mozilla/http-observatory-website

TLS Observatory reports "untrusted or invalid certificate" if the cert chain contains the expired "DST Root CA X3" cert cross-signing the "ISRG Root X1" cert for Let's Encrypt

JulienPalard opened this issue · 6 comments

JulienPalard commented

Currently on https://observatory.mozilla.org/analyze/www.pycon.fr#tls I'm having:

Screenshot 2023-01-18 at 22-54-38 Mozilla Observatory

The red error without explanations is a bit hard to understand. I think this is due to my server returning the wrong certificate when SNI is not used:

  • Without SNI nginx sends the certificate for 2010.pycon.fr
  • With SNI nginx sends the certificate for pycon.fr and www.pycon.fr

Looks like the TLS Observatory "stops" at the SNI-less attempt, concluding my certificate is wrong.

If I'm right, if it's a SNI issue, I think the TLS observatory could be enhanced by replacing the big red error with a small warning, much further down the page, about the certificate being issued without SNI not being the right one, thus excluding clients not using SNI (do we have stats about this? I bet it's small).

I don't think that, in 2023, it's that bad to provide the wrong certificate when SNI is not used, most clients implement it (but I don't have real stats...).

benjaminrancourt commented

I currently have the same problem for all my websites (ex. https://observatory.mozilla.org/analyze/www.benjaminrancourt.ca#tls). I use Traefik to generate all my certificates with Let's Encrypt.

According to this article of ParanoidPenguin.net, it could be related to Let’s Encrypt root certificate called ISRG Root X1, which is being use by both domains.

For the analysis of www.benjaminrancourt.ca, https://tls-observatory.services.mozilla.com/api/v1/results?id=54179050 does return is_valid: false and symantecDistrust analysis also return path uses a root not trusted by Mozilla: C=US, O=Internet Security Research Group, CN=ISRG Root X1 (id=188459944).

There was a similar issue (#263) for the problem that have been closed... I'll continue my research to fix this undesirable problem...

benjaminrancourt commented

Adding preferredChain: 'ISRG Root X1' to my Traefik configuration seem to have solved the issue, at least for me.

Before
image

After
image

As my www.benjaminrancourt.ca certificate will expire on 2023-06-18, it should be renewed around 2023-05-19. If I'm not wrong, at that date, the warning should therefore be removed when looking at https://observatory.mozilla.org/analyze/www.benjaminrancourt.ca#tls

I'll see in a few weeks! 😉

melroy89 commented

I'm using Let's Encrypt... I have a valid certificate, but still this check says it's untrusted or invalid. With Nginx.

It's using a Let's Encrypt (R3) and Internet Security Research Group (ISRG Root X1).

hannob commented

I believe the title / bug description here is not accurate. The issue people are seeing is not related to SNI. I see sites using SNI certs that do not show this error, and I can reproduce it without SNI.

The problem here seems to be that the Mozilla Observatory misinterprets the Let's Encrypt cross-signed chain. For compatibility reasons, Let's Encrypt by default ships a chain that is cross-signed by the (expired) DST Root CA. This is explained here: https://letsencrypt.org/2020/12/21/extending-android-compatibility

This is definitely not ideal, and should be fixed on the Mozilla Observatory's side. This shows a scary warning on sites where there is nothing wrong.

  • 👍1
gene1wood commented

The way Qualys SSL Labs visualizes this is that when a cert chain looks like this

they show two paths "certification paths" in the UI.

One which is trusted and contains

One which is not trusted and contains

TLS Observatory should identify this common case where a user has opted to include the cross-signed but expired "DST Root CA X3" cert in their chain in order to support pre-Android-7.1.1 (because "Android intentionally does not enforce the expiration dates of certificates used as trust anchors.") and in this case show a more verbose error message at the top of the page.

JulienPalard commented

I may have gathered more info (the json response of this analysis):

