You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
mozilla-old.badssl.com:443: FAILED - Not compliant with Mozilla's "old" configuration.
* maximum_certificate_lifespan: Certificate life span is 785 days, should be less than 366.
* ciphers: Cipher suites {'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA', 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA', 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA', 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_DHE_RSA_WITH_SEED_CBC_SHA', 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA', 'TLS_RSA_WITH_SEED_CBC_SHA'} are supported, but should be rejected.
For mozilla-intermediate.badssl.com:
mozilla-intermediate.badssl.com:443: FAILED - Not compliant with Mozilla's "intermediate" configuration.
* maximum_certificate_lifespan: Certificate life span is 785 days, should be less than 366.
* tls_versions: TLS versions {'TLSv1.1', 'TLSv1'} are supported, but should be rejected.
* ciphers: Cipher suites {'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA', 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_RSA_WITH_AES_256_CBC_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_CBC_SHA', 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_RSA_WITH_AES_128_CBC_SHA', 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384'} are supported, but should be rejected.
For mozilla-modern.badssl.com:
mozilla-modern.badssl.com:443: FAILED - Not compliant with Mozilla's "modern" configuration.
* maximum_certificate_lifespan: Certificate life span is 785 days, should be less than 90.
* certificate_types: Deployed certificate types are {'rsa'}, should have at least one of {'ecdsa'}.
* certificate_signatures: Deployed certificate signatures are {'sha256WithRSAEncryption'}, should have at least one of {'ecdsa-with-SHA512', 'ecdsa-with-SHA256', 'ecdsa-with-SHA384'}.
* tls_versions: TLS versions {'TLSv1.2'} are supported, but should be rejected.
* ciphers: Cipher suites {'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'} are supported, but should be rejected.
Thanks for maintaining badssl.com btw - it is immensely helpful 👌.
The text was updated successfully, but these errors were encountered:
The mozilla-xxx.badssl.com servers used to test Mozilla compliance are not actually compliant with the latest Mozilla profile, which is version 5.6.
This was tested using using SSLyze version 5.0.0.
For mozilla-old.badssl.com:
For mozilla-intermediate.badssl.com:
For mozilla-modern.badssl.com:
Thanks for maintaining badssl.com btw - it is immensely helpful 👌.
The text was updated successfully, but these errors were encountered: