1.2 | 支持 | ||
TLS 1.1 | 支持 | ||
TLS 1.0 | 支持 | 1 | |
SSL 3 | 不支持 | ||
SSL 2 | 不支持 |
支持的加密套件
TLS 1.2 (服务器顺序优先) |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030) 256 bits FS 名称:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 代码:0xC030 描述:ECDH secp256r1 (eq. 3072 bits RSA) 加密强度:256 bits 正向加密:YES 是否安全:YES TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9F) 256 bits FS 名称:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 代码:0x9F 描述:DH 1024bits 加密强度:256 bits 正向加密:YES 是否安全:WEAK TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8) 256 bits FS 名称:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 代码:0xCCA8 描述:ECDH secp256r1 (eq. 3072 bits RSA) 加密强度:256 bits 正向加密:YES 是否安全:YES TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA) 256 bits FS 名称:TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 代码:0xCCAA 描述:DH 1024bits 加密强度:256 bits 正向加密:YES 是否安全:WEAK TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F) 128 bits FS 名称:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 代码:0xC02F 描述:ECDH secp256r1 (eq. 3072 bits RSA) 加密强度:128 bits 正向加密:YES 是否安全:YES TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9E) 128 bits FS 名称:TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 代码:0x9E 描述:DH 1024bits 加密强度:128 bits 正向加密:YES 是否安全:WEAK TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028) 256 bits FS 名称:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 代码:0xC028 描述:ECDH secp256r1 (eq. 3072 bits RSA) 加密强度:256 bits 正向加密:YES 是否安全:YES TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6B) 256 bits FS 名称:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 代码:0x6B 描述:DH 1024bits 加密强度:256 bits 正向加密:YES 是否安全:WEAK TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027) 128 bits FS 名称:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 代码:0xC027 描述:ECDH secp256r1 (eq. 3072 bits RSA) 加密强度:128 bits 正向加密:YES 是否安全:YES TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) 128 bits FS 名称:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 代码:0x67 描述:DH 1024bits 加密强度:128 bits 正向加密:YES 是否安全:WEAK TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014) 256 bits FS 名称:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 代码:0xC014 描述:ECDH secp256r1 (eq. 3072 bits RSA) 加密强度:256 bits 正向加密:YES 是否安全:YES TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) 256 bits FS 名称:TLS_DHE_RSA_WITH_AES_256_CBC_SHA 代码:0x39 描述:DH 1024bits 加密强度:256 bits 正向加密:YES 是否安全:WEAK TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013) 128 bits FS 名称:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 代码:0xC013 描述:ECDH secp256r1 (eq. 3072 bits RSA) 加密强度:128 bits 正向加密:YES 是否安全:YES TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) 128 bits FS 名称:TLS_DHE_RSA_WITH_AES_128_CBC_SHA 代码:0x33 描述:DH 1024bits 加密强度:128 bits 正向加密:YES 是否安全:WEAK TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9D) 256 bits 名称:TLS_RSA_WITH_AES_256_GCM_SHA384 代码:0x9D 描述: 加密强度:256 bits 正向加密:NO 是否安全:WEAK TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9C) 128 bits 名称:TLS_RSA_WITH_AES_128_GCM_SHA256 代码:0x9C 描述: 加密强度:128 bits 正向加密:NO 是否安全:WEAK TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3D) 256 bits 名称:TLS_RSA_WITH_AES_256_CBC_SHA256 代码:0x3D 描述: 加密强度:256 bits 正向加密:NO 是否安全:WEAK TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3C) 128 bits 名称:TLS_RSA_WITH_AES_128_CBC_SHA256 代码:0x3C 描述: 加密强度:128 bits 正向加密:NO 是否安全:WEAK TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 bits 名称:TLS_RSA_WITH_AES_256_CBC_SHA 代码:0x35 描述: 加密强度:256 bits 正向加密:NO 是否安全:WEAK TLS_RSA_WITH_AES_128_CBC_SHA (0x2F) 128 bits 名称:TLS_RSA_WITH_AES_128_CBC_SHA 代码:0x2F 描述: 加密强度:128 bits 正向加密:NO 是否安全:WEAK |
TLS 1.1 (服务器顺序优先) |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014) 256 bits FS 名称:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 代码:0xC014 描述:ECDH secp256r1 (eq. 3072 bits RSA) 加密强度:256 bits 正向加密:YES 是否安全:YES TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) 256 bits FS 名称:TLS_DHE_RSA_WITH_AES_256_CBC_SHA 代码:0x39 描述:DH 1024bits 加密强度:256 bits 正向加密:YES 是否安全:WEAK TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013) 128 bits FS 名称:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 代码:0xC013 描述:ECDH secp256r1 (eq. 3072 bits RSA) 加密强度:128 bits 正向加密:YES 是否安全:YES TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) 128 bits FS 名称:TLS_DHE_RSA_WITH_AES_128_CBC_SHA 代码:0x33 描述:DH 1024bits 加密强度:128 bits 正向加密:YES 是否安全:WEAK TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 bits 名称:TLS_RSA_WITH_AES_256_CBC_SHA 代码:0x35 描述: 加密强度:256 bits 正向加密:NO 是否安全:WEAK TLS_RSA_WITH_AES_128_CBC_SHA (0x2F) 128 bits 名称:TLS_RSA_WITH_AES_128_CBC_SHA 代码:0x2F 描述: 加密强度:128 bits 正向加密:NO 是否安全:WEAK |
TLS 1.0 (服务器顺序优先) |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014) 256 bits FS 名称:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 代码:0xC014 描述:ECDH secp256r1 (eq. 3072 bits RSA) 加密强度:256 bits 正向加密:YES 是否安全:YES TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) 256 bits FS 名称:TLS_DHE_RSA_WITH_AES_256_CBC_SHA 代码:0x39 描述:DH 1024bits 加密强度:256 bits 正向加密:YES 是否安全:WEAK TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013) 128 bits FS 名称:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 代码:0xC013 描述:ECDH secp256r1 (eq. 3072 bits RSA) 加密强度:128 bits 正向加密:YES 是否安全:YES TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) 128 bits FS 名称:TLS_DHE_RSA_WITH_AES_128_CBC_SHA 代码:0x33 描述:DH 1024bits 加密强度:128 bits 正向加密:YES 是否安全:WEAK TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 bits 名称:TLS_RSA_WITH_AES_256_CBC_SHA 代码:0x35 描述: 加密强度:256 bits 正向加密:NO 是否安全:WEAK TLS_RSA_WITH_AES_128_CBC_SHA (0x2F) 128 bits 名称:TLS_RSA_WITH_AES_128_CBC_SHA 代码:0x2F 描述: 加密强度:128 bits 正向加密:NO 是否安全:WEAK |
协议详情
HTTP/2 | 不支持 | |
新型的TLS配置 | 是 | |
支持TLS 1.3 | 不支持 | |
期望CT | 不支持 | |
OCSP装订 | 不支持 | |
预防降级攻击 | 支持 | |
正向保密 | 支持 | |
HTTP严格传输安全(HSTS) | 不支持 | |
公钥固定(HPKP) | 不支持 | |
公钥固定报告 | 不支持 | |
XSS保护 | 不支持 | |
CAA | 不支持 | |
NPN | 不支持 | |
ALPN | 不支持 | |
TLS心跳(扩展) | 不支持 | |
支持的EC椭圆曲线 | 支持 | secp256r1 |
SSL2握手兼容 | 支持 | |
会话恢复(caching) | 支持 | |
会话恢复(Ticket) | 支持 | |
STARTTLS | 不支持 | |
过长的ClientHello兼容 | 不支持 | |
未知TLS版本兼容 | 不支持 | |
不正确的SNI警告 | 不支持 | |
DH公钥参数重用 | 否 | |
ECDH公钥参数重用 | 否 | |
服务端安全重协商 | 支持 | |
客户端安全重协商 | 不支持 | |
客户端不安全重协商 | 不支持 | |
支持RC4套件 | 不支持 | |
是否为邮件服务器 | 否 |
SSL漏洞
是否影响 | 危险系数 | 说明 | |
---|---|---|---|
因系统升级改造,相关功能暂停服务! | |||
DROWN 漏洞 | |||
OpenSSL Padding Oracle 攻击 | |||
FREAK漏洞 | |||
Logjam漏洞 | |||
OpenSSL CCS 注入漏洞 | |||
心血漏洞(Heartbleed) | |||
POODLE漏洞 | |||
CRIME漏洞 |
客户端握手模拟
Android 4.4.2 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Android 5.0.0 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS | |
Android 6.0 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS | |
Android 7.0 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Android 8.0 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Baiduspider/2.0 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Googlebot/2.0 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
YandexBot July 2018 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
360Spider July 2018 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
SougouSpider July 2018 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Baidu HTTPS认证 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS | |
BingPreview Jan 2015 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Chrome 49 / XP SP3 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS | |
Chrome 51 / Win 7 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Chrome 63 /macOS High Sierra 10.13.2 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Chrome 69 / Win 10 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Firefox 31.3.0 ESR / Win 7 No FS1 No SNI2 | 握手失败 (连接超时) | |||
Firefox 47 / Win 7 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS | |
Firefox 49 / XP SP3 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Firefox 49 / Win 7 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Firefox 57 /macOS High Sierra 10.13.2 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Firefox 62 / Win 10 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
IE 6 / XP No FS1 No SNI2 | 握手失败 (handshake_failure) | |||
IE 7 / Vista No FS1 No SNI2 | RSA(SHA256) | TLSv1.0 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA FS | |
IE 8 / XP No FS1 No SNI2 | 握手失败 (连接超时) | |||
IE 8-10 / Win 7 No FS1 No SNI2 | RSA(SHA256) | TLSv1.0 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA FS | |
IE 11 / Win 7 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
IE 11 / Win 8.1 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
IE 10 / Win Phone 8.0 No FS1 No SNI2 | RSA(SHA256) | TLSv1.0 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA FS | |
