www.kuguagantian.com -亚数信息-SSL/TLS安全评估报告

www.kuguagantian.com

IP address: 185.242.232.150 : four hundred and forty-three (Hong Kong)
Server: Apache

Site Title:	Bitter Melon Sweet Blog - love software, specialized Chinese, refined packaging, happy sharing
Test time:	2024-02-04 13:24:15 (Time consumption: 13 seconds)

certificate Expiration reminder Refresh presentation
View report QR code

Overview

Check whether the services deployed with SSL/TLS comply with industry best practices, PCI DSS payment card industry security standards, and Apple ATS specifications.

grade

ATS

Non conformance

PCI DSS

Non conformance

Reason for downgrade:

1. The main page references unsafe HTTP resources and is downgraded to B
2. An untrusted certificate is used and downgraded to T (special level)

Configuration Guide:

1. You need to configure an encryption suite that meets the PFS specification. Recommended configurations are:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4:! DH:! DHE ；
2. You need to enable TLS1.2 in the server TLS protocol. Recommended configurations: TLSv1 TLSv1.1 TLSv1.2 ；
3. Ensure that the current domain name matches the certificate used;
4. It is required to ensure that the certificate is within the validity period;
5. Certificates that need to use the SHA-2 signature algorithm;
6. It is necessary to ensure that the certificate issuing authority is a trusted CA authority.
7. The max age of HSTS (HTTP strict transmission security) should be greater than 15768000 seconds.
8. 《 HTTPS Security Best Practices 》

Certificate Information

detailed information

Trust Status	Untrustable
	yes
Common name	www.kuguagantian.com
Issuer	R3
Enable SNI	yes
Weak key detection	no
encryption algorithm	RSA 2048 bits
signature algorithm	SHA256WithRSA
Certificate Transparency (CT)	yes (Apple: (from certificate, valid))
Certificate brand	Let's Encrypt
Certificate Type	Self signature
start time	2023-12-25 04:45:55
End time	2024-03-24 04:45:54
Revocation Status	normal
OCSP staple status	I won't support it
OCSP must be bound	no
Organization	--
department	--
Alternate Name	www.kuguagantian.com www.kuguagantian.com

Certificate chain information Learn more Download certificate chain

detailed information

Issued to:	www.kuguagantian.com (The root certificate comes from the server, which will add additional handshake overhead)
Issued by:	R3
Encryption algorithm:	RSA 2048 bits
Signature algorithm:	SHA256WithRSA
Certificate thumbprint:	8FD94A4D7D7DFC3C613A526DC963A32C6EC6C232
Public key PIN value:	QI6p4pmgrP3Un+4wpbclE45XLWa7VswhpMgxLNnP2D0=
term of validity:	2023-12-25 ~ 2024-03-24 (Remaining -35 Days)

detailed information

Issued to:	R3 (The root certificate comes from the server, which will add additional handshake overhead)
Issued by:	ISRG Root X1
Encryption algorithm:	RSA 2048 bits
Signature algorithm:	SHA256WithRSA
Certificate thumbprint:	A053375BFE84E8B748782C7CEE15827A6AF5A405
Public key PIN value:	jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=
term of validity:	2020-09-04 ~ 2025-09-16 (Remaining five hundred and six Days)

detailed information

Issued to:	ISRG Root X1 (The root certificate comes from the server, which will add additional handshake overhead)
Issued by:	DST Root CA X3
Encryption algorithm:	RSA 4096 bits
Signature algorithm:	SHA256WithRSA
Certificate thumbprint:	933C6DDEE95C9C41A40F9F50493D82BE03AD87BF
Public key PIN value:	C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=
term of validity:	2021-01-21 ~ 2024-10-01 (Remaining one hundred and fifty-six Days)

Issued to:	www.kuguagantian.com (The root certificate comes from the server, which will add additional handshake overhead)
Issued by:	R3
Validity:	2023-12-25 ~ 2024-03-24 (Remaining -35 Days)

Issued to:	R3 (The root certificate comes from the server, which will add additional handshake overhead)
Issued by:	ISRG Root X1
Validity:	2020-09-04 ~ 2025-09-16 (Remaining five hundred and six Days)

Issued to:	ISRG Root X1 (The root certificate comes from the server, which will add additional handshake overhead)
Issued by:	DST Root CA X3
Validity:	2021-01-21 ~ 2024-10-01 (Remaining one hundred and fifty-six Days)

detailed information

Trust Status	Domain name mismatch (mainstream browser access is not affected, affecting a few old browsers that do not support SNI)
	no
Common name	(Mismatch)
Issuer	--
Enable SNI	no
Weak key detection	no
encryption algorithm	RSA 2048 bits
signature algorithm	MD5WithRSA
Certificate Transparency (CT)	no
Certificate brand	Other
Certificate Type	Self signature
start time	2022-04-25 21:57:10
End time	2032-04-22 21:57:10
Revocation Status	normal
OCSP staple status	I won't support it
OCSP must be bound	no
Organization	--
department	--
Alternate Name

Certificate chain information Learn more Download certificate chain

detailed information

Issued to:	(The root certificate comes from the server, which will add additional handshake overhead)
Issued by:
Encryption algorithm:	RSA 2048 bits
Signature algorithm:	MD5WithRSA
Certificate thumbprint:	01D39DF23D0EC197EC8C998011DD2B5B0C08C12C
Public key PIN value:	xy2E65K2Iv+RKvty3D2dKkHM8n45g91UD+4Cg/nx1wc=
term of validity:	2022-04-25 ~ 2032-04-22 (Remaining two thousand nine hundred and seventeen Days)

Issued to:	(The root certificate comes from the server, which will add additional handshake overhead)
Issued by:
Validity:	2022-04-25 ~ 2032-04-22 (Remaining two thousand nine hundred and seventeen Days)

Protocols and Kits

Support Agreement

TLS 1.3	support
TLS 1.2	support
TLS 1.1	support
TLS 1.0	I won't support it	zero
SSL 3	I won't support it
SSL 2	I won't support it

Supported encryption suite

TLS 1.3
(Server order first)

TLS_AES_256_GCM_SHA384 (0x1302) 256 bits FS Name: TLS_AES_256_GCM_SHA384
Code: 0x1302
Description: ECDH x25519 (eq. 3072 bits RSA)
Encryption strength: 256 bits
Forward encryption: YES
Safety: YES

TLS_CHACHA20_POLY1305_SHA256 (0x1303) 256 bits FS Name: TLS_CHACHA20_POLY1305_SHA256
Code: 0x1303
Description: ECDH x25519 (eq. 3072 bits RSA)
Encryption strength: 256 bits
Forward encryption: YES
Safety: YES

TLS_AES_128_GCM_SHA256 (0x1301) 128 bits FS Name: TLS_AES_128_GCM_SHA256
Code: 0x1301
Description: ECDH x25519 (eq. 3072 bits RSA)
Encryption strength: 128 bits
Forward encryption: YES
Safety: YES

TLS 1.2
(Server order first)

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8) 256 bits FS Name: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Code: 0xCCA8
Description: ECDH x25519 (eq. 3072 bits RSA)
Encryption strength: 256 bits
Forward encryption: YES
Safety: YES

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F) 128 bits FS Name: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Code: 0xC02F
Description: ECDH x25519 (eq. 3072 bits RSA)
Encryption strength: 128 bits
Forward encryption: YES
Safety: YES

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027) 128 bits FS Name: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Code: 0xC027
Description: ECDH x25519 (eq. 3072 bits RSA)
Encryption strength: 128 bits
Forward encryption: YES
Safety: YES

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013) 128 bits FS Name: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Code: 0xC013
Description: ECDH x25519 (eq. 3072 bits RSA)
Encryption strength: 128 bits
Forward encryption: YES
Safety: YES

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9C) 128 bits Name: TLS_RSA_WITH_AES_128_GCM_SHA256
Code: 0x9C
Description:
Encryption strength: 128 bits
Forward encryption: NO
Security: WEAK

TLS_RSA_WITH_AES_128_CCM_8 (0xC0A0) 128 bits Name: TLS_RSA_WITH_AES_128_CCM_8
Code: 0xC0A0
Description:
Encryption strength: 128 bits
Forward encryption: NO
Security: WEAK

TLS_RSA_WITH_AES_128_CCM (0xC09C) 128 bits Name: TLS_RSA_WITH_AES_128_CCM
Code: 0xC09C
Description:
Encryption strength: 128 bits
Forward encryption: NO
Security: WEAK

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3C) 128 bits Name: TLS_RSA_WITH_AES_128_CBC_SHA256
Code: 0x3C
Description:
Encryption strength: 128 bits
Forward encryption: NO
Security: WEAK

TLS_RSA_WITH_AES_128_CBC_SHA (0x2F) 128 bits Name: TLS_RSA_WITH_AES_128_CBC_SHA
Code: 0x2F
Description:
Encryption strength: 128 bits
Forward encryption: NO
Security: WEAK

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030) 256 bits FS Name: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Code: 0xC030
Description: ECDH x25519 (eq. 3072 bits RSA)
Encryption strength: 256 bits
Forward encryption: YES
Safety: YES

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028) 256 bits FS Name: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Code: 0xC028
Description: ECDH x25519 (eq. 3072 bits RSA)
Encryption strength: 256 bits
Forward encryption: YES
Safety: YES

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014) 256 bits FS Name: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Code: 0xC014
Description: ECDH x25519 (eq. 3072 bits RSA)
Encryption strength: 256 bits
Forward encryption: YES
Safety: YES

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9D) 256 bits Name: TLS_RSA_WITH_AES_256_GCM_SHA384
Code: 0x9D
Description:
Encryption strength: 256 bits
Forward encryption: NO
Security: WEAK

TLS_RSA_WITH_AES_256_CCM_8 (0xC0A1) 256 bits Name: TLS_RSA_WITH_AES_256_CCM_8
Code: 0xC0A1
Description:
Encryption strength: 256 bits
Forward encryption: NO
Security: WEAK

TLS_RSA_WITH_AES_256_CCM (0xC09D) 256 bits Name: TLS_RSA_WITH_AES_256_CCM
Code: 0xC09D
Description:
Encryption strength: 256 bits
Forward encryption: NO
Security: WEAK

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3D) 256 bits Name: TLS_RSA_WITH_AES_256_CBC_SHA256
Code: 0x3D
Description:
Encryption strength: 256 bits
Forward encryption: NO
Security: WEAK

TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 bits Name: TLS_RSA_WITH_AES_256_CBC_SHA
Code: 0x35
Description:
Encryption strength: 256 bits
Forward encryption: NO
Security: WEAK

TLS 1.1
(Server order first)

TLS_RSA_WITH_AES_128_CBC_SHA (0x2F) 128 bits Name: TLS_RSA_WITH_AES_128_CBC_SHA
Code: 0x2F
Description:
Encryption strength: 128 bits
Forward encryption: NO
Security: WEAK

TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 bits Name: TLS_RSA_WITH_AES_256_CBC_SHA
Code: 0x35
Description:
Encryption strength: 256 bits
Forward encryption: NO
Security: WEAK

Agreement Details

HTTP/2	support
New TLS configuration	yes
Support TLS 1.3	support
Expected CT	I won't support it
OCSP Stapling	I won't support it
Prevent downgrade attack	support
Forward secrecy	support
HTTP Strict Transport Security (HSTS)	I won't support it
Public key fixed (HPKP)	I won't support it
Public key fixed report	I won't support it
XSS protection	I won't support it
CAA	I won't support it
NPN	I won't support it
ALPN	support	h2,http/1.1
TLS Heartbeat (Extended)	I won't support it
EC elliptic curve supported	support	X25519, secp256r1, x448, secp521r1, secp384r1 (server order first)
SSL2 handshake compatible	support
Session recovery (caching)	I won't support it	The server does not assign a SessionID
Session recovery (Ticket)	support
STARTTLS	I won't support it
Too long ClientHello compatible	I won't support it
Unknown TLS version compatible	I won't support it
Incorrect SNI warning	I won't support it
DH public key parameter reuse	no	DHE series encryption suite is not supported
ECDH public key parameter reuse	no
Server side security renegotiation	support
Client security renegotiation	I won't support it
Unsafe client renegotiation	I won't support it
Support RC4 suite	I won't support it
Is it a mail server	no

SSL vulnerability

	Whether it affects	Risk coefficient	explain
	Due to system upgrade, relevant functions are suspended!
DROWN vulnerability
OpenSSL Padding Oracle attack
FREAK vulnerability
Logjam vulnerability
OpenSSL CCS injection vulnerability
Heartbleed
POODLE vulnerability
CRIME vulnerability

Client Handshake Simulation

Android 4.4.2 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Android 5.0.0 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Android 6.0 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > http/1.1	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Android 7.0 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Android 8.0 No FS^one No SNI^two	Handshake_failure
Android 9.0 No FS^one No SNI^two	Handshake_failure
Baiduspider/2.0 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Googlebot/2.0 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
YandexBot July 2018 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
360Spider July 2018 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
SougouSpider July 2018 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Baidu HTTPS authentication No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
BingPreview Jan 2015 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Chrome 49 / XP SP3 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Chrome 51 / Win 7 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Chrome 63 /macOS High Sierra 10.13.2 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Chrome 69 / Win 10 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Chrome 71 / Win 10 No FS^one No SNI^two	RSA(SHA256)	TLSv1.3	TLS_AES_256_GCM_SHA384
Chrome 80 / Win 10 No FS^one No SNI^two	RSA(SHA256)	TLSv1.3	TLS_AES_256_GCM_SHA384
Firefox 31.3.0 ESR / Win 7 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Firefox 47 / Win 7 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Firefox 49 / XP SP3 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Firefox 49 / Win 7 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Firefox 57 /macOS High Sierra 10.13.2 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Firefox 62 / Win 10 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Firefox 64 / win 10 No FS^one No SNI^two	RSA(SHA256)	TLSv1.3	TLS_AES_256_GCM_SHA384
Firefox 73 / Win 10 No FS^one No SNI^two	RSA(SHA256)	TLSv1.3	TLS_AES_256_GCM_SHA384
IE 6 / XP No FS^one No SNI^two	Handshake_failure
IE 7 / Vista No FS^one No SNI^two	Handshake failed (protocol_version)
IE 8 / XP No FS^one No SNI^two	Handshake failed (protocol_version)
IE 8-10 / Win 7 No FS^one No SNI^two	Handshake failed (protocol_version)
IE 11 / Win 7 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 FS
IE 11 / Win 8.1 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > http/1.1	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 FS
IE 10 / Win Phone 8.0 No FS^one No SNI^two	Handshake failed (protocol_version)
IE 11 / Win Phone 8.1 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > http/1.1	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 FS
IE 11 / Win Phone 8.1 Update No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > http/1.1	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 FS
IE 11 / Win 10 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Edge 13 / Win 10 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Edge 13 / Win Phone 10 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Java 6u45 No FS^one No SNI^two	Handshake failed (protocol_version)
Java 7u25 No FS^one No SNI^two	Handshake failed (protocol_version)
Java 8u31 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Java 11.0.3 No FS^one No SNI^two	Handshake failed (illegal_parameter)
OpenSSL 0.9.8y No FS^one No SNI^two	Handshake failed (protocol_version)
OpenSSL 1.0.1l No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
OpenSSL 1.0.2e No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Openssl 1.1.1 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Safari 5.1.9 / OS X 10.6.8 No FS^one No SNI^two	Handshake failed (protocol_version)
Safari 6 / iOS 6.0.1 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 FS
Safari 6.0.4 / OS X 10.8.4 No FS^one No SNI^two	Handshake failed (protocol_version)
Safari 7 / iOS 7.1 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 FS
Safari 7 / OS X 10.9 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 FS
Safari 8 / iOS 8.4 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 FS
Safari 8 / OS X 10.10 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 FS
Safari 9 / iOS 9 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Safari 9 / OS X 10.11 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Safari 10 / iOS 10 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Safari 10 / OS X 10.12 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Apple ATS 9 / iOS 9 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Yahoo Slurp Jan 2015 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
UC Browser 6 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
360 Browser 13 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
360 Speed Browser 8 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
360 Browser12 No FS^one No SNI^two	RSA(SHA256)	TLSv1.3	TLS_AES_256_GCM_SHA384
360 Browser 8 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
QQ Browser 9 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Window of the World Browser 7 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Cheetah Browser 6 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Aoyou Browser 5 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 FS
Sogou browser 7 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 FS
Baidu Browser 8 No FS^one No SNI^two	RSA(SHA256)	TLSv1.2	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 FS

