TestReceiver

TestReceiver looks forward at the receiving end of an Internet eMail transfer to test the software, server, or appliance that receives email. These include unix sendmail or a sendmail-like product (Postfix, Qmail), Microsoft Exchange, or a router or security device with email capability (Barracuda, Pix).

TestReceiver does not actually send an email. It just makes sure that if it did, the email would be secure.

Confidence Factor
TestReceiver outputs a Confidence Factor for the tested email address. The Confidence Factor is a zero to 100 measure of how confident we are that an email to the address would be sent securely. It measures only that TLS will be used to receive email; it does not consider whether or not the email address is valid. As long as "TLS Negotiated" is OK (see output steps below), the score will be 100, even if the last two steps FAIL.

Depending on the output level selected (see below), the test also shows information about MX hosts, SMTP stages, SMTP commands and responses, details about the certificates and ciphers used, and even the contents of each packet.

Confidence QFactor
By checking the Quick option under Full, you can run a quick "touch" of a server. This QFactor is very different from our rigorous Confidence Factor because the Confidence Factor has to look at all the possible servers since any one of them could be used for any given email.

Automating TestReceiver

See About Batch, and especially the section on Batch Receiver Test for a better way to automate Receiver testing.

Other Uses

With higher output levels (see below), TestReceiver provides visibility into any SMTP session. It was designed to test if email can be received securely, but because it continues testing even if TLS fails, it can also show the inner workings of non-TLS email servers.

When using TestReceiver "off-label", for example to verify email addresses or open up the inner workings of SMTP email conversations, the Confidence Factor should be ignored. Use the detailed output levels (see below) to determine the success of your test.

Input Parameters
eMailAddress
The (recipient) address to test
Output Level
How much detail to show (see next section)
Output Levels
Score
Shows the Confidence Factor for this address. A Confidence Factor is our proprietary score which rates the chances of successfully delivering email securely (e.g. with TLS) to this address. It ranges from 0 (no chance) to 100 (sure thing).
Matrix
Shows the above plus a matrix showing each test step for for each Mail eXchanger (MX). See "Understanding the Output" below for info about the steps.
Detail
Shows the above plus each SMTP message sent to and from the email server. Test details are displayed real-time as the test is running (subject to browser buffering).
CertDetail
Shows the above plus details about the recipient's SSL Certificate.
SSLDetail
Shows the above plus details about the SSL connection.
Debug
Only shows the traffic between the two ends. Does not tease out any information like the above Detail levels, nor does it show the Matrix or the Confidence Factor. Note: this output is only useful for the most hard-core debugging, which should be using a packet analyzer instead.
SSLProbe
Probes the first MX and shows extensive information about protocols, ciphers, and vulnerabilities using testssl.sh. CheckTLS does not vouch for testssl.sh results, nor do we support or answer questions about it. testssl.sh is provided here "as is".

Understanding the Output

Confidence Factor (Score)

This proprietary score rates what we feel are the chances that an email sent to the tested address right now would go securely. It ranges from 0 (no chance) to 100 (sure thing). It takes into account the order and strength of each Mail eXchanger (MX) listed for the recipient's domain, and the strength, precision, and validity of the recipient's SSL certificates.

MX/Steps Matrix (Matrix)

This matrix lists, for each MX, the MX preference and the steps TestReceiver took in proofing the server. Each step shows OK/FAIL and how long (milliseconds) the step took to complete. See the Wikipedia MX_record article for info on MX servers.

The steps are in order:

Answer
Indicates we can connect to the server. This shows the server exists, is on, is connected to the Internet, and is listening for connections.
Connect
Indicates we are allowed to connect to the server. This shows the server allows connections from most domains and IP addresses (since it allowed CheckTLS to connect).
HELO
Indicates that most domains and IP addresses can talk to this server (since it allowed CheckTLS to "say hello" with the SMTP HELO/EHLO command).
TLS
Indicates that the server says it can do TLS.
Cert
Indicates that the server's SSL Certificate is good. Currently this means the cert's: hostname matches the server, encryption is good, authorization chain is valid, and it's not self signed. Note: this is a very stringent test, and most senders will still send even if these requirements are not met.
Secure
Indicates that the server does, in fact, do TLS. This shows that we were able to turn on encryption for everything going to and from the server.
From
Indicates that the server will let most domains and IP addresses send mail to this server (since it let CheckTLS start an email from the @checktls.com domain).
To
Indicates that the server will accept mail for the tested email address. This means the address is probably valid. This is only reported if you entered an email address rather than just a domain.
Data
Indicates that we were able to start an email to the tested address. This is only reported if you selected Send Email in the FULL Version.
Email
Indicates that we were able to finish the email to the tested address. This means the email was sent, although it still could get caught in a SPAM filter. This is only reported if you selected Send Email in the FULL Version.
SMTP Messages (Detail)

This shows the RFC 2821 SMTP commands from the sender and responses from the receiver. Each command or response is time stamped in milliseconds since the start of the test. Important parts of the conversation are highlighted, and some information about the SSL certificate being used is included. For example:

Trying TLS on mail4.checktls.com[10.18.112.126] (10):

seconds test stage and result
[000.001] Connected to server
[000.084] <--  220 www4.checktls.com ESMTP Sendmail 8.14.7/8.14.7; Sun, 19 Mar 2017 12:52:02 -0400
[000.084] We are allowed to connect
[000.084]  --> EHLO checktls.com
[000.085] <--  250-www4.checktls.com Hello www4.checktls.com [10.18.112.126], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
[000.085] We can use this server
[000.085] TLS is an option on this server
[000.086]  --> STARTTLS
[000.086] <--  220 2.0.0 Ready to start TLS
[000.086] STARTTLS command works on this server
[000.106] SSLVersion in use: TLSv1.2
[000.106] Cipher in use: AES256-SHA256
[000.106] Connection converted to SSL
[000.298]
Certificate 1 of 4 in chain:
subject= /OU=Domain Control Validated/CN=*.checktls.com
issuer= /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
[000.324]
Certificate 2 of 4 in chain:
subject= /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
issuer= /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
[000.349]
Certificate 3 of 4 in chain:
subject= /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
issuer= /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
[000.377]
Certificate 4 of 4 in chain:
subject= /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
issuer= /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
[000.378] Cert VALIDATED: ok
[000.378] Cert Hostname VERIFIED (mail4.checktls.com = *.checktls.com)
[000.378]  ~~> EHLO checktls.com
[000.380] <~~  250-www4.checktls.com Hello www4.checktls.com [10.18.112.126], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
[000.380] TLS successfully started on this server
[000.380]  ~~> MAIL FROM:<test@checktls.com>
[000.385] <~~  250 2.1.0 <test@checktls.com>... Sender ok
[000.386] Sender is OK
[000.386]  ~~> RCPT TO:<test@checktls.com>
[000.467] <~~  250 2.1.5 <test@checktls.com>... Recipient ok
[000.467] Recipient OK, email address proofed
[000.467]  ~~> QUIT
[000.468] <~~  221 2.0.0 www4.checktls.com closing connection
Cert Info (CertDetail)

Shows detailed information about the Public Key Certificate being used, and any Intermediate Certificates. It shows the encoded certificate itself as well as the decoded and parsed fields from it. If the remote server sent a certificate chain (used to verify/sign the remote server's certificate), those certificates and their fields are also shown.

SSL Info (SSLDetail)

Shows detailed information about the SSL connection. This includes the SSL negotiation and the decrypted packets sent and received.

Raw Traffic (Debug)

Debug output runs a different program internally and does not "watch" the test the way all the other levels do. It does not determine success or failure nor any of the timings, so it does not output the Confidence Factor nor the Matrix. It does not highlight important events in the traffic, nor does it decode certificates. The output is just the unparsed and unformatted, albeit decrypted, data traffic between the two email servers. For example:

CONNECTED(00000003)
read from 0x833bbd0 [0x833dd58] (4096 bytes => 85 (0x55))
0000 - 32 32 30 20 77 77 77 32-2e 63 68 65 63 6b 74 6c   220 www2.checktl
0010 - 73 2e 63 6f 6d 20 45 53-4d 54 50 20 53 65 6e 64   s.com ESMTP Send
0020 - 6d 61 69 6c 20 38 2e 31-34 2e 34 2f 38 2e 31 34   mail 8.14.4/8.14
0030 - 2e 34 3b 20 54 75 65 2c-20 31 30 20 4d 61 79 20   .4; Tue, 10 May 
0040 - 32 30 31 31 20 30 39 3a-31 32 3a 35 38 20 2d 30   2011 09:12:58 -0
0050 - 34 30 30 0d 0a                                    400..
write to 0x833bbd0 [0x833ed60] (25 bytes => 25 (0x19))
0000 - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69   EHLO openssl.cli
0010 - 65 6e 74 2e 6e 65 74 0d-0a                        ent.net..
read from 0x833bbd0 [0x833dd58] (4096 bytes => 204 (0xCC))
0000 - 32 35 30 2d 77 77 77 32-2e 63 68 65 63 6b 74 6c   250-www2.checktl
0010 - 73 2e 63 6f 6d 20 48 65-6c 6c 6f 20 77 77 77 31   s.com Hello www1
0020 - 2e 63 68 65 63 6b 74 6c-73 2e 63 6f 6d 20 5b 32   .checktls.com [2
0030 - 34 2e 31 32 33 2e 31 2e-33 5d 2c 20 70 6c 65 61   4.123.1.3], plea
0040 - 73 65 64 20 74 6f 20 6d-65 65 74 20 79 6f 75 0d   sed to meet you.
0050 - 0a 32 35 30 2d 45 4e 48-41 4e 43 45 44 53 54 41   .250-ENHANCEDSTA
0060 - 54 55 53 43 4f 44 45 53-0d 0a 32 35 30 2d 50 49   TUSCODES..250-PI
0070 - 50 45 4c 49 4e 49 4e 47-0d 0a 32 35 30 2d 38 42   PELINING..250-8B
0080 - 49 54 4d 49 4d 45 0d 0a-32 35 30 2d 53 49 5a 45   ITMIME..250-SIZE
0090 - 0d 0a 32 35 30 2d 44 53-4e 0d 0a 32 35 30 2d 45   ..250-DSN..250-E
00a0 - 54 52 4e 0d 0a 32 35 30-2d 53 54 41 52 54 54 4c   TRN..250-STARTTL
00b0 - 53 0d 0a 32 35 30 2d 44-45 4c 49 56 45 52 42 59   S..250-DELIVERBY
00c0 - 0d 0a 32 35 30 20 48 45-4c 50 0d 0a               ..250 HELP.. 
SSL Probe
Shows detailed information about the Protocols and Ciphers available on a single MX host using Dirk Wetter's spectacular ssl test tool. testssl.sh is provided "as is", and because it probes for a lot of information about the target, it takes a while to run and generates a noticable amount of traffic to the server. For example:

###########################################################
    testssl.sh       3.0rc1 from https://testssl.sh/dev/

      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
 on www6:/usr/local/testssl/V_3.0rc1/bin/openssl.Linux.x86_64
 (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")


 Start 2018-09-18 07:55:48        --\>\> 159.89.187.50:25 (www6.checktls.com) \<\<--

 A record via:           supplied IP "159.89.187.50"
 rDNS (159.89.187.50):   (instructed to minimize DNS queries)
 Service set:            STARTTLS via SMTP

 Testing protocols via sockets 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final

 Testing cipher categories 

 NULL ciphers (no encryption)                  not offered (OK)
 Anonymous NULL Ciphers (no authentication)    not offered (OK)
 Export ciphers (w/o ADH+NULL)                 not offered (OK)
 LOW: 64 Bit + DES encryption (w/o export)     not offered (OK)
 Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    not offered (OK)
 Triple DES Ciphers (Medium)                   not offered (OK)
 High encryption (AES+Camellia, no AEAD)       offered (OK)
 Strong encryption (AEAD ciphers)              offered (OK)


 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 

 PFS is offered (OK), ciphers follow (client/browser support is important here) 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                             available
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       available
 xcc14   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD  not a/v
 xcc13   ECDHE-RSA-CHACHA20-POLY1305-OLD   ECDH       ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD    not a/v
 xcc15   DHE-RSA-CHACHA20-POLY1305-OLD     DH         ChaCha20    256      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD      not a/v
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              available
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH       AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            not a/v
 xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              available
 xc024   ECDHE-ECDSA-AES256-SHA384         ECDH       AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384            not a/v
 xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 available
 xc00a   ECDHE-ECDSA-AES256-SHA            ECDH       AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA               not a/v
 xa3     DHE-DSS-AES256-GCM-SHA384         DH         AESGCM      256      TLS_DHE_DSS_WITH_AES_256_GCM_SHA384                not a/v
 x9f     DHE-RSA-AES256-GCM-SHA384         DH 2048    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                available
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      not a/v
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256        available
 xccaa   DHE-RSA-CHACHA20-POLY1305         DH 2048    ChaCha20    256      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256          available
 xc0af   ECDHE-ECDSA-AES256-CCM8           ECDH       AESCCM8     256      TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8                 not a/v
 xc0ad   ECDHE-ECDSA-AES256-CCM            ECDH       AESCCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_CCM                   not a/v
 xc0a3   DHE-RSA-AES256-CCM8               DH 2048    AESCCM8     256      TLS_DHE_RSA_WITH_AES_256_CCM_8                     available
 xc09f   DHE-RSA-AES256-CCM                DH 2048    AESCCM      256      TLS_DHE_RSA_WITH_AES_256_CCM                       available
 x6b     DHE-RSA-AES256-SHA256             DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                available
 x6a     DHE-DSS-AES256-SHA256             DH         AES         256      TLS_DHE_DSS_WITH_AES_256_CBC_SHA256                not a/v
 x39     DHE-RSA-AES256-SHA                DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   available
 x38     DHE-DSS-AES256-SHA                DH         AES         256      TLS_DHE_DSS_WITH_AES_256_CBC_SHA                   not a/v
 xc077   ECDHE-RSA-CAMELLIA256-SHA384      ECDH 256   Camellia    256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384         available
 xc073   ECDHE-ECDSA-CAMELLIA256-SHA384    ECDH       Camellia    256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384       not a/v
 xc4     DHE-RSA-CAMELLIA256-SHA256        DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256           available
 xc3     DHE-DSS-CAMELLIA256-SHA256        DH         Camellia    256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256           not a/v
 x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              available
 x87     DHE-DSS-CAMELLIA256-SHA           DH         Camellia    256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA              not a/v
 xc043   DHE-DSS-ARIA256-CBC-SHA384        DH         ARIA        256      TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384               not a/v
 xc045   DHE-RSA-ARIA256-CBC-SHA384        DH         ARIA        256      TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384               not a/v
 xc049   ECDHE-ECDSA-ARIA256-CBC-SHA384    ECDH       ARIA        256      TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384           not a/v
 xc04d   ECDHE-RSA-ARIA256-CBC-SHA384      ECDH       ARIA        256      TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384             not a/v
 xc053   DHE-RSA-ARIA256-GCM-SHA384        DH 2048    ARIAGCM     256      TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384               available
 xc057   DHE-DSS-ARIA256-GCM-SHA384        DH         ARIAGCM     256      TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384               not a/v
 xc05d   ECDHE-ECDSA-ARIA256-GCM-SHA384    ECDH       ARIAGCM     256      TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384           not a/v
 xc061   ECDHE-ARIA256-GCM-SHA384          ECDH 253   ARIAGCM     256      TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384             available
 xc07d   -                                 DH         CamelliaGCM 256      TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384           not a/v
 xc081   -                                 DH         CamelliaGCM 256      TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384           not a/v
 xc087   -                                 ECDH       CamelliaGCM 256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384       not a/v
 xc08b   -                                 ECDH       CamelliaGCM 256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384         not a/v
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256                             available
 x1304   TLS_AES_128_CCM_SHA256            any        AESCCM      128      TLS_AES_128_CCM_SHA256                             not a/v
 x1305   TLS_AES_128_CCM_8_SHA256          any        AESCCM8     128      TLS_AES_128_CCM_8_SHA256                           not a/v
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              available
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH       AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            not a/v
 xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256              available
 xc023   ECDHE-ECDSA-AES128-SHA256         ECDH       AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256            not a/v
 xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 available
 xc009   ECDHE-ECDSA-AES128-SHA            ECDH       AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA               not a/v
 xa2     DHE-DSS-AES128-GCM-SHA256         DH         AESGCM      128      TLS_DHE_DSS_WITH_AES_128_GCM_SHA256                not a/v
 x9e     DHE-RSA-AES128-GCM-SHA256         DH 2048    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                available
 xc0ae   ECDHE-ECDSA-AES128-CCM8           ECDH       AESCCM8     128      TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8                 not a/v
 xc0ac   ECDHE-ECDSA-AES128-CCM            ECDH       AESCCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_CCM                   not a/v
 xc0a2   DHE-RSA-AES128-CCM8               DH 2048    AESCCM8     128      TLS_DHE_RSA_WITH_AES_128_CCM_8                     available
 xc09e   DHE-RSA-AES128-CCM                DH 2048    AESCCM      128      TLS_DHE_RSA_WITH_AES_128_CCM                       available
 x67     DHE-RSA-AES128-SHA256             DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256                available
 x40     DHE-DSS-AES128-SHA256             DH         AES         128      TLS_DHE_DSS_WITH_AES_128_CBC_SHA256                not a/v
 x33     DHE-RSA-AES128-SHA                DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   available
 x32     DHE-DSS-AES128-SHA                DH         AES         128      TLS_DHE_DSS_WITH_AES_128_CBC_SHA                   not a/v
 xc076   ECDHE-RSA-CAMELLIA128-SHA256      ECDH 256   Camellia    128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256         available
 xc072   ECDHE-ECDSA-CAMELLIA128-SHA256    ECDH       Camellia    128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256       not a/v
 xbe     DHE-RSA-CAMELLIA128-SHA256        DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256           available
 xbd     DHE-DSS-CAMELLIA128-SHA256        DH         Camellia    128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256           not a/v
 x9a     DHE-RSA-SEED-SHA                  DH         SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA                      not a/v
 x99     DHE-DSS-SEED-SHA                  DH         SEED        128      TLS_DHE_DSS_WITH_SEED_CBC_SHA                      not a/v
 x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              available
 x44     DHE-DSS-CAMELLIA128-SHA           DH         Camellia    128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA              not a/v
 xc042   DHE-DSS-ARIA128-CBC-SHA256        DH         ARIA        128      TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256               not a/v
 xc044   DHE-RSA-ARIA128-CBC-SHA256        DH         ARIA        128      TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256               not a/v
 xc048   ECDHE-ECDSA-ARIA128-CBC-SHA256    ECDH       ARIA        128      TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256           not a/v
 xc04c   ECDHE-RSA-ARIA128-CBC-SHA256      ECDH       ARIA        128      TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256             not a/v
 xc052   DHE-RSA-ARIA128-GCM-SHA256        DH 2048    ARIAGCM     128      TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256               available
 xc056   DHE-DSS-ARIA128-GCM-SHA256        DH         ARIAGCM     128      TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256               not a/v
 xc05c   ECDHE-ECDSA-ARIA128-GCM-SHA256    ECDH       ARIAGCM     128      TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256           not a/v
 xc060   ECDHE-ARIA128-GCM-SHA256          ECDH 253   ARIAGCM     128      TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256             available
 xc07c   -                                 DH         CamelliaGCM 128      TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256           not a/v
 xc080   -                                 DH         CamelliaGCM 128      TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256           not a/v
 xc086   -                                 ECDH       CamelliaGCM 128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256       not a/v
 xc08a   -                                 ECDH       CamelliaGCM 128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256         not a/v

