TLS Observatory reports "untrusted or invalid certificate" if the cert chain contains the expired "DST Root CA X3" cert cross-signing the "ISRG Root X1" cert for Let's Encrypt
JulienPalard opened this issue · 6 comments
Currently on https://observatory.mozilla.org/analyze/www.pycon.fr#tls I'm having:
The red error without explanations is a bit hard to understand. I think this is due to my server returning the wrong certificate when SNI is not used:
- Without SNI nginx sends the certificate for 2010.pycon.fr
- With SNI nginx sends the certificate for pycon.fr and www.pycon.fr
Looks like the TLS Observatory "stops" at the SNI-less attempt, concluding my certificate is wrong.
If I'm right, if it's a SNI issue, I think the TLS observatory could be enhanced by replacing the big red error with a small warning, much further down the page, about the certificate being issued without SNI not being the right one, thus excluding clients not using SNI (do we have stats about this? I bet it's small).
I don't think that, in 2023, it's that bad to provide the wrong certificate when SNI is not used, most clients implement it (but I don't have real stats...).
I currently have the same problem for all my websites (ex. https://observatory.mozilla.org/analyze/www.benjaminrancourt.ca#tls). I use Traefik to generate all my certificates with Let's Encrypt.
According to this article of ParanoidPenguin.net, it could be related to Let’s Encrypt root certificate called ISRG Root X1, which is being use by both domains.
For the analysis of www.benjaminrancourt.ca, https://tls-observatory.services.mozilla.com/api/v1/results?id=54179050 does return is_valid: false
and symantecDistrust analysis also return path uses a root not trusted by Mozilla: C=US, O=Internet Security Research Group, CN=ISRG Root X1 (id=188459944)
.
There was a similar issue (#263) for the problem that have been closed... I'll continue my research to fix this undesirable problem...
Adding preferredChain: 'ISRG Root X1'
to my Traefik configuration seem to have solved the issue, at least for me.
As my www.benjaminrancourt.ca certificate will expire on 2023-06-18, it should be renewed around 2023-05-19. If I'm not wrong, at that date, the warning should therefore be removed when looking at https://observatory.mozilla.org/analyze/www.benjaminrancourt.ca#tls
I'll see in a few weeks! 😉
I'm using Let's Encrypt... I have a valid certificate, but still this check says it's untrusted or invalid. With Nginx.
It's using a Let's Encrypt (R3) and Internet Security Research Group (ISRG Root X1).
I believe the title / bug description here is not accurate. The issue people are seeing is not related to SNI. I see sites using SNI certs that do not show this error, and I can reproduce it without SNI.
The problem here seems to be that the Mozilla Observatory misinterprets the Let's Encrypt cross-signed chain. For compatibility reasons, Let's Encrypt by default ships a chain that is cross-signed by the (expired) DST Root CA. This is explained here: https://letsencrypt.org/2020/12/21/extending-android-compatibility
This is definitely not ideal, and should be fixed on the Mozilla Observatory's side. This shows a scary warning on sites where there is nothing wrong.
The way Qualys SSL Labs visualizes this is that when a cert chain looks like this
- www.pycon.fr
- R3
- ISRG Root X1
- DST Root CA X3
they show two paths "certification paths" in the UI.
One which is trusted and contains
- www.pycon.fr
- R3
- ISRG Root X1
One which is not trusted and contains
- www.pycon.fr
- R3
- ISRG Root X1
- DST Root CA X3
TLS Observatory should identify this common case where a user has opted to include the cross-signed but expired "DST Root CA X3" cert in their chain in order to support pre-Android-7.1.1 (because "Android intentionally does not enforce the expiration dates of certificates used as trust anchors.") and in this case show a more verbose error message at the top of the page.
I may have gathered more info (the json response of this analysis):
click to expand
{
"id": 56359988,
"timestamp": "2023-12-13T19:22:38.132541Z",
"target": "www.pycon.fr",
"replay": -1,
"has_tls": true,
"cert_id": 189222385,
"trust_id": 343465673,
"is_valid": false,
"completion_perc": 100,
"connection_info": {
"scanIP": "46.226.104.155",
"serverside": false,
"ciphersuite": [
{
"cipher": "ECDHE-RSA-AES256-GCM-SHA384",
"code": 49200,
"protocols": [
"TLSv1.2"
],
"pubkey": 2048,
"sigalg": "sha256WithRSAEncryption",
"ticket_hint": "None",
"ocsp_stapling": true,
"pfs": "ECDH,P-521,521bits",
"curves": [
"prime256v1",
"secp384r1",
"secp521r1"
]
},
{
"cipher": "DHE-RSA-AES256-GCM-SHA384",
"code": 159,
"protocols": [
"TLSv1.2"
],
"pubkey": 2048,
"sigalg": "sha256WithRSAEncryption",
"ticket_hint": "None",
"ocsp_stapling": true,
"pfs": "DH,2048bits",
"curves": null
},
{
"cipher": "ECDHE-RSA-AES128-GCM-SHA256",
"code": 49199,
"protocols": [
"TLSv1.2"
],
"pubkey": 2048,
"sigalg": "sha256WithRSAEncryption",
"ticket_hint": "None",
"ocsp_stapling": true,
"pfs": "ECDH,P-521,521bits",
"curves": [
"prime256v1",
"secp384r1",
"secp521r1"
]
},
{
"cipher": "DHE-RSA-AES128-GCM-SHA256",
"code": 158,
"protocols": [
"TLSv1.2"
],
"pubkey": 2048,
"sigalg": "sha256WithRSAEncryption",
"ticket_hint": "None",
"ocsp_stapling": true,
"pfs": "DH,2048bits",
"curves": null
}
],
"curvesFallback": false
},
"analysis": [
{
"id": 151843290,
"analyzer": "awsCertlint",
"result": {
"bugs": null,
"errors": null,
"notices": null,
"warnings": null,
"fatalErrors": null,
"informational": null
},
"success": true
},
{
"id": 151843289,
"analyzer": "caaWorker",
"result": {
"host": "",
"issue": null,
"has_caa": false,
"issuewild": null
},
"success": true
},
{
"id": 151843284,
"analyzer": "mozillaEvaluationWorker",
"result": {
"level": "non compliant",
"failures": {
"bad": null,
"old": [
"sha256WithRSAEncryption is not an old certificate signature, use sha1WithRSAEncryption",
"consider adding ciphers ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, DHE-DSS-AES128-GCM-SHA256, DHE-DSS-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, DHE-RSA-AES128-SHA256, DHE-RSA-AES128-SHA, DHE-DSS-AES128-SHA256, DHE-RSA-AES256-SHA256, DHE-DSS-AES256-SHA, DHE-RSA-AES256-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-ECDSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, AES128-SHA, AES256-SHA, DHE-DSS-AES256-SHA256, DHE-DSS-AES128-SHA, DES-CBC3-SHA, DHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-CAMELLIA256-SHA384, ECDHE-ECDSA-CAMELLIA256-SHA384, DHE-RSA-CAMELLIA256-SHA256, DHE-DSS-CAMELLIA256-SHA256, DHE-RSA-CAMELLIA256-SHA, DHE-DSS-CAMELLIA256-SHA, CAMELLIA256-SHA256, CAMELLIA256-SHA, ECDHE-RSA-CAMELLIA128-SHA256, ECDHE-ECDSA-CAMELLIA128-SHA256, DHE-RSA-CAMELLIA128-SHA256, DHE-DSS-CAMELLIA128-SHA256, DHE-RSA-CAMELLIA128-SHA, DHE-DSS-CAMELLIA128-SHA, CAMELLIA128-SHA256, CAMELLIA128-SHA, DHE-RSA-SEED-SHA, DHE-DSS-SEED-SHA, SEED-SHA",
"add protocols TLSv1.1, TLSv1, SSLv3",
"enforce server side ordering",
"add cipher DES-CBC3-SHA for backward compatibility",
"use DHE of 1024bits and ECC of 160bits"
],
"modern": [
"remove ciphersuites DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256",
"consider adding ciphers ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256",
"enforce server side ordering",
"enable Perfect Forward Secrecy with a curve of at least 256bits, don't use DHE",
"use a certificate of type ecdsa, not RSA"
],
"intermediate": [
"consider adding ciphers ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES256-SHA, DHE-RSA-AES128-SHA256, DHE-RSA-AES128-SHA, DHE-RSA-AES256-SHA256, DHE-RSA-AES256-SHA, ECDHE-ECDSA-DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, AES128-SHA, AES256-SHA, DES-CBC3-SHA",
"add protocols TLSv1.1, TLSv1",
"enforce server side ordering"
]
}
},
"success": true
},
{
"id": 151843285,
"analyzer": "mozillaGradingWorker",
"result": {
"grade": 78,
"failures": null,
"lettergrade": "B"
},
"success": true
},
{
"id": 151843286,
"analyzer": "sslLabsClientSupport",
"result": [
{
"name": "Android",
"version": "2.3.7",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Android",
"version": "4.0.4",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Android",
"version": "4.1.1",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Android",
"version": "4.2.2",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Android",
"version": "4.3",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Android",
"curve": "secp521r1",
"version": "4.4.2",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 25,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Android",
"curve": "secp521r1",
"version": "5.0.0",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 25,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Android",
"curve": "secp256r1",
"version": "6.0",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Android",
"curve": "secp256r1",
"version": "7.0",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Android",
"curve": "secp256r1",
"version": "7.0",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Android",
"curve": "secp256r1",
"version": "8.0",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Android",
"curve": "secp256r1",
"version": "8.1",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Android",
"curve": "secp256r1",
"version": "9.0",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Baidu",
"version": "Jan 2015",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "BingBot",
"version": "Dec 2013",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "BingPreview",
"version": "Dec 2013",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "BingPreview",
"version": "Jun 2014",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "BingPreview",
"curve": "secp521r1",
"version": "Jan 2015",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 25,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Chrome",
"version": "27",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Chrome",
"version": "28",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Chrome",
"version": "29",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Chrome",
"version": "30",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "31",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "32",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "33",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "34",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "35",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "36",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "37",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "39",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "40",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "42",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "43",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "45",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "47",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "48",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "49",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "49",
"platform": "XP SP3",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "50",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "51",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "57",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "65",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "69",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "70",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "75",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Chrome",
"curve": "secp256r1",
"version": "80",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"version": "21",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Firefox",
"version": "10.0.12 ESR",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Firefox",
"version": "17.0.7 ESR",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Firefox",
"version": "24.2.0 ESR",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "31.3.0 ESR",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"version": "21",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Firefox",
"version": "22",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Firefox",
"version": "24",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Firefox",
"version": "26",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "27",
"platform": "Win 8",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "29",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "30",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "31",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "32",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "34",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "35",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "37",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "39",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "41",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "42",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "44",
"platform": "OS X",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "45",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "46",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "47",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "49",
"platform": "XP SP3",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "49",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "53",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "59",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "62",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "67",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Firefox",
"curve": "secp256r1",
"version": "73",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Googlebot",
"version": "Oct 2013",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Googlebot",
"version": "Jun 2014",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Googlebot",
"curve": "secp521r1",
"version": "Feb 2015",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 25,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Googlebot",
"curve": "secp256r1",
"version": "Feb 2018",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "IE",
"version": "6",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "6",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "7",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "8",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "8",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "8",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "9",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "8-10",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "8-10",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "11",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "11",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 0,
"ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 159
},
{
"name": "IE",
"version": "11",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 0,
"ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 159
},
{
"name": "IE",
"version": "11",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 0,
"ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 159
},
{
"name": "IE",
"version": "11",
"platform": "Win 7",
"protocol": "TLSv1.2",
"curve_code": 0,
"ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 159
},
{
"name": "IE",
"curve": "secp256r1",
"version": "11",
"platform": "Win 10 Preview",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "IE",
"version": "11",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "11",
"platform": "Win 8.1",
"protocol": "TLSv1.2",
"curve_code": 0,
"ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 159
},
{
"name": "IE",
"version": "11",
"platform": "Win 8.1",
"protocol": "TLSv1.2",
"curve_code": 0,
"ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 159
},
{
"name": "IE",
"version": "11",
"platform": "Win 8.1",
"protocol": "TLSv1.2",
"curve_code": 0,
"ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 159
},
{
"name": "IE",
"version": "11",
"platform": "Win 8.1",
"protocol": "TLSv1.2",
"curve_code": 0,
"ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 159
},
{
"name": "IE",
"version": "10",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "11",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "IE",
"version": "11",
"platform": "Win Phone 8.1 Update",
"protocol": "TLSv1.2",
"curve_code": 0,
"ciphersuite": "DHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 159
},
{
"name": "IE",
"curve": "secp256r1",
"version": "11",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "IE",
"curve": "secp256r1",
"version": "11",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Edge",
"curve": "secp256r1",
"version": "12",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Edge",
"curve": "secp256r1",
"version": "13",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Edge",
"curve": "secp256r1",
"version": "13",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Edge",
"curve": "secp256r1",
"version": "15",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Edge",
"curve": "secp256r1",
"version": "16",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Edge",
"curve": "secp256r1",
"version": "18",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Edge",
"curve": "secp256r1",
"version": "13",
"platform": "Win Phone 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Java",
"version": "6u45",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Java",
"version": "7u25",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Java",
"curve": "secp256r1",
"version": "8b132",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Java",
"curve": "secp256r1",
"version": "8u31",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Java",
"curve": "secp256r1",
"version": "8u111",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Java",
"curve": "secp256r1",
"version": "8u161",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Java",
"curve": "secp256r1",
"version": "9.0.4",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Java",
"curve": "secp256r1",
"version": "11.0.3",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Java",
"curve": "secp256r1",
"version": "12.0.1",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "OpenSSL",
"version": "0.9.8y",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "OpenSSL",
"curve": "secp521r1",
"version": "1.0.1h",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 25,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "OpenSSL",
"curve": "secp521r1",
"version": "1.0.1l",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 25,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "OpenSSL",
"curve": "secp256r1",
"version": "1.0.2e",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "OpenSSL",
"curve": "secp256r1",
"version": "1.0.2s",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "OpenSSL",
"curve": "secp256r1",
"version": "1.1.0k",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "OpenSSL",
"curve": "secp256r1",
"version": "1.1.1c",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Opera",
"version": "12.15",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Opera",
"version": "15",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Opera",
"version": "16",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Opera",
"version": "17",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Opera",
"curve": "secp256r1",
"version": "60",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Opera",
"curve": "secp256r1",
"version": "67",
"platform": "Win 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES128-GCM-SHA256",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49199
},
{
"name": "Safari",
"version": "5",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Safari",
"version": "5.1.9",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Safari",
"version": "6",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Safari",
"version": "6.0.4",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Safari",
"version": "7",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Safari",
"version": "8",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Safari",
"version": "7",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Safari",
"version": "8",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Safari",
"version": "8",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Safari",
"curve": "secp256r1",
"version": "9",
"platform": "iOS 9",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Safari",
"curve": "secp256r1",
"version": "9",
"platform": "OS X 10.11",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Safari",
"curve": "secp256r1",
"version": "10",
"platform": "iOS 10",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Safari",
"curve": "secp256r1",
"version": "10",
"platform": "OS X 10.12",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Safari",
"curve": "secp256r1",
"version": "12.1.2",
"platform": "MacOS 10.14.6 Beta",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Safari",
"curve": "secp256r1",
"version": "12.1.1",
"platform": "iOS 12.3.1",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Apple ATS",
"curve": "secp256r1",
"version": "9",
"platform": "iOS 9",
"protocol": "TLSv1.2",
"curve_code": 23,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Tor",
"version": "17.0.9",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Yahoo Slurp",
"version": "Oct 2013",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "Yahoo Slurp",
"curve": "secp384r1",
"version": "Jun 2014",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 24,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "Yahoo Slurp",
"curve": "secp384r1",
"version": "Jan 2015",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 24,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "YandexBot",
"version": "3.0",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "YandexBot",
"version": "May 2014",
"platform": "",
"curve_code": 0,
"is_supported": false,
"protocol_code": 0
},
{
"name": "YandexBot",
"curve": "secp521r1",
"version": "Sep 2014",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 25,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
},
{
"name": "YandexBot",
"curve": "secp521r1",
"version": "Jan 2015",
"platform": "",
"protocol": "TLSv1.2",
"curve_code": 25,
"ciphersuite": "ECDHE-RSA-AES256-GCM-SHA384",
"is_supported": true,
"protocol_code": 771,
"ciphersuite_code": 49200
}
],
"success": true
},
{
"id": 151843287,
"analyzer": "symantecDistrust",
"result": {
"reasons": [
"path uses a root not trusted by Mozilla: C=US, O=Internet Security Research Group, CN=ISRG Root X1 (id=188459944)",
"path uses a root not trusted by Mozilla: C=US, O=Internet Security Research Group, CN=ISRG Root X1 (id=189217477)",
"path uses a root not trusted by Mozilla: C=US, O=Internet Security Research Group, CN=ISRG Root X1 (id=189096219)"
],
"isDistrusted": false
},
"success": true
},
{
"id": 151843288,
"analyzer": "top1m",
"result": {
"target": {
"rank": 2147483647,
"domain": "www.pycon.fr",
"alexa_rank": 2147483647,
"cisco_rank": 2147483647
},
"certificate": {
"rank": 2147483647,
"domain": "pycon.fr",
"alexa_rank": 2147483647,
"cisco_rank": 2147483647,
"alexa_domain": "pycon.fr",
"cisco_domain": "pycon.fr"
}
},
"success": true
}
],
"ack": true,
"attempts": 1,
"analysis_params": {}
}
it's the "is_valid": false
thing that is causing the banner:
src/js/observatories/tls.js: if (results.is_valid === false) {
src/js/observatories/tls.js- $('#tls-observatory-invalid-cert-warning').removeClass('d-none');
src/js/observatories/tls.js- $('a[href="#tab-tlsobservatory"]').addClass('tabs-danger');
the URL giving me this json is: https://tls-observatory.services.mozilla.com/api/v1/results?id=56359988
so maybe it comes from https://github.com/mozilla/tls-observatory which already has an issue closely related: mozilla/tls-observatory#439
maybe this one should be closed, it's not about the front end after all.