updated: Saturday, 17 August 2019, 09:11:26


Validity

Valid fromWednesday, 21 October 2015, 00:00:00
Valid untilWednesday, 28 November 2018, 12:00:00
Certificate Matches Server Hostnameyes (cityofboston.gov)
Trust Store 'Apple - OS X 10.9.2'ok
Trust Store 'Microsoft - 04/2014'ok
Trust Store 'Mozilla NSS - 01/2014'ok (not EV)
Trust Store 'Java 6 - Update 65'ok
OCSPTrusted By Mozilla CA Store

Vulnerability

Heartbleed (CVE-2014-0160)yes
Session Resumption With TLS Ticketsyes
Session Resumption With Session IDs5 / 5
Session Renegotiation Can Be Client Initiatedyes
TLS compressionno
Renegotiation (CVE 2009-3555)Patched Server detected (0,1), probably ok
CRIME, TLS (CVE-2012-4929)NOT vulnerable (ok)

Server

SSL Report Forcityofboston.gov (107.154.103.10:443)
OCSP staplingyes
HSTS365 days (31536000 s)
Server(None, strange)
Application (None)
Default negotiated protocolTLSv1.2
Default negotiated cipherECDHE-RSA-AES128-GCM-SHA256
Default server key size2048 bit
TLS server extensionsserver name, renegotiation info, EC point formats, session ticket, heartbeat
Session Tickets RFC 5077300 seconds
SPDY/NPNhttp/1.1 (advertised)

Certificate

Common Name*.cityofboston.gov
Alternative names*.cityofboston.gov, cityofboston.gov
KeyrsaEncryption, 2048 bit
OrganizationCity of Boston
State/ProvinceMassachusetts
CountryUS
LocalityBoston
IssuerDigiCert SHA2 High Assurance Server CA, US
Signature algorithmsha256WithRSAEncryption
Revocation CRLCRL (http://crl3.digicert.com/sha2-ha-server-g4.crl)
Revocation OCSPOCSP (http://ocsp.digicert.com)

Protocols

SSL 2NOT offered (ok)
SSL 3NOT offered (ok)
TLS 1.0not offered
TLS 1.1not offered
TLS 1.2offered (ok)

Standard cipher lists

Null CipherNOT offered (ok)
Anonymous NULL CipherNOT offered (ok)
Anonymous DH CipherNOT offered (ok)
40 Bit encryptionNOT offered (ok)
56 Bit encryptionNOT offered (ok)
DES CipherNOT offered (ok)
Triple DES Ciphernot offered
Medium grade encryptionnot offered
High grade encryptionoffered (ok)
Labels in table: strong strong, default for protocol weak vulnerable

TLS 1.2TLS 1.1TLS 1.0SSL 3SSL 2
ECDHE-RSA-AES128-GCM-SHA256128
ECDHE-RSA-AES256-SHA256
ECDHE-RSA-AES256-GCM-SHA384256
AES256-SHA256256
CAMELLIA256-SHA256
ECDHE-RSA-AES256-SHA384256
AES256-SHA256
AES256-GCM-SHA384256
AES128-GCM-SHA256128
AES128-SHA256128
CAMELLIA128-SHA128
AES128-SHA128
ECDHE-RSA-AES128-SHA256128
ECDHE-RSA-AES128-SHA128
EXP-DES-CBC-SHA
EXP-ADH-RC4-MD5
EXP-ADH-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EDH-RSA-DES-CBC3-SHA
EXP-EDH-RSA-DES-CBC-SHA
NULL-MD5
IDEA-CBC-SHA
EXP-RC4-MD5
EXP-RC2-CBC-MD5
EDH-RSA-DES-CBC-SHA
EDH-DSS-DES-CBC-SHA
NULL-SHA
ECDHE-ECDSA-AES256-SHA384
ECDHE-ECDSA-DES-CBC3-SHA
ECDHE-ECDSA-NULL-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-RC4-SHA
ECDHE-RSA-RC4-SHA
ECDHE-RSA-NULL-SHA
ECDHE-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
SEED-SHA
SRP-RSA-AES-128-CBC-SHA
SRP-RSA-3DES-EDE-CBC-SHA
SRP-DSS-AES-256-CBC-SHA
SRP-DSS-AES-128-CBC-SHA
SRP-RSA-AES-256-CBC-SHA
DES-CBC-MD5
RC2-CBC-MD5
IDEA-CBC-MD5
DES-CBC3-MD5
SRP-DSS-3DES-EDE-CBC-SHA
SRP-AES-256-CBC-SHA
PSK-RC4-SHA
PSK-AES256-CBC-SHA
PSK-AES128-CBC-SHA
PSK-3DES-EDE-CBC-SHA
RC4-MD5
RC4-SHA
SRP-AES-128-CBC-SHA
SRP-3DES-EDE-CBC-SHA
ECDHE-ECDSA-AES256-GCM-SHA384
NULL-SHA256
ECDHE-ECDSA-AES128-SHA256
DHE-DSS-AES128-GCM-SHA256
DHE-DSS-AES128-SHA
DES-CBC3-SHA
DES-CBC-SHA
AECDH-NULL-SHA
AECDH-RC4-SHA
DHE-DSS-AES128-SHA256
DHE-DSS-AES256-GCM-SHA384
DHE-DSS-CAMELLIA256-SHA
DHE-DSS-SEED-SHA
DHE-DSS-CAMELLIA128-SHA
DHE-DSS-AES256-SHA256
DHE-DSS-AES256-SHA
AECDH-DES-CBC3-SHA
AECDH-AES256-SHA
ADH-AES256-SHA
ADH-AES256-SHA256
ADH-AES256-GCM-SHA384
ADH-AES128-SHA256
ADH-AES128-SHA
ADH-CAMELLIA128-SHA
ADH-CAMELLIA256-SHA
ADH-SEED-SHA
AECDH-AES128-SHA
ADH-RC4-MD5
ADH-DES-CBC3-SHA
ADH-DES-CBC-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA
ECDH-RSA-AES128-SHA256
ECDH-RSA-AES256-GCM-SHA384
ECDH-RSA-AES128-SHA
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-NULL-SHA
ECDH-ECDSA-RC4-SHA
ECDH-RSA-AES256-SHA
ECDH-RSA-AES256-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA
ECDH-RSA-RC4-SHA
ECDH-RSA-NULL-SHA
ECDH-RSA-DES-CBC3-SHA
ECDH-ECDSA-DES-CBC3-SHA
ECDH-ECDSA-AES256-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-CAMELLIA128-SHA
DHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES128-SHA256
DHE-RSA-CAMELLIA256-SHA
DHE-RSA-SEED-SHA
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-SHA
ECDH-ECDSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA
ECDH-ECDSA-AES128-GCM-SHA256
ADH-AES128-GCM-SHA256
OCSP Trusted
cityofboston.gov (107.154.103.10:443)
OCSP Trusted By Mozilla CA Store
Trusted By Apple - OS X 10.9.2
cityofboston.gov (107.154.103.10:443)
Trusted By Apple - OS X 10.9.2
Trusted By Java 6 - Update 65
cityofboston.gov (107.154.103.10:443)
Trusted By Java 6 - Update 65
Trusted By Microsoft - 04/2014
cityofboston.gov (107.154.103.10:443)
Trusted By Microsoft - 04/2014
Trusted By Mozilla NSS - 01/2014
cityofboston.gov (107.154.103.10:443)
Trusted By Mozilla NSS - 01/2014
Heartbleed Vulnerable
cityofboston.gov (107.154.103.10:443)
Session Renegotiation Can Be Client Initiated
cityofboston.gov (107.154.103.10:443)