IE 11 / Win Phone 8.1 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 FS | |
IE 11 / Win Phone 8.1 Update No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
IE 11 / Win 10 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Edge 13 / Win 10 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Edge 13 / Win Phone 10 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Java 6u45 No FS1 No SNI2 | RSA(SHA256) | TLSv1.0 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA FS | |
Java 7u25 No FS1 No SNI2 | RSA(SHA256) | TLSv1.0 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA FS | |
Java 8u31 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS | |
OpenSSL 0.9.8y No FS1 No SNI2 | RSA(SHA256) | TLSv1.0 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA FS | |
OpenSSL 1.0.1l No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
OpenSSL 1.0.2e No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Openssl 1.1.1 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Safari 5.1.9 / OS X 10.6.8 No FS1 No SNI2 | RSA(SHA256) | TLSv1.0 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA FS | |
Safari 6 / iOS 6.0.1 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 FS | |
Safari 6.0.4 / OS X 10.8.4 No FS1 No SNI2 | RSA(SHA256) | TLSv1.0 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA FS | |
Safari 7 / iOS 7.1 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 FS | |
Safari 7 / OS X 10.9 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 FS | |
Safari 8 / iOS 8.4 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 FS | |
Safari 8 / OS X 10.10 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 FS | |
Safari 9 / iOS 9 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Safari 9 / OS X 10.11 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Safari 10 / iOS 10 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Safari 10 / OS X 10.12 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Apple ATS 9 / iOS 9 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
Yahoo Slurp Jan 2015 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
UC浏览器 6 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
360极速浏览器 8 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
360浏览器 8 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS | |
QQ浏览器 9 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 FS | |
世界之窗浏览器 7 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS | |
猎豹浏览器 6 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS | |
傲游浏览器 5 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS | |
搜狗浏览器 7 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS | |
百度浏览器 8 No FS1 No SNI2 | RSA(SHA256) | TLSv1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 FS |
证书兼容性测试
RSA | RSA | |
---|---|---|
Android 2.3 (Gingerbread) | ||
Android 4.0 (Ice Cream Sandwich) | ||
Android 4.1 (Jelly Bean) | ||
Android 4.2 (Jelly Bean) | ||
Android 4.3 (Jelly Bean) | ||
Android 4.4 (KitKat) | ||
Android 5.0 (Lollipop) | ||
Android 5.1 (Lollipop) | ||
Android 6.0 (Marshmallow) | ||
Android 7.0 (Android Nougat) | ||
Android 7.1 (Android Nougat) | ||
Android 8.0 (Android Oreo) | ||
Android 9.0 (Android Pie) | ||
Android 10.0 (Android Q) | ||
Android 11.0 (Android R) | ||
iOS 5-6 | ||
iOS 7 | ||
iOS 8 | ||
iOS 9 | ||
iOS 10 | ||
iOS 11 | ||
iOS 12 | ||
iOS 13 | ||
iOS 14 | ||
OS X 10.9 (Mavericks) | ||
OS X 10.10 (Yosemite) | ||
OS X 10.11 (Eicapitan) | ||
OS X 10.12 (Sierra) | ||
OS X 10.13 (High Sierra) | ||
OS X 10.14 (Mojave) | ||
java 7u181 | ||
java 8u161 | ||
java_8u181 | ||
java_8u202 | ||
java 9 | ||
java 10 | ||
java 11 | ||
java 12 | ||
java 13 | ||
java 17 | ||
Firefox 3.0 | ||
Firefox 3.5 | ||
Firefox 3.6 | ||
Firefox 6.0 | ||
Firefox 16 | ||
Firefox 23 | ||
Firefox 32 | ||
Firefox 42 | ||
Firefox 50 | ||
Firefox 51 | ||
Firefox 54 | ||
Firefox 58 | ||
Firefox 63 | ||
Firefox 65 | ||
Windows XP | ||
Windows 7 | ||
Windows 8 | ||
Windows 10 |
配置指南:
说明:
- SNI:服务器名称指示,这是一个的TLS扩展,允许服务器在相同的IP和端口上部署多个证书。
- PFS:PFS(perfect forward secrecy)完全正向保密,要求一个密钥只能用于一个连接,一个密钥被破解,并不影响其他密钥的安全性。
- HPKP:公钥固定,这是一种https网站防止攻击者使用CA错误颁发的证书进行中间人攻击的一种安全机制。
- HSTS:这是一个响应头,用来强制启用HTTPS协议,解决301跳转的劫持的问题。
- OCSP:Online Certificate Status Protocol 证书吊销状态在线检查协议。
- OCSP Stapling:OCSP装订,通过TLS握手时传输吊销状态,加快SSL完成握手的速度。
登录后查看更多信息
登录