 Elliptic curves offered:     prime256v1 secp384r1 secp521r1 X25519 X448 


 Testing server preferences 

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.3
 Negotiated cipher            TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Cipher order
    TLSv1:     ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA
               DHE-RSA-CAMELLIA128-SHA AES256-SHA CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA 
    TLSv1.1:   ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA
               DHE-RSA-CAMELLIA128-SHA AES256-SHA CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA 
    TLSv1.2:   ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305
               DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM ECDHE-ARIA256-GCM-SHA384 DHE-RSA-ARIA256-GCM-SHA384
               ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM
               ECDHE-ARIA128-GCM-SHA256 DHE-RSA-ARIA128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256
               ECDHE-RSA-CAMELLIA256-SHA384 DHE-RSA-CAMELLIA256-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256
               ECDHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA256 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA
               DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA AES256-GCM-SHA384
               AES256-CCM8 AES256-CCM ARIA256-GCM-SHA384 AES128-GCM-SHA256 AES128-CCM8 AES128-CCM ARIA128-GCM-SHA256
               AES256-SHA256 CAMELLIA256-SHA256 AES128-SHA256 CAMELLIA128-SHA256 AES256-SHA CAMELLIA256-SHA AES128-SHA
               CAMELLIA128-SHA 
    TLSv1.3:   TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 


 Testing server defaults (Server Hello) 

 TLS extensions (standard)    "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35"
                              "supported versions/#43" "key share/#51" "supported_groups/#10" "max fragment length/#1"
                              "encrypt-then-mac/#22" "extended master secret/#23"
 Session Ticket RFC 5077 hint 1 seconds, session tickets keys seems to be rotated < daily
 SSL Session ID support       yes
 Session Resumption           Tickets: yes, ID: no
 TLS clock skew               Random values, no fingerprinting possible 
 Signature Algorithm          SHA256 with RSA
 Server key size              RSA 2048 bits
 Server key usage             Digital Signature, Key Encipherment
 Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
 Serial / Fingerprints        C9FA145EB499E5D4 / SHA1 DF0BF9B74D7F3C3F38AA1721C1CFDCC4798B1B37
                              SHA256 6DACDF012B052B8B5E10F23E4D18E11E74413948F3BF317F7049FA8AA89B51E3
 Common Name (CN)             *.checktls.com
 subjectAltName (SAN)         *.checktls.com checktls.com 
 Issuer                       Go Daddy Secure Certificate Authority - G2 (GoDaddy.com, Inc. from US)
 Trust (hostname)             Ok via SAN wildcard and CN wildcard
 Chain of trust               Ok   
 EV cert (experimental)       no 
 Certificate Validity (UTC)   444 \>= 60 days (2016-10-07 08:58 --> 2019-12-06 12:42)
 # of certificates provided   4
 Certificate Revocation List  http://crl.godaddy.com/gdig2s1-318.crl
 OCSP URI                     http://ocsp.godaddy.com/
 OCSP stapling                not offered
 OCSP must staple extension   --
 DNS CAA RR (experimental)    (instructed to minimize DNS queries)
 Certificate Transparency     N/A


 Testing vulnerabilities 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 ROBOT                                     not vulnerable (OK)
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     VULNERABLE (NOT ok), potential DoS threat
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK) (not using HTTP anyway)
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=6DACDF012B052B8B5E10F23E4D18E11E74413948F3BF317F7049FA8AA89B51E3 could help you to find out
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no common primes detected
 BEAST (CVE-2011-3389)                     
 TLS1:Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
 xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 available
 xc00a   ECDHE-ECDSA-AES256-SHA            ECDH       AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA               not a/v
 xc022   SRP-DSS-AES-256-CBC-SHA           SRP        AES         256      TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA               not a/v
 xc021   SRP-RSA-AES-256-CBC-SHA           SRP        AES         256      TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA               not a/v
 xc020   SRP-AES-256-CBC-SHA               SRP        AES         256      TLS_SRP_SHA_WITH_AES_256_CBC_SHA                   not a/v
 x91     DHE-PSK-AES256-CBC-SHA            DHEPSK     AES         256      TLS_DHE_PSK_WITH_AES_256_CBC_SHA                   not a/v
 x39     DHE-RSA-AES256-SHA                DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   available
 x38     DHE-DSS-AES256-SHA                DH         AES         256      TLS_DHE_DSS_WITH_AES_256_CBC_SHA                   not a/v
 x37     DH-RSA-AES256-SHA                 DH/RSA     AES         256      TLS_DH_RSA_WITH_AES_256_CBC_SHA                    not a/v
 x36     DH-DSS-AES256-SHA                 DH/DSS     AES         256      TLS_DH_DSS_WITH_AES_256_CBC_SHA                    not a/v
 x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              available
 x87     DHE-DSS-CAMELLIA256-SHA           DH         Camellia    256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA              not a/v
 x86     DH-RSA-CAMELLIA256-SHA            DH/RSA     Camellia    256      TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA               not a/v
 x85     DH-DSS-CAMELLIA256-SHA            DH/DSS     Camellia    256      TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA               not a/v
 xc019   AECDH-AES256-SHA                  ECDH       AES         256      TLS_ECDH_anon_WITH_AES_256_CBC_SHA                 not a/v
 x3a     ADH-AES256-SHA                    DH         AES         256      TLS_DH_anon_WITH_AES_256_CBC_SHA                   not a/v
 x89     ADH-CAMELLIA256-SHA               DH         Camellia    256      TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA              not a/v
 xc00f   ECDH-RSA-AES256-SHA               ECDH/RSA   AES         256      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA                  not a/v
 xc005   ECDH-ECDSA-AES256-SHA             ECDH/ECDSA AES         256      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA                not a/v
 x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                       available
 xc036   ECDHE-PSK-AES256-CBC-SHA          ECDHEPSK   AES         256      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA                 not a/v
 x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                  available
 x95     RSA-PSK-AES256-CBC-SHA            RSAPSK     AES         256      TLS_RSA_PSK_WITH_AES_256_CBC_SHA                   not a/v
 x8d     PSK-AES256-CBC-SHA                PSK        AES         256      TLS_PSK_WITH_AES_256_CBC_SHA                       not a/v
 xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 available
 xc009   ECDHE-ECDSA-AES128-SHA            ECDH       AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA               not a/v
 xc01f   SRP-DSS-AES-128-CBC-SHA           SRP        AES         128      TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA               not a/v
 xc01e   SRP-RSA-AES-128-CBC-SHA           SRP        AES         128      TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA               not a/v
 xc01d   SRP-AES-128-CBC-SHA               SRP        AES         128      TLS_SRP_SHA_WITH_AES_128_CBC_SHA                   not a/v
 x33     DHE-RSA-AES128-SHA                DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   available
 x32     DHE-DSS-AES128-SHA                DH         AES         128      TLS_DHE_DSS_WITH_AES_128_CBC_SHA                   not a/v
 x31     DH-RSA-AES128-SHA                 DH/RSA     AES         128      TLS_DH_RSA_WITH_AES_128_CBC_SHA                    not a/v
 x30     DH-DSS-AES128-SHA                 DH/DSS     AES         128      TLS_DH_DSS_WITH_AES_128_CBC_SHA                    not a/v
 x9a     DHE-RSA-SEED-SHA                  DH         SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA                      not a/v
 x99     DHE-DSS-SEED-SHA                  DH         SEED        128      TLS_DHE_DSS_WITH_SEED_CBC_SHA                      not a/v
 x98     DH-RSA-SEED-SHA                   DH/RSA     SEED        128      TLS_DH_RSA_WITH_SEED_CBC_SHA                       not a/v
 x97     DH-DSS-SEED-SHA                   DH/DSS     SEED        128      TLS_DH_DSS_WITH_SEED_CBC_SHA                       not a/v
 x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              available
 x44     DHE-DSS-CAMELLIA128-SHA           DH         Camellia    128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA              not a/v
 x43     DH-RSA-CAMELLIA128-SHA            DH/RSA     Camellia    128      TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA               not a/v
 x42     DH-DSS-CAMELLIA128-SHA            DH/DSS     Camellia    128      TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA               not a/v
 xc018   AECDH-AES128-SHA                  ECDH       AES         128      TLS_ECDH_anon_WITH_AES_128_CBC_SHA                 not a/v
 x34     ADH-AES128-SHA                    DH         AES         128      TLS_DH_anon_WITH_AES_128_CBC_SHA                   not a/v
 x9b     ADH-SEED-SHA                      DH         SEED        128      TLS_DH_anon_WITH_SEED_CBC_SHA                      not a/v
 x46     ADH-CAMELLIA128-SHA               DH         Camellia    128      TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA              not a/v
 xc00e   ECDH-RSA-AES128-SHA               ECDH/RSA   AES         128      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA                  not a/v
 xc004   ECDH-ECDSA-AES128-SHA             ECDH/ECDSA AES         128      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA                not a/v
 x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA                       available
 xc035   ECDHE-PSK-AES128-CBC-SHA          ECDHEPSK   AES         128      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA                 not a/v
 x90     DHE-PSK-AES128-CBC-SHA            DHEPSK     AES         128      TLS_DHE_PSK_WITH_AES_128_CBC_SHA                   not a/v
 x96     SEED-SHA                          RSA        SEED        128      TLS_RSA_WITH_SEED_CBC_SHA                          not a/v
 x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                  available
 x07     IDEA-CBC-SHA                      RSA        IDEA        128      TLS_RSA_WITH_IDEA_CBC_SHA                          not a/v
 x94     RSA-PSK-AES128-CBC-SHA            RSAPSK     AES         128      TLS_RSA_PSK_WITH_AES_128_CBC_SHA                   not a/v
 x8c     PSK-AES128-CBC-SHA                PSK        AES         128      TLS_PSK_WITH_AES_128_CBC_SHA                       not a/v
 x21     KRB5-IDEA-CBC-SHA                 KRB5       IDEA        128      TLS_KRB5_WITH_IDEA_CBC_SHA                         not a/v
 x25     KRB5-IDEA-CBC-MD5                 KRB5       IDEA        128      TLS_KRB5_WITH_IDEA_CBC_MD5                         not a/v
 xc012   ECDHE-RSA-DES-CBC3-SHA            ECDH       3DES        168      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA                not a/v
 xc008   ECDHE-ECDSA-DES-CBC3-SHA          ECDH       3DES        168      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA              not a/v
 xc01c   SRP-DSS-3DES-EDE-CBC-SHA          SRP        3DES        168      TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA              not a/v
 xc01b   SRP-RSA-3DES-EDE-CBC-SHA          SRP        3DES        168      TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA              not a/v
 xc01a   SRP-3DES-EDE-CBC-SHA              SRP        3DES        168      TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA                  not a/v
 x16     EDH-RSA-DES-CBC3-SHA              DH         3DES        168      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA                  not a/v
 x13     EDH-DSS-DES-CBC3-SHA              DH         3DES        168      TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA                  not a/v
 x10     DH-RSA-DES-CBC3-SHA               DH/RSA     3DES        168      TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA                   not a/v
 x0d     DH-DSS-DES-CBC3-SHA               DH/DSS     3DES        168      TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA                   not a/v
 xc017   AECDH-DES-CBC3-SHA                ECDH       3DES        168      TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA                not a/v
 x1b     ADH-DES-CBC3-SHA                  DH         3DES        168      TLS_DH_anon_WITH_3DES_EDE_CBC_SHA                  not a/v
 xc00d   ECDH-RSA-DES-CBC3-SHA             ECDH/RSA   3DES        168      TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA                 not a/v
 xc003   ECDH-ECDSA-DES-CBC3-SHA           ECDH/ECDSA 3DES        168      TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA               not a/v
 x0a     DES-CBC3-SHA                      RSA        3DES        168      TLS_RSA_WITH_3DES_EDE_CBC_SHA                      not a/v
 x93     RSA-PSK-3DES-EDE-CBC-SHA          RSAPSK     3DES        168      TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA                  not a/v
 x8b     PSK-3DES-EDE-CBC-SHA              PSK        3DES        168      TLS_PSK_WITH_3DES_EDE_CBC_SHA                      not a/v
 x1f     KRB5-DES-CBC3-SHA                 KRB5       3DES        168      TLS_KRB5_WITH_3DES_EDE_CBC_SHA                     not a/v
 x23     KRB5-DES-CBC3-MD5                 KRB5       3DES        168      TLS_KRB5_WITH_3DES_EDE_CBC_MD5                     not a/v
 xc034   ECDHE-PSK-3DES-EDE-CBC-SHA        ECDHEPSK   3DES        168      TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA                not a/v
 x8f     DHE-PSK-3DES-EDE-CBC-SHA          DHEPSK     3DES        168      TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA                  not a/v
 xfeff   -                                 RSA        3DES        168      SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA                 not a/v
 xffe0   -                                 RSA        3DES        168      SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA                 not a/v
 x63     EXP1024-DHE-DSS-DES-CBC-SHA       DH(1024)   DES         56,exp   TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA            not a/v
 x15     EDH-RSA-DES-CBC-SHA               DH         DES         56       TLS_DHE_RSA_WITH_DES_CBC_SHA                       not a/v
 x12     EDH-DSS-DES-CBC-SHA               DH         DES         56       TLS_DHE_DSS_WITH_DES_CBC_SHA                       not a/v
 x0f     DH-RSA-DES-CBC-SHA                DH/RSA     DES         56       TLS_DH_RSA_WITH_DES_CBC_SHA                        not a/v
 x0c     DH-DSS-DES-CBC-SHA                DH/DSS     DES         56       TLS_DH_DSS_WITH_DES_CBC_SHA                        not a/v
 x1a     ADH-DES-CBC-SHA                   DH         DES         56       TLS_DH_anon_WITH_DES_CBC_SHA                       not a/v
 x62     EXP1024-DES-CBC-SHA               RSA(1024)  DES         56,exp   TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA                not a/v
 x09     DES-CBC-SHA                       RSA        DES         56       TLS_RSA_WITH_DES_CBC_SHA                           not a/v
 x1e     KRB5-DES-CBC-SHA                  KRB5       DES         56       TLS_KRB5_WITH_DES_CBC_SHA                          not a/v
 x22     KRB5-DES-CBC-MD5                  KRB5       DES         56       TLS_KRB5_WITH_DES_CBC_MD5                          not a/v
 xfefe   -                                 RSA        DES         56       SSL_RSA_FIPS_WITH_DES_CBC_SHA                      not a/v
 xffe1   -                                 RSA        DES         56       SSL_RSA_FIPS_WITH_DES_CBC_SHA                      not a/v
 x14     EXP-EDH-RSA-DES-CBC-SHA           DH(512)    DES         40,exp   TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA              not a/v
 x11     EXP-EDH-DSS-DES-CBC-SHA           DH(512)    DES         40,exp   TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA              not a/v
 x19     EXP-ADH-DES-CBC-SHA               DH(512)    DES         40,exp   TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA              not a/v
 x08     EXP-DES-CBC-SHA                   RSA(512)   DES         40,exp   TLS_RSA_EXPORT_WITH_DES40_CBC_SHA                  not a/v
 x06     EXP-RC2-CBC-MD5                   RSA(512)   RC2         40,exp   TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5                 not a/v
 x27     EXP-KRB5-RC2-CBC-SHA              KRB5       RC2         40,exp   TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA                not a/v
 x26     EXP-KRB5-DES-CBC-SHA              KRB5       DES         40,exp   TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA                not a/v
 x2a     EXP-KRB5-RC2-CBC-MD5              KRB5       RC2         40,exp   TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5                not a/v
 x29     EXP-KRB5-DES-CBC-MD5              KRB5       DES         40,exp   TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5                not a/v
 x0b     EXP-DH-DSS-DES-CBC-SHA            DH/DSS     DES         40,exp   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA               not a/v
 x0e     EXP-DH-RSA-DES-CBC-SHA            DH/RSA     DES         40,exp   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA               not a/v

 VULNERABLE -- but also supports higher protocols (possible mitigation)  TLSv1.1 TLSv1.2

 LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


 Testing 364 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                             available
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       available
 xcc14   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD  not a/v
 xcc13   ECDHE-RSA-CHACHA20-POLY1305-OLD   ECDH       ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD    not a/v
 xcc15   DHE-RSA-CHACHA20-POLY1305-OLD     DH         ChaCha20    256      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD      not a/v
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              available
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH       AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            not a/v
 xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              available
 xc024   ECDHE-ECDSA-AES256-SHA384         ECDH       AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384            not a/v
 xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 available
 xc00a   ECDHE-ECDSA-AES256-SHA            ECDH       AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA               not a/v
 xc022   SRP-DSS-AES-256-CBC-SHA           SRP        AES         256      TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA               not a/v
 xc021   SRP-RSA-AES-256-CBC-SHA           SRP        AES         256      TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA               not a/v
 xc020   SRP-AES-256-CBC-SHA               SRP        AES         256      TLS_SRP_SHA_WITH_AES_256_CBC_SHA                   not a/v
 xb7     RSA-PSK-AES256-CBC-SHA384         RSAPSK     AES         256      TLS_RSA_PSK_WITH_AES_256_CBC_SHA384                not a/v
 xb3     DHE-PSK-AES256-CBC-SHA384         DHEPSK     AES         256      TLS_DHE_PSK_WITH_AES_256_CBC_SHA384                not a/v
 x91     DHE-PSK-AES256-CBC-SHA            DHEPSK     AES         256      TLS_DHE_PSK_WITH_AES_256_CBC_SHA                   not a/v
 xc09b   ECDHE-PSK-CAMELLIA256-SHA384      ECDHEPSK   Camellia    256      TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384         not a/v
 xc099   RSA-PSK-CAMELLIA256-SHA384        RSAPSK     Camellia    256      TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384           not a/v
 xc097   DHE-PSK-CAMELLIA256-SHA384        DHEPSK     Camellia    256      TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384           not a/v
 xaf     PSK-AES256-CBC-SHA384             PSK        AES         256      TLS_PSK_WITH_AES_256_CBC_SHA384                    not a/v
 xc095   PSK-CAMELLIA256-SHA384            PSK        Camellia    256      TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384               not a/v
 xa5     DH-DSS-AES256-GCM-SHA384          DH/DSS     AESGCM      256      TLS_DH_DSS_WITH_AES_256_GCM_SHA384                 not a/v
 xa3     DHE-DSS-AES256-GCM-SHA384         DH         AESGCM      256      TLS_DHE_DSS_WITH_AES_256_GCM_SHA384                not a/v
 xa1     DH-RSA-AES256-GCM-SHA384          DH/RSA     AESGCM      256      TLS_DH_RSA_WITH_AES_256_GCM_SHA384                 not a/v
 x9f     DHE-RSA-AES256-GCM-SHA384         DH 2048    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                available
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      not a/v
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256        available
 xccaa   DHE-RSA-CHACHA20-POLY1305         DH 2048    ChaCha20    256      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256          available
 xc0af   ECDHE-ECDSA-AES256-CCM8           ECDH       AESCCM8     256      TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8                 not a/v
 xc0ad   ECDHE-ECDSA-AES256-CCM            ECDH       AESCCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_CCM                   not a/v
 xc0a3   DHE-RSA-AES256-CCM8               DH 2048    AESCCM8     256      TLS_DHE_RSA_WITH_AES_256_CCM_8                     available
 xc09f   DHE-RSA-AES256-CCM                DH 2048    AESCCM      256      TLS_DHE_RSA_WITH_AES_256_CCM                       available
 x6b     DHE-RSA-AES256-SHA256             DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                available
 x6a     DHE-DSS-AES256-SHA256             DH         AES         256      TLS_DHE_DSS_WITH_AES_256_CBC_SHA256                not a/v
 x69     DH-RSA-AES256-SHA256              DH/RSA     AES         256      TLS_DH_RSA_WITH_AES_256_CBC_SHA256                 not a/v
 x68     DH-DSS-AES256-SHA256              DH/DSS     AES         256      TLS_DH_DSS_WITH_AES_256_CBC_SHA256                 not a/v
 x39     DHE-RSA-AES256-SHA                DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   available
 x38     DHE-DSS-AES256-SHA                DH         AES         256      TLS_DHE_DSS_WITH_AES_256_CBC_SHA                   not a/v
 x37     DH-RSA-AES256-SHA                 DH/RSA     AES         256      TLS_DH_RSA_WITH_AES_256_CBC_SHA                    not a/v
 x36     DH-DSS-AES256-SHA                 DH/DSS     AES         256      TLS_DH_DSS_WITH_AES_256_CBC_SHA                    not a/v
 xc077   ECDHE-RSA-CAMELLIA256-SHA384      ECDH 256   Camellia    256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384         available
 xc073   ECDHE-ECDSA-CAMELLIA256-SHA384    ECDH       Camellia    256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384       not a/v
 xc4     DHE-RSA-CAMELLIA256-SHA256        DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256           available
 xc3     DHE-DSS-CAMELLIA256-SHA256        DH         Camellia    256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256           not a/v
 xc2     DH-RSA-CAMELLIA256-SHA256         DH/RSA     Camellia    256      TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256            not a/v
 xc1     DH-DSS-CAMELLIA256-SHA256         DH/DSS     Camellia    256      TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256            not a/v
 x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              available
 x87     DHE-DSS-CAMELLIA256-SHA           DH         Camellia    256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA              not a/v
 x86     DH-RSA-CAMELLIA256-SHA            DH/RSA     Camellia    256      TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA               not a/v
 x85     DH-DSS-CAMELLIA256-SHA            DH/DSS     Camellia    256      TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA               not a/v
 xc019   AECDH-AES256-SHA                  ECDH       AES         256      TLS_ECDH_anon_WITH_AES_256_CBC_SHA                 not a/v
 xa7     ADH-AES256-GCM-SHA384             DH         AESGCM      256      TLS_DH_anon_WITH_AES_256_GCM_SHA384                not a/v
 x6d     ADH-AES256-SHA256                 DH         AES         256      TLS_DH_anon_WITH_AES_256_CBC_SHA256                not a/v
 x3a     ADH-AES256-SHA                    DH         AES         256      TLS_DH_anon_WITH_AES_256_CBC_SHA                   not a/v
 xc5     ADH-CAMELLIA256-SHA256            DH         Camellia    256      TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256           not a/v
 x89     ADH-CAMELLIA256-SHA               DH         Camellia    256      TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA              not a/v
 xad     RSA-PSK-AES256-GCM-SHA384         RSAPSK     AESGCM      256      TLS_RSA_PSK_WITH_AES_256_GCM_SHA384                not a/v
 xab     DHE-PSK-AES256-GCM-SHA384         DHEPSK     AESGCM      256      TLS_DHE_PSK_WITH_AES_256_GCM_SHA384                not a/v
 xccae   RSA-PSK-CHACHA20-POLY1305         RSAPSK     ChaCha20    256      TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256          not a/v
 xccad   DHE-PSK-CHACHA20-POLY1305         DHEPSK     ChaCha20    256      TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256          not a/v
 xccac   ECDHE-PSK-CHACHA20-POLY1305       ECDHEPSK   ChaCha20    256      TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256        not a/v
 xc0ab   DHE-PSK-AES256-CCM8               DHEPSK     AESCCM8     256      TLS_PSK_DHE_WITH_AES_256_CCM_8                     not a/v
 xc0a7   DHE-PSK-AES256-CCM                DHEPSK     AESCCM      256      TLS_DHE_PSK_WITH_AES_256_CCM                       not a/v
 xc032   ECDH-RSA-AES256-GCM-SHA384        ECDH/RSA   AESGCM      256      TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384               not a/v
