Deep SSL/TLS Vulnerability Test
This report provides a deep analysis of the SSL/TLS configuration of pktech.net. It checks for protocol support, cipher strength, and known vulnerabilities.
Scan Results
Testing all IP addresses (port 443): 199.60.103.5 199.60.103.105 ----------------------------------------------------- Start 2026-03-04 08:06:33 -->> 199.60.103.5:443 (pktech.net) <<-- Further IP addresses: 199.60.103.105 rDNS (199.60.103.5): -- Service detected: HTTP Testing for server implementation bugs No bugs found. Testing HTTP header response @ "/" HTTP Status Code 200 OK HTTP clock skew 0 sec from localtime IPv4 address in header Set-Cookie: __cf_bm=Kfg8ppO8aRh7M5xNTj3MPi1FoCiMwcNCk2cWH08Tiwo-1772611623-1.0.1.1-NmGzk5wWovwplnWx6f2JP94YgAeMalI0GPr5t5dtqRXKo9o.ge2qlRpNGOfnZ3j0H89ifR1E4SGGo60meHG3qmVsqkn9ygxg1zCAPzLw8U8; path=/; expires=Wed, 04-Mar-26 08:37:03 GMT; domain=.pktech.net; HttpOnly; Secure; SameSite=None (check if it's your IP address or e.g. a cluster IP) Set-Cookie: _cfuvid=iT4VotwkbGkjxSvNffI9FTjDO2shoQFh7AQ5lm5B7VE-1772611623618-0.0.1.1-604800000; path=/; domain=.pktech.net; HttpOnly; Secure; SameSite=None Strict Transport Security 365 days=31536000 s, just this domain Public Key Pinning -- Server banner cloudflare Application banner -- Cookie(s) 2 issued: 2/2 secure, 2/2 HttpOnly Security headers Content-Security-Policy: upgrade-insecure-requests Referrer-Policy: no-referrer-when-downgrade Cache-Control: s-maxage=36000, max-age=5 Reverse Proxy banner -- Testing vulnerabilities Secure Renegotiation (RFC 5746) supported (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) potentially NOT ok, "br gzip" HTTP compression detected. - only supplied "/" tested Can be ignored for static pages or if no secrets in the page POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=2C5785ED7B3840AA57135DBFBB5B0F887AF02CE81CC5F397C400476B0453E613 LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs. Winshock (CVE-2014-6321), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Done 2026-03-04 08:07:23 [ 59s] -->> 199.60.103.5:443 (pktech.net) <<-- ----------------------------------------------------- Start 2026-03-04 08:07:23 -->> 199.60.103.105:443 (pktech.net) <<-- Further IP addresses: 199.60.103.5 rDNS (199.60.103.105): -- Service detected: HTTP Testing for server implementation bugs No bugs found. Testing HTTP header response @ "/" HTTP Status Code 200 OK HTTP clock skew 0 sec from localtime IPv4 address in header Set-Cookie: __cf_bm=iOjafMQKoom9P_Xgv0dTxSEa7A__h8FtY3YCGfjlisM-1772611674-1.0.1.1-vA1HWm51qY6CsZy86A4ghP8QqZ9GUJYlGkO8Ym0cxgHvp_4an_6upoHk4DJ5CpLs6lKn7VFA.OlpXrflqiOQz5Ymjz0IrK0s7WpQflVWB4c; path=/; expires=Wed, 04-Mar-26 08:37:54 GMT; domain=.pktech.net; HttpOnly; Secure; SameSite=None (check if it's your IP address or e.g. a cluster IP) Set-Cookie: _cfuvid=ssxgdyN7fh4gwEb7OOqorZjwLtwE8m1UfWymEbLcd20-1772611674011-0.0.1.1-604800000; path=/; domain=.pktech.net; HttpOnly; Secure; SameSite=None Strict Transport Security 365 days=31536000 s, just this domain Public Key Pinning -- Server banner cloudflare Application banner -- Cookie(s) 2 issued: 2/2 secure, 2/2 HttpOnly Security headers Content-Security-Policy: upgrade-insecure-requests Referrer-Policy: no-referrer-when-downgrade Cache-Control: s-maxage=36000, max-age=5 Reverse Proxy banner -- Testing vulnerabilities Secure Renegotiation (RFC 5746) supported (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) potentially NOT ok, "br gzip" HTTP compression detected. - only supplied "/" tested Can be ignored for static pages or if no secrets in the page POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=2C5785ED7B3840AA57135DBFBB5B0F887AF02CE81CC5F397C400476B0453E613 LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs. Winshock (CVE-2014-6321), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Done 2026-03-04 08:08:15 [ 111s] -->> 199.60.103.105:443 (pktech.net) <<-- ----------------------------------------------------- Done testing now all IP addresses (on port 443): 199.60.103.5 199.60.103.105
About this Scan
This scan uses testssl.sh to check for:
- Protocols: SSLv2, SSLv3, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3
- Vulnerabilities: Heartbleed, POODLE, FREAK, Logjam, DROWN, etc.
- Cipher Suites: Weak ciphers, perfect forward secrecy (PFS) support.