Deep SSL/TLS Vulnerability Test
This report provides a deep analysis of the SSL/TLS configuration of telestaff.bmc.org. It checks for protocol support, cipher strength, and known vulnerabilities.
Scan Results
Start 2026-04-03 15:32:00 -->> 192.243.213.142:443 (telestaff.bmc.org) <<-- rDNS (192.243.213.142): telestaff.bmc.org. Service detected: HTTP Testing for server implementation bugs No bugs found. Testing HTTP header response @ "/" HTTP Status Code 302 , redirecting to "https://sts.bmc.org/adfs/ls/?SAMLRequest=hZFLb8IwEIT%2FirX3vNsAFgmiRahIVEQk9NCbkzjEUWJTr4P685vyaOmFHq2d2Rl%2FO519di05co1CyQg82wXCZaFKIfcR7LKlNYZZPEXWtf6BzntTyy3%2F6DkaMhgl0vMkgl5LqhgKpJJ1HKkpaDp%2FXVPfdulBK6MK1QKZI3JthqhnJbHvuE65PoqC77brCGpjDkgdx%2FB22M%2Bqys67wlZ673yHOGm6AbIYJkIyc2p7NaDBHykrK3RadIAslS74qXEEFWuRA1ktImCBW%2BVV00wmZePx0TgQYZ2HTRjkXu363iDChCGKI%2F%2B1IfZ8JYdO0kTgu35ouQ%2BWG2TeIw186k%2FsSTh6B5Jc%2Fvkk5JnfPSj5WYT0JcsSK9mkGZC36x0GAVyo01O6vsV9fzG7Mob4H6IdN6xkhk2d26T48vx77vgL&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=KDPXt6x2kTDuacS8Wk6SHBsNzRliTd%2Bv2e%2FiEIda1PnKMPuialOXmG9bKpvXlo6bhOUQsLtj3g3Q%2BQ%2FfuB2Q9Gq%2FbMBnuhy63TcW0UEGhIZ72sadiLo%2BaiEDj%2BHqtF%2FcZ%2FSvTWCwBiA73iFY2IxWYX%2BIAQHKNOCz94Im0Adj6hA5jaG8hNMn7gEKS89N9aq3%2BI37xqlE7t1400O3EshqgSz7F9uTn138s8PZ8m009FdQzctU3xce4iv%2FxqgvaObZWX9lIXBertnWDax%2F7Lj3quRvCdAcvt506hvOXV%2FjmnMbQaRMZFYuBWaAR1WYkKYugU%2FfkDVcqiNDSAMzt7DDpQ%3D%3D" HTTP clock skew -1 sec from localtime Strict Transport Security 365 days=31536000 s, includeSubDomains Public Key Pinning -- Server banner none Application banner -- Cookie(s) 1 issued: 1/1 secure, 1/1 HttpOnly -- maybe better try target URL of 30x Security headers X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store Pragma: no-cache Reverse Proxy banner -- Testing vulnerabilities Secure Renegotiation (RFC 5746) supported (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) -- mitigated (disconnect after 6/10 attempts) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=1EE760131EA364D9D287A8B0B0DD842ECB41C9B444880A9A3995764A9507FF3D LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: RFC7919/ffdhe2048 (2048 bits), but no DH EXPORT ciphers BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs. Winshock (CVE-2014-6321), experimental not vulnerable (OK) - CAMELLIA or ECDHE_RSA GCM ciphers found RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Done 2026-04-03 15:32:52 [ 63s] -->> 192.243.213.142:443 (telestaff.bmc.org) <<--
About this Scan
This scan uses testssl.sh to check for:
- Protocols: SSLv2, SSLv3, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3
- Vulnerabilities: Heartbleed, POODLE, FREAK, Logjam, DROWN, etc.
- Cipher Suites: Weak ciphers, perfect forward secrecy (PFS) support.