testssl 3.0rc4 output for testssl hg.nginx.org:443
Testing server defaults (Server Hello) TLS extensions (standard) "server name/#0" "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next protocol/#13172" "application layer protocol negotiation/#16" Session Ticket RFC 5077 hint 14400 seconds, session tickets keys seems to be rotated < daily SSL Session ID support yes Session Resumption Tickets: yes, ID: yes TLS clock skew Random values, no fingerprinting possible Signature Algorithm SHA256 with RSA Server key size RSA 2048 bits Server key usage Digital Signature, Key Encipherment Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication Serial / Fingerprints 030D311281F9B8198440D9E1F99E6DCBEA36 / SHA1 FCFED1288228D3D056CD63018F453AF21F2520E7 SHA256 237EE7B9E1FD73D9462D1730F6C706E4636CE2D85B2372E4936B61EFE58C0111 Common Name (CN) mailman.nginx.org (CN in response to request w/o SNI: *.nginx.com) subjectAltName (SAN) hg.nginx.org mailman.nginx.com mailman.nginx.org trac.nginx.org Issuer Let's Encrypt Authority X3 (Let's Encrypt from US) Trust (hostname) Ok via SAN (SNI mandatory) Chain of trust Ok EV cert (experimental) no "eTLS" (visibility info) not present Certificate Validity (UTC) 36 >= 30 days (2019-02-14 15:18 --> 2019-05-15 15:18) # of certificates provided 2 Certificate Revocation List -- OCSP URI http://ocsp.int-x3.letsencrypt.org OCSP stapling not offered OCSP must staple extension -- DNS CAA RR (experimental) not offered Certificate Transparency yes (certificate extension) of note Common Name (CN) mailman.nginx.org (CN in response to request w/o SNI: *.nginx.com) subjectAltName (SAN) hg.nginx.org mailman.nginx.com mailman.nginx.org trac.nginx.org Posted at Nginx Forum: https://forum.nginx.org/read.php?2,283686,283691#msg-283691 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx