The following certificate example shows the default SSL/TLS configuration for Fluid Topics.
Certificate #1: RSA 2048 bits (SHA256withRSA)
Server Key and Certificate #1
Subject | *.fluidtopics.com Fingerprint SHA256: 146e1227c0991e1189caa6f564aa7efe91c9be15b2aa6eafb22e70372bf96b2c Pin SHA256: Qw4gNXArwdO3hChn7Aq5Xop0rj7FLKNNhxk2J7aiE4o= |
Common names | *.fluidtopics.com |
Alternative names | *.fluidtopics.com fluidtopics.com |
Serial Number | 0cac353094cfa5a068707cf6d00e1e61 |
Valid from | Wed, 14 Dec 2022 00:00:00 UTC |
Valid until | Tue, 05 Dec 2023 23:59:59 UTC (expires in 6 months and 12 days) |
Key | RSA 2048 bits (e 65537) |
Weak key (Debian) | No |
Issuer | Sectigo RSA Domain Validation Secure Server CA AIA: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt |
Signature algorithm | SHA256withRSA |
Extended Validation | No |
Certificate Transparency | Yes (certificate) |
OCSP Must Staple | No |
Revocation information | OCSP OCSP: http://ocsp.sectigo.com |
Revocation status | Good (not revoked) |
DNS CAA | No |
Trusted | Yes Mozilla Apple Android Java Windows |
Protocols
TLS 1.3 | No |
TLS 1.2 | Yes |
TLS 1.1 | No |
TLS 1.0 | No |
SSL 3 | No |
SSL 2 | No |
Protocol Details
DROWN | No, server keys and hostname not seen elsewhere with SSLv2 |
Secure Renegotiation | Supported |
Secure Client-Initiated Renegotiation | No |
Insecure Client-Initiated Renegotiation | No |
BEAST attack | Mitigated server-side (more info) |
POODLE (SSLv3) | No, SSL 3 not supported (more info) |
POODLE (TLS) | No |
Zombie POODLE | No |
GOLDENDOODLE | No |
OpenSSL 0-Length | No |
Sleeping POODLE | No |
Downgrade attack prevention | Unknown (requires support for at least two protocols, excl. SSL2) |
SSL/TLS compression | No |
RC4 | No |
Heartbeat (extension) | No |
Heartbleed (vulnerability) | No |
Ticketbleed (vulnerability) | No |
OpenSSL CCS vuln. (CVE-2014-0224) | No |
OpenSSL Padding Oracle vuln. | No |
ROBOT (vulnerability) | No |
Forward Secrecy | Yes (with most browsers) ROBUST |
ALPN | Yes |
NPN | Yes |
Session resumption (caching) | Yes |
Session resumption (tickets) | No |
OCSP stapling | No |
Strict Transport Security (HSTS) | Yes max-age=31536000;includeSubDomains |
HSTS Preloading | Not in: Chrome Edge Firefox IE |
Public Key Pinning (HPKP) | No |
Public Key Pinning Report-Only | No |
Public Key Pinning (Static) | Unknown |
Long handshake intolerance | No |
TLS extension intolerance | No |
TLS version intolerance | No |
Incorrect SNI alerts | No |
Uses common DH primes | No, DHE suites not supported |
DH public server param (Ys) reuse | No, DHE suites not supported |
ECDH public server param reuse | Yes |
Supported Named Groups | secp256r1, secp384r1, secp521r1 |
SSL 2 handshake compatibility | Yes |
HTTP Requests
1 https://doc.fluidtopics.com/ (HTTP/1.1 200 )
Miscellaneous
Test date | Tue, 23 May 2023 15:23:26 UTC |
Test duration | 134.161 seconds |
HTTP status code | 200 |
HTTP server signature | Apache |
Server hostname | ec2-18-188-243-222.us-east-2.compute.amazonaws.com |
- It is possible to test the Fluid Topics servers using tools such as Qualys SSL Labs.
- For security reasons, Fluid Topics servers exclusively support TLS 1.2.