 xc02e   ECDH-ECDSA-AES256-GCM-SHA384      ECDH/ECDSA AESGCM      256      TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384             not a/v
 xc02a   ECDH-RSA-AES256-SHA384            ECDH/RSA   AES         256      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384               not a/v
 xc026   ECDH-ECDSA-AES256-SHA384          ECDH/ECDSA AES         256      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384             not a/v
 xc00f   ECDH-RSA-AES256-SHA               ECDH/RSA   AES         256      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA                  not a/v
 xc005   ECDH-ECDSA-AES256-SHA             ECDH/ECDSA AES         256      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA                not a/v
 xc079   ECDH-RSA-CAMELLIA256-SHA384       ECDH/RSA   Camellia    256      TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384          not a/v
 xc075   ECDH-ECDSA-CAMELLIA256-SHA384     ECDH/ECDSA Camellia    256      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384        not a/v
 x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384                    available
 xc0a1   AES256-CCM8                       RSA        AESCCM8     256      TLS_RSA_WITH_AES_256_CCM_8                         available
 xc09d   AES256-CCM                        RSA        AESCCM      256      TLS_RSA_WITH_AES_256_CCM                           available
 xa9     PSK-AES256-GCM-SHA384             PSK        AESGCM      256      TLS_PSK_WITH_AES_256_GCM_SHA384                    not a/v
 xccab   PSK-CHACHA20-POLY1305             PSK        ChaCha20    256      TLS_PSK_WITH_CHACHA20_POLY1305_SHA256              not a/v
 xc0a9   PSK-AES256-CCM8                   PSK        AESCCM8     256      TLS_PSK_WITH_AES_256_CCM_8                         not a/v
 xc0a5   PSK-AES256-CCM                    PSK        AESCCM      256      TLS_PSK_WITH_AES_256_CCM                           not a/v
 x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256                    available
 x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                       available
 xc0     CAMELLIA256-SHA256                RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256               available
 xc038   ECDHE-PSK-AES256-CBC-SHA384       ECDHEPSK   AES         256      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384              not a/v
 xc036   ECDHE-PSK-AES256-CBC-SHA          ECDHEPSK   AES         256      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA                 not a/v
 x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                  available
 x95     RSA-PSK-AES256-CBC-SHA            RSAPSK     AES         256      TLS_RSA_PSK_WITH_AES_256_CBC_SHA                   not a/v
 x8d     PSK-AES256-CBC-SHA                PSK        AES         256      TLS_PSK_WITH_AES_256_CBC_SHA                       not a/v
 xc03d   ARIA256-CBC-SHA384                RSA        ARIA        256      TLS_RSA_WITH_ARIA_256_CBC_SHA384                   not a/v
 xc03f   -                                 DH/DSS     ARIA        256      TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384                not a/v
 xc041   -                                 DH/RSA     ARIA        256      TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384                not a/v
 xc043   DHE-DSS-ARIA256-CBC-SHA384        DH         ARIA        256      TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384               not a/v
 xc045   DHE-RSA-ARIA256-CBC-SHA384        DH         ARIA        256      TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384               not a/v
 xc047   DH-anon-ARIA256-CBC-SHA384        DH         ARIA        256      TLS_DH_anon_WITH_ARIA_256_CBC_SHA384               not a/v
 xc049   ECDHE-ECDSA-ARIA256-CBC-SHA384    ECDH       ARIA        256      TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384           not a/v
 xc04b   -                                 ECDH/ECDSA ARIA        256      TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384            not a/v
 xc04d   ECDHE-RSA-ARIA256-CBC-SHA384      ECDH       ARIA        256      TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384             not a/v
 xc04f   -                                 ECDH/RSA   ARIA        256      TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384              not a/v
 xc051   ARIA256-GCM-SHA384                RSA        ARIAGCM     256      TLS_RSA_WITH_ARIA_256_GCM_SHA384                   available
 xc053   DHE-RSA-ARIA256-GCM-SHA384        DH 2048    ARIAGCM     256      TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384               available
 xc055   DH-RSA-ARIA256-GCM-SHA384         DH/RSA     ARIAGCM     256      TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384                not a/v
 xc057   DHE-DSS-ARIA256-GCM-SHA384        DH         ARIAGCM     256      TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384               not a/v
 xc059   DH-DSS-ARIA256-GCM-SHA384         DH/DSS     ARIAGCM     256      TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384                not a/v
 xc05b   ADH-ARIA256-GCM-SHA384            DH         ARIAGCM     256      TLS_DH_anon_WITH_ARIA_256_GCM_SHA384               not a/v
 xc05d   ECDHE-ECDSA-ARIA256-GCM-SHA384    ECDH       ARIAGCM     256      TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384           not a/v
 xc05f   ECDH-ECDSA-ARIA256-GCM-SHA384     ECDH/ECDSA ARIAGCM     256      TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384            not a/v
 xc061   ECDHE-ARIA256-GCM-SHA384          ECDH 253   ARIAGCM     256      TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384             available
 xc063   ECDH-ARIA256-GCM-SHA384           ECDH/RSA   ARIAGCM     256      TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384              not a/v
 xc065   -                                 PSK        ARIA        256      TLS_PSK_WITH_ARIA_256_CBC_SHA384                   not a/v
 xc067   -                                 DHEPSK     ARIA        256      TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384               not a/v
 xc069   -                                 RSAPSK     ARIA        256      TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384               not a/v
 xc06b   PSK-ARIA256-GCM-SHA384            PSK        ARIAGCM     256      TLS_PSK_WITH_ARIA_256_GCM_SHA384                   not a/v
 xc06d   DHE-PSK-ARIA256-GCM-SHA384        DHEPSK     ARIAGCM     256      TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384               not a/v
 xc06f   RSA-PSK-ARIA256-GCM-SHA384        RSAPSK     ARIAGCM     256      TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384               not a/v
 xc071   -                                 ECDHEPSK   ARIA        256      TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384             not a/v
 xc07b   -                                 RSA        CamelliaGCM 256      TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384               not a/v
 xc07d   -                                 DH         CamelliaGCM 256      TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384           not a/v
 xc07f   -                                 DH/RSA     CamelliaGCM 256      TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384            not a/v
 xc081   -                                 DH         CamelliaGCM 256      TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384           not a/v
 xc083   -                                 DH/DSS     CamelliaGCM 256      TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384            not a/v
 xc085   -                                 DH         CamelliaGCM 256      TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384           not a/v
 xc087   -                                 ECDH       CamelliaGCM 256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384       not a/v
 xc089   -                                 ECDH/ECDSA CamelliaGCM 256      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384        not a/v
 xc08b   -                                 ECDH       CamelliaGCM 256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384         not a/v
 xc08d   -                                 ECDH/RSA   CamelliaGCM 256      TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384          not a/v
 xc08f   -                                 PSK        CamelliaGCM 256      TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384               not a/v