Certificate compatibility test

	RSA	RSA
Android 2.3 (Gingerbread)
Android 4.0 (Ice Cream Sandwich)
Android 4.1 (Jelly Bean)
Android 4.2 (Jelly Bean)
Android 4.3 (Jelly Bean)
Android 4.4 (KitKat)
Android 5.0 (Lollipop)
Android 5.1 (Lollipop)
Android 6.0 (Marshmallow)
Android 7.0 (Android Nougat)
Android 7.1 (Android Nougat)
Android 8.0 (Android Oreo)
Android 9.0 (Android Pie)
Android 10.0 (Android Q)
Android 11.0 (Android R)
iOS 5-6
iOS 7
iOS 8
iOS 9
iOS 10
iOS 11
iOS 12
iOS 13
iOS 14
OS X 10.9 (Mavericks)
OS X 10.10 (Yosemite)
OS X 10.11 (Eicapitan)
OS X 10.12 (Sierra)
OS X 10.13 (High Sierra)
OS X 10.14 (Mojave)
java 7u181
java 8u161
java_8u181
java_8u202
java 9
java 10
java 11
java 12
java 13
java 17
Firefox 3.0
Firefox 3.5
Firefox 3.6
Firefox 6.0
Firefox 16
Firefox 23
Firefox 32
Firefox 42
Firefox 50
Firefox 51
Firefox 54
Firefox 58
Firefox 63
Firefox 65
Windows XP
Windows 7
Windows 8
Windows 10

Configuration Guide:

explain:

More>>

View more information after login

Domain name SSL authentication hot

CAA detection

SSL CDN detection new

International client detection hot

ATS compliance testing hot

HTTP/2 supports detection

SSL status detection

SSL Configuration Generator hot

Mail server detection new

CSR online generation hot

CSR View

Certificate format conversion

Certificate View

Public private key matching

Private key encryption and decryption

Test certificate generation new

Certificate chain download hot

OCSP Revocation Information Query hot

Certificate transparency information query hot

TLS ROBOT vulnerability detection new

HeartBleed vulnerability detection

FREAK Attack vulnerability detection

SSL POODLE vulnerability detection

CSS injection vulnerability detection

CBC Padding Oracle detection

MySSL security signature hot

Punycode codec new

GMSSL.cn Technical Website new

www.kuguagantian.com

Overview

Certificate Information

Certificate chain information Learn more Download certificate chain

Certificate chain information Learn more Download certificate chain

Protocols and Kits

Support Agreement

Supported encryption suite

Agreement Details

SSL vulnerability

Client Handshake Simulation

Certificate compatibility test

Configuration Guide:

explain:

Domain name SSL authentication^hot

SSL CDN detection^new

International client detection^hot

ATS compliance testing^hot

SSL Configuration Generator^hot

Mail server detection^new

CSR online generation^hot

Test certificate generation^new

Certificate chain download^hot

OCSP Revocation Information Query^hot

Certificate transparency information query^hot

TLS ROBOT vulnerability detection^new

MySSL security signature^hot

Punycode codec^new

GMSSL.cn Technical Website^new