Security Report for projudi.tjce.jus.br - Deep SSL/TLS Vulnerability Analysis

Deep SSL/TLS Vulnerability Test

This report provides a deep analysis of the SSL/TLS configuration of projudi.tjce.jus.br. It checks for protocol support, cipher strength, and known vulnerabilities.

Scan Results

 Start 2026-02-06 02:20:20        -->> 189.90.162.30:443 (projudi.tjce.jus.br) <<--

 rDNS (189.90.162.30):   --
 Service detected:       HTTP

 Testing for server implementation bugs 

 No bugs found.

 Testing HTTP header response @ "/" 

 HTTP Status Code             503 Service Unavailable. Oh, didn't expect "503 Service Unavailable"
 HTTP clock skew              Got no HTTP time, maybe try different URL?
 Strict Transport Security    not offered
 Public Key Pinning           --
 Server banner                Server
 Application banner           --
 Cookie(s)                    (none issued at "/") -- HTTP status 503 signals you maybe missed the web application
 Security headers             Cache-Control: no-cache,no-store
                              Pragma: no-cache
 Reverse Proxy banner         --


 Testing vulnerabilities 

 Secure Renegotiation (RFC 5746)           supported (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no gzip/deflate/compress/br HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention NOT supported
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
                                           https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=BBBB64532A0B5F30DC3FCE334BD103115844CF6383741CB26288D3479F03BAD7
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no common prime detected
 BEAST (CVE-2011-3389)                     TLS1: AES256-SHA AES128-SHA
                                                 ECDHE-RSA-AES256-SHA
                                                 ECDHE-RSA-AES128-SHA
                                                 DHE-RSA-AES256-SHA
                                                 DHE-RSA-AES128-SHA 
                                           VULNERABLE -- but also supports higher protocols  TLSv1.1 TLSv1.2 (likely mitigated)
 LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs.
 Winshock (CVE-2014-6321), experimental    not vulnerable (OK) - CAMELLIA or ECDHE_RSA GCM ciphers found
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


 Done 2026-02-06 02:22:00 [ 111s] -->> 189.90.162.30:443 (projudi.tjce.jus.br) <<--

About this Scan

This scan uses testssl.sh to check for:

Protocols: SSLv2, SSLv3, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3
Vulnerabilities: Heartbleed, POODLE, FREAK, Logjam, DROWN, etc.
Cipher Suites: Weak ciphers, perfect forward secrecy (PFS) support.

Run Another Scan Recent Scans