Tue Mar 17 09:20:27 2009 START Testing usa.visa.com:443 Testing with OpenSSL 0.9.7a Feb 19 2003 Running a total of 150 scans ......................................................................................................................................................... SSLv3:RC4-MD5 - ENABLED - STRONG 128 bits SSLv3:DES-CBC3-SHA - ENABLED - STRONG 168 bits SSLv3:RC4-SHA - ENABLED - STRONG 128 bits ** SSLv3:DES-CBC-SHA - ENABLED - WEAK 56 bits ** ** SSLv3:EXP-RC4-MD5 - ENABLED - WEAK 40 bits ** ** SSLv3:EXP-DES-CBC-SHA - ENABLED - WEAK 40 bits ** ** SSLv3:EXP-RC2-CBC-MD5 - ENABLED - WEAK 40 bits ** SSLv3:AES128-SHA - ENABLED - STRONG 128 bits SSLv3:AES256-SHA - ENABLED - STRONG 256 bits TLSv1:RC4-MD5 - ENABLED - STRONG 128 bits TLSv1:DES-CBC3-SHA - ENABLED - STRONG 168 bits TLSv1:RC4-SHA - ENABLED - STRONG 128 bits ** TLSv1:DES-CBC-SHA - ENABLED - WEAK 56 bits ** ** TLSv1:EXP-RC4-MD5 - ENABLED - WEAK 40 bits ** ** TLSv1:EXP-DES-CBC-SHA - ENABLED - WEAK 40 bits ** ** TLSv1:EXP-RC2-CBC-MD5 - ENABLED - WEAK 40 bits ** TLSv1:AES128-SHA - ENABLED - STRONG 128 bits TLSv1:AES256-SHA - ENABLED - STRONG 256 bits ** SSLv2:RC4-MD5 - ENABLED - WEAK 128 bits ** ** SSLv2:RC2-CBC-MD5 - ENABLED - WEAK 128 bits ** ** SSLv2:DES-CBC-MD5 - ENABLED - WEAK 56 bits ** ** SSLv2:EXP-RC4-MD5 - ENABLED - WEAK 40 bits ** ** SSLv2:EXP-RC2-CBC-MD5 - ENABLED - WEAK 40 bits ** ** SSLv2:DES-CBC3-MD5 - ENABLED - WEAK 168 bits ** Error 27: certificate not trusted Error 21: unable to verify the first certificate Error 20: unable to get local issuer certificate Default: TLSv1/SSLv3, Cipher is AES256-SHA Certificate Details: Key Size: 1024bits Issuer: Common Name (CN) : Akamai Subordinate CA 3 Company (O) : Akamai Technologies Inc Country (C) : US Subject: Common Name (CN) : usa.visa.com State (ST) : California Company (O) : Visa International Service Association Organizational Unit (OU) : Corporate intranet and internet Country (C) : US City (L) : Foster City Checking for TLS 1.1 support... no Checking fallback from TLS 1.1 to... TLS 1.0 Checking for TLS 1.0 support... yes Checking for SSL 3.0 support... yes Checking for version rollback bug in RSA PMS... no Checking for version rollback bug in Client Hello... no Checking whether we need to disable TLS 1.0... no Checking whether the server ignores the RSA PMS version... no Checking whether the server can accept Hello Extensions... yes Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes Checking whether the server can accept a bogus TLS record version in the client hello... no Checking for certificate information... Checking for trusted CAs... Checking whether the server understands TLS closure alerts... yes Checking whether the server supports session resumption... yes Checking for export-grade ciphersuite support... no Checking for anonymous authentication support... no Checking for anonymous Diffie Hellman prime size... N/A Checking for ephemeral Diffie Hellman support... no Checking for ephemeral Diffie Hellman prime size... N/A Checking for AES cipher support (TLS extension)... yes Checking for 3DES cipher support... yes Checking for ARCFOUR 128 cipher support... yes Checking for ARCFOUR 40 cipher support... no Checking for MD5 MAC support... yes Checking for SHA1 MAC support... yes Checking for RIPEMD160 MAC support (TLS extension)... no Checking for ZLIB compression support (TLS extension)... no Checking for LZO compression support (GnuTLS extension)... no Checking for max record size (TLS extension)... no Checking for OpenPGP authentication support (TLS extension)... no *WARNING* 15 WEAK Ciphers Enabled. Total Ciphers Enabled: 25 Scan took 25 secs to finish Tue Mar 17 09:20:52 2009 FINISHED