 xc091   -                                 DHEPSK     CamelliaGCM 256      TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384           not a/v
 xc093   -                                 RSAPSK     CamelliaGCM 256      TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384           not a/v
 x80     GOST94-GOST89-GOST89              GOST       GOST        256      TLS_GOSTR341094_WITH_28147_CNT_IMIT                not a/v
 x81     GOST2001-GOST89-GOST89            GOST       GOST        256      TLS_GOSTR341001_WITH_28147_CNT_IMIT                not a/v
 xff00   GOST-MD5                          RSA        GOST        256      TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5             not a/v
 xff01   GOST-GOST94                       RSA        GOST        256      TLS_RSA_WITH_28147_CNT_GOST94                      not a/v
 xff02   GOST-GOST89MAC                    RSA        GOST        256                                                         not a/v
 xff03   GOST-GOST89STREAM                 RSA        GOST        256                                                         not a/v
 xff85   GOST2012256-GOST89-GOST89         GOST       GOST        256                                                         not a/v
 x16b7   -                                 CECPQ1     ChaCha20    256      TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256       not a/v
 x16b8   -                                 CECPQ1     ChaCha20    256      TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256     not a/v
 x16b9   -                                 CECPQ1     AESGCM      256      TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384             not a/v
 x16ba   -                                 CECPQ1     AESGCM      256      TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384           not a/v
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256                             available
 x1304   TLS_AES_128_CCM_SHA256            any        AESCCM      128      TLS_AES_128_CCM_SHA256                             not a/v
 x1305   TLS_AES_128_CCM_8_SHA256          any        AESCCM8     128      TLS_AES_128_CCM_8_SHA256                           not a/v
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              available
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH       AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            not a/v
 xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256              available
 xc023   ECDHE-ECDSA-AES128-SHA256         ECDH       AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256            not a/v
 xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 available
 xc009   ECDHE-ECDSA-AES128-SHA            ECDH       AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA               not a/v
 xc01f   SRP-DSS-AES-128-CBC-SHA           SRP        AES         128      TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA               not a/v
 xc01e   SRP-RSA-AES-128-CBC-SHA           SRP        AES         128      TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA               not a/v
 xc01d   SRP-AES-128-CBC-SHA               SRP        AES         128      TLS_SRP_SHA_WITH_AES_128_CBC_SHA                   not a/v
 xa4     DH-DSS-AES128-GCM-SHA256          DH/DSS     AESGCM      128      TLS_DH_DSS_WITH_AES_128_GCM_SHA256                 not a/v
 xa2     DHE-DSS-AES128-GCM-SHA256         DH         AESGCM      128      TLS_DHE_DSS_WITH_AES_128_GCM_SHA256                not a/v
 xa0     DH-RSA-AES128-GCM-SHA256          DH/RSA     AESGCM      128      TLS_DH_RSA_WITH_AES_128_GCM_SHA256                 not a/v
 x9e     DHE-RSA-AES128-GCM-SHA256         DH 2048    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                available
 xc0ae   ECDHE-ECDSA-AES128-CCM8           ECDH       AESCCM8     128      TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8                 not a/v
 xc0ac   ECDHE-ECDSA-AES128-CCM            ECDH       AESCCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_CCM                   not a/v
 xc0a2   DHE-RSA-AES128-CCM8               DH 2048    AESCCM8     128      TLS_DHE_RSA_WITH_AES_128_CCM_8                     available
 xc09e   DHE-RSA-AES128-CCM                DH 2048    AESCCM      128      TLS_DHE_RSA_WITH_AES_128_CCM                       available
 xac     RSA-PSK-AES128-GCM-SHA256         RSAPSK     AESGCM      128      TLS_RSA_PSK_WITH_AES_128_GCM_SHA256                not a/v
 xaa     DHE-PSK-AES128-GCM-SHA256         DHEPSK     AESGCM      128      TLS_DHE_PSK_WITH_AES_128_GCM_SHA256                not a/v
 xc0aa   DHE-PSK-AES128-CCM8               DHEPSK     AESCCM8     128      TLS_PSK_DHE_WITH_AES_128_CCM_8                     not a/v
 xc0a6   DHE-PSK-AES128-CCM                DHEPSK     AESCCM      128      TLS_DHE_PSK_WITH_AES_128_CCM                       not a/v
 xc0a0   AES128-CCM8                       RSA        AESCCM8     128      TLS_RSA_WITH_AES_128_CCM_8                         available
 xc09c   AES128-CCM                        RSA        AESCCM      128      TLS_RSA_WITH_AES_128_CCM                           available
 xa8     PSK-AES128-GCM-SHA256             PSK        AESGCM      128      TLS_PSK_WITH_AES_128_GCM_SHA256                    not a/v
 xc0a8   PSK-AES128-CCM8                   PSK        AESCCM8     128      TLS_PSK_WITH_AES_128_CCM_8                         not a/v
 xc0a4   PSK-AES128-CCM                    PSK        AESCCM      128      TLS_PSK_WITH_AES_128_CCM                           not a/v
 x67     DHE-RSA-AES128-SHA256             DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256                available
 x40     DHE-DSS-AES128-SHA256             DH         AES         128      TLS_DHE_DSS_WITH_AES_128_CBC_SHA256                not a/v
 x3f     DH-RSA-AES128-SHA256              DH/RSA     AES         128      TLS_DH_RSA_WITH_AES_128_CBC_SHA256                 not a/v
 x3e     DH-DSS-AES128-SHA256              DH/DSS     AES         128      TLS_DH_DSS_WITH_AES_128_CBC_SHA256                 not a/v
 x33     DHE-RSA-AES128-SHA                DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   available
 x32     DHE-DSS-AES128-SHA                DH         AES         128      TLS_DHE_DSS_WITH_AES_128_CBC_SHA                   not a/v
 x31     DH-RSA-AES128-SHA                 DH/RSA     AES         128      TLS_DH_RSA_WITH_AES_128_CBC_SHA                    not a/v
 x30     DH-DSS-AES128-SHA                 DH/DSS     AES         128      TLS_DH_DSS_WITH_AES_128_CBC_SHA                    not a/v
 xc076   ECDHE-RSA-CAMELLIA128-SHA256      ECDH 256   Camellia    128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256         available
 xc072   ECDHE-ECDSA-CAMELLIA128-SHA256    ECDH       Camellia    128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256       not a/v
 xbe     DHE-RSA-CAMELLIA128-SHA256        DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256           available
 xbd     DHE-DSS-CAMELLIA128-SHA256        DH         Camellia    128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256           not a/v
 xbc     DH-RSA-CAMELLIA128-SHA256         DH/RSA     Camellia    128      TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256            not a/v
 xbb     DH-DSS-CAMELLIA128-SHA256         DH/DSS     Camellia    128      TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256            not a/v
 x9a     DHE-RSA-SEED-SHA                  DH         SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA                      not a/v
 x99     DHE-DSS-SEED-SHA                  DH         SEED        128      TLS_DHE_DSS_WITH_SEED_CBC_SHA                      not a/v
 x98     DH-RSA-SEED-SHA                   DH/RSA     SEED        128      TLS_DH_RSA_WITH_SEED_CBC_SHA                       not a/v
 x97     DH-DSS-SEED-SHA                   DH/DSS     SEED        128      TLS_DH_DSS_WITH_SEED_CBC_SHA                       not a/v
 x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              available
 x44     DHE-DSS-CAMELLIA128-SHA           DH         Camellia    128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA              not a/v
 x43     DH-RSA-CAMELLIA128-SHA            DH/RSA     Camellia    128      TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA               not a/v
 x42     DH-DSS-CAMELLIA128-SHA            DH/DSS     Camellia    128      TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA               not a/v
 xc018   AECDH-AES128-SHA                  ECDH       AES         128      TLS_ECDH_anon_WITH_AES_128_CBC_SHA                 not a/v
