updated: Saturday, 07 December 2019, 16:17:36


Validity

Valid fromTuesday, 18 December 2012, 00:00:00
Valid untilSunday, 25 January 2015, 23:59:59
Trust Store 'Apple - OS X 10.9.2'ok
Trust Store 'Microsoft - 04/2014'ok
Trust Store 'Mozilla NSS - 01/2014'ok (EV)
Trust Store 'Java 6 - Update 65'ok
OCSPServer did not send back an OCSP response

Vulnerability

Heartbleed (CVE-2014-0160)NOT vulnerable (ok)
Session Resumption With TLS Ticketsno
Session Resumption With Session IDsno
Session Renegotiation Can Be Client Initiatedno
TLS compressionno
Renegotiation (CVE 2009-3555)NOT vulnerable (ok)
CRIME, TLS (CVE-2012-4929)NOT vulnerable (ok)

Server

SSL Report Forthebodyshop-usa.com (69.172.201.62:443)
OCSP staplingno
HSTSno
Servernginx/1.7.2
Application X-Powered-By: ASP.NET
Default negotiated protocolTLSv1
Default negotiated cipherRC4-SHA
Default server key size2048 bit
TLS server extensionsrenegotiation info, session ticket
Session Tickets RFC 5077(none)
SPDY/NPNnot offered

Certificate

Common Namesecure.thebodyshop-usa.com
Alternative namessecure.thebodyshop-usa.com
KeyrsaEncryption, 2048 bit
OrganizationThe Body Shop International Plc
State/ProvinceWest Sussex
CountryGB
LocalityLittlehampton
IssuerVeriSign Class 3 Extended Validation SSL SGC CA, US
Signature algorithmsha1WithRSAEncryption
Revocation CRLCRL (http://EVIntl-crl.verisign.com/EVIntl2006.crl)
Revocation OCSPOCSP (http://ocsp.verisign.com)

Protocols

SSL 2NOT offered (ok)
SSL 3offered
TLS 1.0offered (ok)
TLS 1.1not offered
TLS 1.2not offered

Standard cipher lists

Null CipherNOT offered (ok)
Anonymous NULL CipherNOT offered (ok)
Anonymous DH CipherNOT offered (ok)
40 Bit encryptionNOT offered (ok)
56 Bit encryptionNOT offered (ok)
DES CipherNOT offered (ok)
Triple DES Cipheroffered
Medium grade encryptionoffered
High grade encryptionoffered (ok)
Labels in table: strong strong, default for protocol weak vulnerable

TLS 1.2TLS 1.1TLS 1.0SSL 3SSL 2
RC4-SHA128128
CAMELLIA256-SHA256256
AES256-SHA256256
DES-CBC3-SHA168168
CAMELLIA128-SHA128128
AES128-SHA128128
ECDHE-RSA-NULL-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-RSA-RC4-SHA
EDH-DSS-DES-CBC-SHA
EXP-ADH-RC4-MD5
EXP-DES-CBC-SHA
EXP-ADH-DES-CBC-SHA
EDH-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
EDH-RSA-DES-CBC-SHA
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA
ECDH-RSA-RC4-SHA
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-ECDSA-DES-CBC3-SHA
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-NULL-SHA
ECDHE-ECDSA-RC4-SHA
EXP-EDH-DSS-DES-CBC-SHA
IDEA-CBC-SHA
SRP-DSS-AES-128-CBC-SHA
SRP-DSS-AES-256-CBC-SHA
SRP-DSS-3DES-EDE-CBC-SHA
SRP-AES-256-CBC-SHA
SRP-AES-128-CBC-SHA
SRP-RSA-3DES-EDE-CBC-SHA
SRP-RSA-AES-128-CBC-SHA
IDEA-CBC-MD5
RC2-CBC-MD5
DES-CBC3-MD5
DES-CBC-MD5
SRP-RSA-AES-256-CBC-SHA
SRP-3DES-EDE-CBC-SHA
SEED-SHA
NULL-MD5
NULL-SHA
ECDH-RSA-NULL-SHA
EXP-RC4-MD5
EXP-RC2-CBC-MD5
NULL-SHA256
PSK-3DES-EDE-CBC-SHA
RC4-MD5
PSK-RC4-SHA
PSK-AES256-CBC-SHA
PSK-AES128-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
ECDH-RSA-AES256-GCM-SHA384
AES128-SHA256
AES256-GCM-SHA384
AES128-GCM-SHA256
AECDH-RC4-SHA
AECDH-NULL-SHA
AES256-SHA256
DES-CBC-SHA
DHE-DSS-AES256-GCM-SHA384
DHE-DSS-AES256-SHA
DHE-DSS-AES128-SHA256
DHE-DSS-AES128-SHA
DHE-DSS-AES128-GCM-SHA256
AECDH-DES-CBC3-SHA
AECDH-AES256-SHA
ADH-AES256-SHA
ADH-AES256-SHA256
ADH-AES256-GCM-SHA384
ADH-AES128-SHA256
ADH-AES128-SHA
ADH-CAMELLIA128-SHA
ADH-CAMELLIA256-SHA
ADH-SEED-SHA
AECDH-AES128-SHA
ADH-RC4-MD5
ADH-DES-CBC3-SHA
ADH-DES-CBC-SHA
DHE-DSS-AES256-SHA256
DHE-DSS-CAMELLIA128-SHA
ECDH-ECDSA-DES-CBC3-SHA
ECDH-ECDSA-NULL-SHA
ECDH-ECDSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-ECDSA-RC4-SHA
ECDH-RSA-AES128-GCM-SHA256
ECDH-RSA-AES256-SHA
ECDH-RSA-AES256-SHA384
ADH-AES128-GCM-SHA256
ECDH-RSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA
DHE-RSA-AES128-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-GCM-SHA256
DHE-DSS-SEED-SHA
DHE-DSS-CAMELLIA256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA
DHE-RSA-SEED-SHA
ECDH-ECDSA-AES128-GCM-SHA256
DHE-RSA-CAMELLIA256-SHA
DHE-RSA-CAMELLIA128-SHA
DHE-RSA-AES256-SHA256
ECDH-RSA-DES-CBC3-SHA
Trusted By Apple - OS X 10.9.2
thebodyshop-usa.com (69.172.201.62:443)
Trusted By Apple - OS X 10.9.2
Trusted By Java 6 - Update 65
thebodyshop-usa.com (69.172.201.62:443)
Trusted By Java 6 - Update 65
Trusted By Microsoft - 04/2014
thebodyshop-usa.com (69.172.201.62:443)
Trusted By Microsoft - 04/2014
Trusted By Mozilla NSS - 01/2014
thebodyshop-usa.com (69.172.201.62:443)
Trusted By Mozilla NSS - 01/2014
Server did not send back an OCSP response
OCSP
Server did not send back an OCSP response
https://raymii.org/s/tutorials/OCSP_Stapling_on_nginx.html
Certificate Not Matches Server Hostname
thebodyshop-usa.com (69.172.201.62:443)
Not valid for 'thebodyshop-usa.com'