HTTPS Everywhere website with insecurity!

See the Crypto Report: t-engine.org

Please contact the Certificate Authority for further verification. Warnings BEAST The BEAST attack is not mitigated on this server. RC4 This server uses the RC4 cipher algorithm which is not secure. Disable the RC4 cipher suite and update the server software to support the Advanced Encryption Standard (AES) cipher algorithm. Contact your web server vendor for assistance. SSLv3 This server uses the SSLv3 protocol which is not secure. Disable the SSLv3 protocol and enable a higher protocol version. Contact your web server vendor for assistance. TLS1.2 This server does not support the latest TLS protocol. Enable the latest TLS1.2 protocol. Contact your web server vendor for further assistance. This server is vulnerable to: SSL/TLS Compression This server is vulnerable to a CRIME attack. Disable SSL/TLS compression. Contact your web server vendor for assistance. Poodle (SSLv3) This server is vulnerable to a Poodle (SSLv3) attack. If you have not disabled SSLv3 fallback support, disable it now and use TLS 1.2 or higher. Certificate information This server uses a Domain Validated (DV) certificate. No information about the site owner has been validated. Data is protected, but exchanging personal or financial information is not recommended. Common name: www.t-engine.org SAN: www.t-engine.org, t-engine.org Valid from: 2015-Apr-30 16:49:30 GMT Valid to: 2016-Apr-30 13:26:04 GMT Certificate status: Valid Revocation check method: OCSP Organization:

Organizational unit:

City/locality:

State/province:

Country:
JP
Certificate Transparency:
Not Enabled
Serial number:
059e9b737e49b4
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
StartCom Class 1 Primary Intermediate Server CAIntermediate certificate
www.t-engine.orgTested certificate
Server configuration
Host name:
www.t-engine.org
Server type:
Apache/2.2.3 (CentOS)
IP address:
202.32.0.87
Port number:
443
SSL/TLS compression:
Enabled
Heartbeat (extension):
Not Enabled
RC4:
Enabled
OCSP stapling:
Not Enabled
Protocols enabled:
TLS1.0
SSLv3
Protocols not enabled:
TLS1.2
TLS1.1
SSLv2

Vulnerabilities checked:
Heartbleed
Poodle (TLS)
Poodle (SSLv3)
FREAK
BEAST
CRIME
Cipher suites enabled:
TLS_RSA_WITH_RC4_128_MD5 (0x0004)
TLS_RSA_WITH_RC4_128_SHA (0x0005)
TLS_RSA_WITH_DES_CBC_SHA (0x0009)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A)
TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002F)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)


DROWn vulnerable: https://test.drownattack.com/?site=https%3A%2F%2Fwww.t-engine.org
A meagre F-Rating here: https://www.ssllabs.com/ssltest/analyze.html?d=t-engine.org
Problematic sub-domains and redirecting…problematic F-Status: https://securityheaders.io/?q=https%3A%2F%2Ft-engine.org

polonus