Default SSL/TLS configuration - Fluid Topics - 4.2

Fluid Topics Integration Guide

Operating system
RHEL
Category
Reference Guides
Audience
public
Version
4.2

The following certificate example shows the default SSL/TLS configuration for Fluid Topics.

Certificate #1: RSA 2048 bits (SHA256withRSA)

Server Key and Certificate #1

Subject

*.fluidtopics.com

Fingerprint SHA256: 146e1227c0991e1189caa6f564aa7efe91c9be15b2aa6eafb22e70372bf96b2c

Pin SHA256: Qw4gNXArwdO3hChn7Aq5Xop0rj7FLKNNhxk2J7aiE4o=

Common names

*.fluidtopics.com

Alternative names

*.fluidtopics.com fluidtopics.com

Serial Number

0cac353094cfa5a068707cf6d00e1e61

Valid from

Wed, 14 Dec 2022 00:00:00 UTC

Valid until

Tue, 05 Dec 2023 23:59:59 UTC (expires in 6 months and 12 days)

Key

RSA 2048 bits (e 65537)

Weak key (Debian)

No

Issuer

Sectigo RSA Domain Validation Secure Server CA

AIA: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt

Signature algorithm

SHA256withRSA

Extended Validation

No

Certificate Transparency

Yes (certificate)

OCSP Must Staple

No

Revocation information

OCSP

OCSP: http://ocsp.sectigo.com

Revocation status

Good (not revoked)

DNS CAA

No

Trusted

Yes

Mozilla Apple Android Java Windows

Protocols

TLS 1.3

No

TLS 1.2

Yes

TLS 1.1

No

TLS 1.0

No

SSL 3

No

SSL 2

No

Protocol Details

DROWN

No, server keys and hostname not seen elsewhere with SSLv2

Secure Renegotiation

Supported

Secure Client-Initiated Renegotiation

No

Insecure Client-Initiated Renegotiation

No

BEAST attack

Mitigated server-side (more info)

POODLE (SSLv3)

No, SSL 3 not supported (more info)

POODLE (TLS)

No

Zombie POODLE

No

GOLDENDOODLE

No

OpenSSL 0-Length

No

Sleeping POODLE

No

Downgrade attack prevention

Unknown (requires support for at least two protocols, excl. SSL2)

SSL/TLS compression

No

RC4

No

Heartbeat (extension)

No

Heartbleed (vulnerability)

No

Ticketbleed (vulnerability)

No

OpenSSL CCS vuln. (CVE-2014-0224)

No

OpenSSL Padding Oracle vuln.
(CVE-2016-2107)

No

ROBOT (vulnerability)

No

Forward Secrecy

Yes (with most browsers) ROBUST

ALPN

Yes

NPN

Yes

Session resumption (caching)

Yes

Session resumption (tickets)

No

OCSP stapling

No

Strict Transport Security (HSTS)

Yes

max-age=31536000;includeSubDomains

HSTS Preloading

Not in: Chrome Edge Firefox IE

Public Key Pinning (HPKP)

No

Public Key Pinning Report-Only

No

Public Key Pinning (Static)

Unknown

Long handshake intolerance

No

TLS extension intolerance

No

TLS version intolerance

No

Incorrect SNI alerts

No

Uses common DH primes

No, DHE suites not supported

DH public server param (Ys) reuse

No, DHE suites not supported

ECDH public server param reuse

Yes

Supported Named Groups

secp256r1, secp384r1, secp521r1

SSL 2 handshake compatibility

Yes

HTTP Requests

1 https://doc.fluidtopics.com/ (HTTP/1.1 200 )

Miscellaneous

Test date

Tue, 23 May 2023 15:23:26 UTC

Test duration

134.161 seconds

HTTP status code

200

HTTP server signature

Apache

Server hostname

ec2-18-188-243-222.us-east-2.compute.amazonaws.com


- It is possible to test the Fluid Topics servers using tools such as Qualys SSL Labs.

- For security reasons, Fluid Topics servers exclusively support TLS 1.2.