click to expand 
{
  "id": 56359988,
  "timestamp": "2023-12-13T19:22:38.132541Z",
  "target": "www.pycon.fr",
  "replay": -1,
  "has_tls": true,
  "cert_id": 189222385,
  "trust_id": 343465673,
  "is_valid": false,
  "completion_perc": 100,
  "connection_info": {
    "scanIP": "46.226.104.155",
    "serverside": false,
    "ciphersuite": [
      {
        "cipher": "ECDHE-RSA-AES256-GCM-SHA384",
        "code": 49200,
        "protocols": [
          "TLSv1.2"
        ],
        "pubkey": 2048,
        "sigalg": "sha256WithRSAEncryption",
        "ticket_hint": "None",
        "ocsp_stapling": true,
        "pfs": "ECDH,P-521,521bits",
        "curves": [
          "prime256v1",
          "secp384r1",
          "secp521r1"
        ]
      },
      {
        "cipher": "DHE-RSA-AES256-GCM-SHA384",
        "code": 159,
        "protocols": [
          "TLSv1.2"
        ],
        "pubkey": 2048,
        "sigalg": "sha256WithRSAEncryption",
        "ticket_hint": "None",
        "ocsp_stapling": true,
        "pfs": "DH,2048bits",
        "curves": null
      },
      {
        "cipher": "ECDHE-RSA-AES128-GCM-SHA256",
        "code": 49199,
        "protocols": [
          "TLSv1.2"
        ],
        "pubkey": 2048,
        "sigalg": "sha256WithRSAEncryption",
        "ticket_hint": "None",
        "ocsp_stapling": true,
        "pfs": "ECDH,P-521,521bits",
        "curves": [
          "prime256v1",
          "secp384r1",
          "secp521r1"
        ]
      },
      {
        "cipher": "DHE-RSA-AES128-GCM-SHA256",
        "code": 158,
        "protocols": [
          "TLSv1.2"
        ],
        "pubkey": 2048,
        "sigalg": "sha256WithRSAEncryption",
        "ticket_hint": "None",
        "ocsp_stapling": true,
        "pfs": "DH,2048bits",
        "curves": null
      }
    ],
    "curvesFallback": false
  },
  "analysis": [
    {
      "id": 151843290,
      "analyzer": "awsCertlint",
      "result": {
        "bugs": null,
        "errors": null,
        "notices": null,
        "warnings": null,
        "fatalErrors": null,
        "informational": null
      },
      "success": true
    },
    {
      "id": 151843289,
      "analyzer": "caaWorker",
      "result": {
        "host": "",
        "issue": null,
        "has_caa": false,
        "issuewild": null
      },
      "success": true
    },
    {
      "id": 151843284,
      "analyzer": "mozillaEvaluationWorker",
      "result": {
        "level": "non compliant",
        "failures": {
          "bad": null,
          "old": [
            "sha256WithRSAEncryption is not an old certificate signature, use sha1WithRSAEncryption",
            "consider adding ciphers ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, DHE-DSS-AES128-GCM-SHA256, DHE-DSS-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, DHE-RSA-AES128-SHA256, DHE-RSA-AES128-SHA, DHE-DSS-AES128-SHA256, DHE-RSA-AES256-SHA256, DHE-DSS-AES256-SHA, DHE-RSA-AES256-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-ECDSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, AES128-SHA, AES256-SHA, DHE-DSS-AES256-SHA256, DHE-DSS-AES128-SHA, DES-CBC3-SHA, DHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-CAMELLIA256-SHA384, ECDHE-ECDSA-CAMELLIA256-SHA384, DHE-RSA-CAMELLIA256-SHA256, DHE-DSS-CAMELLIA256-SHA256, DHE-RSA-CAMELLIA256-SHA, DHE-DSS-CAMELLIA256-SHA, CAMELLIA256-SHA256, CAMELLIA256-SHA, ECDHE-RSA-CAMELLIA128-SHA256, ECDHE-ECDSA-CAMELLIA128-SHA256, DHE-RSA-CAMELLIA128-SHA256, DHE-DSS-CAMELLIA128-SHA256, DHE-RSA-CAMELLIA128-SHA, DHE-DSS-CAMELLIA128-SHA, CAMELLIA128-SHA256, CAMELLIA128-SHA, DHE-RSA-SEED-SHA, DHE-DSS-SEED-SHA, SEED-SHA",
            "add protocols TLSv1.1, TLSv1, SSLv3",
            "enforce server side ordering",
            "add cipher DES-CBC3-SHA for backward compatibility",
            "use DHE of 1024bits and ECC of 160bits"
          ],
          "modern": [
            "remove ciphersuites DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256",
            "consider adding ciphers ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256",
            "enforce server side ordering",
            "enable Perfect Forward Secrecy with a curve of at least 256bits, don't use DHE",
            "use a certificate of type ecdsa, not RSA"
          ],
          "intermediate": [
            "consider adding ciphers ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES256-SHA, DHE-RSA-AES128-SHA256, DHE-RSA-AES128-SHA, DHE-RSA-AES256-SHA256, DHE-RSA-AES256-SHA, ECDHE-ECDSA-DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, AES128-SHA, AES256-SHA, DES-CBC3-SHA",
            "add protocols TLSv1.1, TLSv1",
            "enforce server side ordering"
          ]
        }
      },
      "success": true
    },
    {
      "id": 151843285,
      "analyzer": "mozillaGradingWorker",
      "result": {
        "grade": 78,
        "failures": null,
        "lettergrade": "B"
      },
      "success": true
    },
    {
      "id": 151843286,
      "analyzer": "sslLabsClientSupport",
      "result": [
        {
          "name": "Android",
          "version": "2.3.7",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Android",
          "version": "4.0.4",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Android",
          "version": "4.1.1",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Android",
          "version": "4.2.2",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Android",
          "version": "4.3",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Android",
          "curve": "secp521r1",
          "version": "4.4.2",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 25,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Android",
          "curve": "secp521r1",
          "version": "5.0.0",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 25,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Android",
          "curve": "secp256r1",
          "version": "6.0",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Android",
          "curve": "secp256r1",
          "version": "7.0",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Android",
          "curve": "secp256r1",
          "version": "7.0",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Android",
          "curve": "secp256r1",
          "version": "8.0",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Android",
          "curve": "secp256r1",
          "version": "8.1",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Android",
          "curve": "secp256r1",
          "version": "9.0",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Baidu",
          "version": "Jan 2015",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "BingBot",
          "version": "Dec 2013",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "BingPreview",
          "version": "Dec 2013",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "BingPreview",
          "version": "Jun 2014",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "BingPreview",
          "curve": "secp521r1",
          "version": "Jan 2015",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 25,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Chrome",
          "version": "27",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Chrome",
          "version": "28",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Chrome",
          "version": "29",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Chrome",
          "version": "30",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "31",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "32",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "33",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "34",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "35",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "36",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "37",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "39",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "40",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "42",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "43",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "45",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "47",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "48",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "49",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "49",
          "platform": "XP SP3",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "50",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "51",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "57",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "65",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "69",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "70",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "75",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Chrome",
          "curve": "secp256r1",
          "version": "80",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "version": "21",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Firefox",
          "version": "10.0.12 ESR",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Firefox",
          "version": "17.0.7 ESR",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Firefox",
          "version": "24.2.0 ESR",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "31.3.0 ESR",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "version": "21",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Firefox",
          "version": "22",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Firefox",
          "version": "24",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Firefox",
          "version": "26",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "27",
          "platform": "Win 8",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "29",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "30",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "31",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "32",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "34",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "35",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "37",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "39",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "41",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "42",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "44",
          "platform": "OS X",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "45",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "46",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "47",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "49",
          "platform": "XP SP3",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "49",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "53",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "59",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "62",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "67",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Firefox",
          "curve": "secp256r1",
          "version": "73",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Googlebot",
          "version": "Oct 2013",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Googlebot",
          "version": "Jun 2014",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Googlebot",
          "curve": "secp521r1",
          "version": "Feb 2015",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 25,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Googlebot",
          "curve": "secp256r1",
          "version": "Feb 2018",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "IE",
          "version": "6",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "6",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "7",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "8",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "8",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "8",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "9",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "8-10",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "8-10",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 0,
          "ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 159
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 0,
          "ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 159
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 0,
          "ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 159
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "Win 7",
          "protocol": "TLSv1.2",
          "curve_code": 0,
          "ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 159
        },
        {
          "name": "IE",
          "curve": "secp256r1",
          "version": "11",
          "platform": "Win 10 Preview",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "Win 8.1",
          "protocol": "TLSv1.2",
          "curve_code": 0,
          "ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 159
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "Win 8.1",
          "protocol": "TLSv1.2",
          "curve_code": 0,
          "ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 159
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "Win 8.1",
          "protocol": "TLSv1.2",
          "curve_code": 0,
          "ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 159
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "Win 8.1",
          "protocol": "TLSv1.2",
          "curve_code": 0,
          "ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 159
        },
        {
          "name": "IE",
          "version": "10",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "IE",
          "version": "11",
          "platform": "Win Phone 8.1 Update",
          "protocol": "TLSv1.2",
          "curve_code": 0,
          "ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 159
        },
        {
          "name": "IE",
          "curve": "secp256r1",
          "version": "11",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "IE",
          "curve": "secp256r1",
          "version": "11",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Edge",
          "curve": "secp256r1",
          "version": "12",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Edge",
          "curve": "secp256r1",
          "version": "13",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Edge",
          "curve": "secp256r1",
          "version": "13",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Edge",
          "curve": "secp256r1",
          "version": "15",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Edge",
          "curve": "secp256r1",
          "version": "16",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Edge",
          "curve": "secp256r1",
          "version": "18",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Edge",
          "curve": "secp256r1",
          "version": "13",
          "platform": "Win Phone 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Java",
          "version": "6u45",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Java",
          "version": "7u25",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Java",
