@@ -41,20 +41,31 @@ TLS-Scanner uses the concept of "checks" which are performed after it collected
4141There are currently multiple checks implemented:
4242
4343
44- | Check | Meaning |
45- | ------------------------------- | :------------------------------------------------------------------------:|
46- | CERTIFICATE_EXPIRED | Checks if the Certificate is expired yet |
47- | CERTIFICATE_NOT_VALID_YET | Checks if the Certificate is valid yet |
48- | CERTIFICATE_WEAK_HASH_FUNCTION | Checks if the Server uses a weak Hash algorithm for its Certificate |
49- | CERTIFICATE_WEAK_SIGN_ALGORITHM | Checks if the Server uses a weak Signature algorithm for its Certificate |
50- | CERTIFICATE_NOT_SENT_BY_SERVER | Checks if the Server did sent a Certificate at all |
51- | CIPHERSUITE_ANON | Checks if the Server has Anon Ciphersuites enabled |
52- | CIPHERSUITE_CBC | Checks if the Server has CBC Ciphersuites enabled for TLS 1.0 |
53- | CIPHERSUITE_EXPORT | Checks if the Server has Export Ciphersuites enabled |
54- | CIPHERSUITE_NULL | Checks if the Server has Null Ciphersuites enabled |
55- | CIPHERSUITE_RC4 | Checks if the Server has RC4 Ciphersuites enabled |
56- | CIPHERSUITEORDER_ENFORCED | Checks if the Server does not enforce a Ciphersuite ordering |
57- | PROTOCOLVERSION_SSL2 | Checks if SSL 2 is enabled |
58- | PROTOCOLVERSION_SSL3 | Checks if SSL 3 is enabled |
44+ | Check | Meaning |
45+ | ------------------------------- | :-----------------------------------------------------------------------------:|
46+ | CERTIFICATE_EXPIRED | Checks if the Certificate is expired yet |
47+ | CERTIFICATE_NOT_VALID_YET | Checks if the Certificate is valid yet |
48+ | CERTIFICATE_WEAK_HASH_FUNCTION | Checks if the Server uses a weak Hash algorithm for its Certificate |
49+ | CERTIFICATE_WEAK_SIGN_ALGORITHM | Checks if the Server uses a weak Signature algorithm for its Certificate |
50+ | CERTIFICATE_NOT_SENT_BY_SERVER | Checks if the Server did sent a Certificate at all |
51+ | CIPHERSUITE_ANON | Checks if the Server has Anon Ciphersuites enabled |
52+ | CIPHERSUITE_CBC | Checks if the Server has CBC Ciphersuites enabled for TLS 1.0 |
53+ | CIPHERSUITE_EXPORT | Checks if the Server has Export Ciphersuites enabled |
54+ | CIPHERSUITE_NULL | Checks if the Server has Null Ciphersuites enabled |
55+ | CIPHERSUITE_RC4 | Checks if the Server has RC4 Ciphersuites enabled |
56+ | CIPHERSUITEORDER_ENFORCED | Checks if the Server does not enforce a Ciphersuite ordering |
57+ | PROTOCOLVERSION_SSL2 | Checks if SSL 2 is enabled |
58+ | PROTOCOLVERSION_SSL3 | Checks if SSL 3 is enabled |
59+ | ATTACK_HEARTBLEED | Checks if the Server is vulnerable to Heartbleed |
60+ | ATTACK_PADDING | Checks if the Server is vulnerable to a Padding_Oracle Attack (BETA) |
61+ | ATTACK_BLEICHENBACHER | Checks if the Server is vulnerable to the Bleichenbacher Attack (BETA) |
62+ | ATTACK_POODLE | Checks if the Server is vulnerable to the Poodle Attack (BETA) |
63+ | ATTACK_TLS_POODLE | Checks if the Server is vulnerable to the TLS variant of Poolde (BETA) |
64+ | ATTACK_CVE20162107 | Checks if the Server is vulnerable to CVE20162107 (BETA) y |
65+ | ATTACK_INVALID_CURVE | Checks if the Server is vulnerable to the Invalid Curve Attack (BETA) |
66+ | ATTACK_INVALID_CURVE_EPHEMERAL | Checks if the Server is vulnerable to an Ephemeral Invalid Curve Attack(BETA) |
67+
68+
69+
5970
6071** Please note:** * A check with a _ result_ of true is considered non optimal*
0 commit comments