          "curve": "secp256r1",
          "version": "8b132",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Java",
          "curve": "secp256r1",
          "version": "8u31",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Java",
          "curve": "secp256r1",
          "version": "8u111",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Java",
          "curve": "secp256r1",
          "version": "8u161",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Java",
          "curve": "secp256r1",
          "version": "9.0.4",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Java",
          "curve": "secp256r1",
          "version": "11.0.3",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Java",
          "curve": "secp256r1",
          "version": "12.0.1",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "OpenSSL",
          "version": "0.9.8y",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "OpenSSL",
          "curve": "secp521r1",
          "version": "1.0.1h",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 25,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "OpenSSL",
          "curve": "secp521r1",
          "version": "1.0.1l",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 25,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "OpenSSL",
          "curve": "secp256r1",
          "version": "1.0.2e",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "OpenSSL",
          "curve": "secp256r1",
          "version": "1.0.2s",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "OpenSSL",
          "curve": "secp256r1",
          "version": "1.1.0k",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "OpenSSL",
          "curve": "secp256r1",
          "version": "1.1.1c",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Opera",
          "version": "12.15",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Opera",
          "version": "15",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Opera",
          "version": "16",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Opera",
          "version": "17",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Opera",
          "curve": "secp256r1",
          "version": "60",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Opera",
          "curve": "secp256r1",
          "version": "67",
          "platform": "Win 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49199
        },
        {
          "name": "Safari",
          "version": "5",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Safari",
          "version": "5.1.9",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Safari",
          "version": "6",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Safari",
          "version": "6.0.4",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Safari",
          "version": "7",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Safari",
          "version": "8",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Safari",
          "version": "7",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Safari",
          "version": "8",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Safari",
          "version": "8",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Safari",
          "curve": "secp256r1",
          "version": "9",
          "platform": "iOS 9",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Safari",
          "curve": "secp256r1",
          "version": "9",
          "platform": "OS X 10.11",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Safari",
          "curve": "secp256r1",
          "version": "10",
          "platform": "iOS 10",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Safari",
          "curve": "secp256r1",
          "version": "10",
          "platform": "OS X 10.12",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Safari",
          "curve": "secp256r1",
          "version": "12.1.2",
          "platform": "MacOS 10.14.6 Beta",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Safari",
          "curve": "secp256r1",
          "version": "12.1.1",
          "platform": "iOS 12.3.1",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Apple ATS",
          "curve": "secp256r1",
          "version": "9",
          "platform": "iOS 9",
          "protocol": "TLSv1.2",
          "curve_code": 23,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Tor",
          "version": "17.0.9",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Yahoo Slurp",
          "version": "Oct 2013",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "Yahoo Slurp",
          "curve": "secp384r1",
          "version": "Jun 2014",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 24,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "Yahoo Slurp",
          "curve": "secp384r1",
          "version": "Jan 2015",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 24,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "YandexBot",
          "version": "3.0",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "YandexBot",
          "version": "May 2014",
          "platform": "",
          "curve_code": 0,
          "is_supported": false,
          "protocol_code": 0
        },
        {
          "name": "YandexBot",
          "curve": "secp521r1",
          "version": "Sep 2014",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 25,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        },
        {
          "name": "YandexBot",
          "curve": "secp521r1",
          "version": "Jan 2015",
          "platform": "",
          "protocol": "TLSv1.2",
          "curve_code": 25,
          "ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
          "is_supported": true,
          "protocol_code": 771,
          "ciphersuite_code": 49200
        }
      ],
      "success": true
    },
    {
      "id": 151843287,
      "analyzer": "symantecDistrust",
      "result": {
        "reasons": [
          "path uses a root not trusted by Mozilla: C=US, O=Internet Security Research Group, CN=ISRG Root X1 (id=188459944)",
          "path uses a root not trusted by Mozilla: C=US, O=Internet Security Research Group, CN=ISRG Root X1 (id=189217477)",
          "path uses a root not trusted by Mozilla: C=US, O=Internet Security Research Group, CN=ISRG Root X1 (id=189096219)"
        ],
        "isDistrusted": false
      },
      "success": true
    },
    {
      "id": 151843288,
      "analyzer": "top1m",
      "result": {
        "target": {
          "rank": 2147483647,
          "domain": "www.pycon.fr",
          "alexa_rank": 2147483647,
          "cisco_rank": 2147483647
        },
        "certificate": {
          "rank": 2147483647,
          "domain": "pycon.fr",
          "alexa_rank": 2147483647,
          "cisco_rank": 2147483647,
          "alexa_domain": "pycon.fr",
          "cisco_domain": "pycon.fr"
        }
      },
      "success": true
    }
  ],
  "ack": true,
  "attempts": 1,
  "analysis_params": {}
}

it's the "is_valid": false thing that is causing the banner:

src/js/observatories/tls.js:  if (results.is_valid === false) {
src/js/observatories/tls.js-    $('#tls-observatory-invalid-cert-warning').removeClass('d-none');
src/js/observatories/tls.js-    $('a[href="#tab-tlsobservatory"]').addClass('tabs-danger');

the URL giving me this json is: https://tls-observatory.services.mozilla.com/api/v1/results?id=56359988

so maybe it comes from https://github.com/mozilla/tls-observatory which already has an issue closely related: mozilla/tls-observatory#439

maybe this one should be closed, it's not about the front end after all.

  • 👍1