 xa6     ADH-AES128-GCM-SHA256             DH         AESGCM      128      TLS_DH_anon_WITH_AES_128_GCM_SHA256                not a/v
 x6c     ADH-AES128-SHA256                 DH         AES         128      TLS_DH_anon_WITH_AES_128_CBC_SHA256                not a/v
 x34     ADH-AES128-SHA                    DH         AES         128      TLS_DH_anon_WITH_AES_128_CBC_SHA                   not a/v
 xbf     ADH-CAMELLIA128-SHA256            DH         Camellia    128      TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256           not a/v
 x9b     ADH-SEED-SHA                      DH         SEED        128      TLS_DH_anon_WITH_SEED_CBC_SHA                      not a/v
 x46     ADH-CAMELLIA128-SHA               DH         Camellia    128      TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA              not a/v
 xc031   ECDH-RSA-AES128-GCM-SHA256        ECDH/RSA   AESGCM      128      TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256               not a/v
 xc02d   ECDH-ECDSA-AES128-GCM-SHA256      ECDH/ECDSA AESGCM      128      TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256             not a/v
 xc029   ECDH-RSA-AES128-SHA256            ECDH/RSA   AES         128      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256               not a/v
 xc025   ECDH-ECDSA-AES128-SHA256          ECDH/ECDSA AES         128      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256             not a/v
 xc00e   ECDH-RSA-AES128-SHA               ECDH/RSA   AES         128      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA                  not a/v
 xc004   ECDH-ECDSA-AES128-SHA             ECDH/ECDSA AES         128      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA                not a/v
 xc078   ECDH-RSA-CAMELLIA128-SHA256       ECDH/RSA   Camellia    128      TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256          not a/v
 xc074   ECDH-ECDSA-CAMELLIA128-SHA256     ECDH/ECDSA Camellia    128      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256        not a/v
 x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256                    available
 x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256                    available
 x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA                       available
 xba     CAMELLIA128-SHA256                RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256               available
 xc037   ECDHE-PSK-AES128-CBC-SHA256       ECDHEPSK   AES         128      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256              not a/v
 xc035   ECDHE-PSK-AES128-CBC-SHA          ECDHEPSK   AES         128      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA                 not a/v
 xb6     RSA-PSK-AES128-CBC-SHA256         RSAPSK     AES         128      TLS_RSA_PSK_WITH_AES_128_CBC_SHA256                not a/v
 xb2     DHE-PSK-AES128-CBC-SHA256         DHEPSK     AES         128      TLS_DHE_PSK_WITH_AES_128_CBC_SHA256                not a/v
 x90     DHE-PSK-AES128-CBC-SHA            DHEPSK     AES         128      TLS_DHE_PSK_WITH_AES_128_CBC_SHA                   not a/v
 x96     SEED-SHA                          RSA        SEED        128      TLS_RSA_WITH_SEED_CBC_SHA                          not a/v
 x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                  available
 xc09a   ECDHE-PSK-CAMELLIA128-SHA256      ECDHEPSK   Camellia    128      TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256         not a/v
 xc098   RSA-PSK-CAMELLIA128-SHA256        RSAPSK     Camellia    128      TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256           not a/v
 xc096   DHE-PSK-CAMELLIA128-SHA256        DHEPSK     Camellia    128      TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256           not a/v
 xae     PSK-AES128-CBC-SHA256             PSK        AES         128      TLS_PSK_WITH_AES_128_CBC_SHA256                    not a/v
 xc094   PSK-CAMELLIA128-SHA256            PSK        Camellia    128      TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256               not a/v
 x07     IDEA-CBC-SHA                      RSA        IDEA        128      TLS_RSA_WITH_IDEA_CBC_SHA                          not a/v
 x050080 IDEA-CBC-MD5                      RSA        IDEA        128      SSL_CK_IDEA_128_CBC_WITH_MD5                       not a/v
 x030080 RC2-CBC-MD5                       RSA        RC2         128      SSL_CK_RC2_128_CBC_WITH_MD5                        not a/v
 x94     RSA-PSK-AES128-CBC-SHA            RSAPSK     AES         128      TLS_RSA_PSK_WITH_AES_128_CBC_SHA                   not a/v
 x8c     PSK-AES128-CBC-SHA                PSK        AES         128      TLS_PSK_WITH_AES_128_CBC_SHA                       not a/v
 x21     KRB5-IDEA-CBC-SHA                 KRB5       IDEA        128      TLS_KRB5_WITH_IDEA_CBC_SHA                         not a/v
 x25     KRB5-IDEA-CBC-MD5                 KRB5       IDEA        128      TLS_KRB5_WITH_IDEA_CBC_MD5                         not a/v
 xc03c   ARIA128-CBC-SHA256                RSA        ARIA        128      TLS_RSA_WITH_ARIA_128_CBC_SHA256                   not a/v
 xc03e   -                                 DH/DSS     ARIA        128      TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256                not a/v
 xc040   -                                 DH/RSA     ARIA        128      TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256                not a/v
 xc042   DHE-DSS-ARIA128-CBC-SHA256        DH         ARIA        128      TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256               not a/v
 xc044   DHE-RSA-ARIA128-CBC-SHA256        DH         ARIA        128      TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256               not a/v
 xc046   DH-anon-ARIA128-CBC-SHA256        DH         ARIA        128      TLS_DH_anon_WITH_ARIA_128_CBC_SHA256               not a/v
 xc048   ECDHE-ECDSA-ARIA128-CBC-SHA256    ECDH       ARIA        128      TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256           not a/v
 xc04a   -                                 ECDH/ECDSA ARIA        128      TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256            not a/v
 xc04c   ECDHE-RSA-ARIA128-CBC-SHA256      ECDH       ARIA        128      TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256             not a/v
 xc04e   -                                 ECDH/RSA   ARIA        128      TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256              not a/v
 xc050   ARIA128-GCM-SHA256                RSA        ARIAGCM     128      TLS_RSA_WITH_ARIA_128_GCM_SHA256                   available
 xc052   DHE-RSA-ARIA128-GCM-SHA256        DH 2048    ARIAGCM     128      TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256               available
 xc054   DH-RSA-ARIA128-GCM-SHA256         DH/RSA     ARIAGCM     128      TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256                not a/v
 xc056   DHE-DSS-ARIA128-GCM-SHA256        DH         ARIAGCM     128      TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256               not a/v
 xc058   DH-DSS-ARIA128-GCM-SHA256         DH/DSS     ARIAGCM     128      TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256                not a/v
 xc05a   ADH-ARIA128-GCM-SHA256            DH         ARIAGCM     128      TLS_DH_anon_WITH_ARIA_128_GCM_SHA256               not a/v
 xc05c   ECDHE-ECDSA-ARIA128-GCM-SHA256    ECDH       ARIAGCM     128      TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256           not a/v
 xc05e   ECDH-ECDSA-ARIA128-GCM-SHA256     ECDH/ECDSA ARIAGCM     128      TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256            not a/v
 xc060   ECDHE-ARIA128-GCM-SHA256          ECDH 253   ARIAGCM     128      TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256             available
 xc062   ECDH-ARIA128-GCM-SHA256           ECDH/RSA   ARIAGCM     128      TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256              not a/v
 xc064   -                                 PSK        ARIA        128      TLS_PSK_WITH_ARIA_128_CBC_SHA256                   not a/v
 xc066   -                                 DHEPSK     ARIA        128      TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256               not a/v
 xc068   -                                 RSAPSK     ARIA        128      TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256               not a/v
 xc06a   PSK-ARIA128-GCM-SHA256            PSK        ARIAGCM     128      TLS_PSK_WITH_ARIA_128_GCM_SHA256                   not a/v
 xc06c   DHE-PSK-ARIA128-GCM-SHA256        DHEPSK     ARIAGCM     128      TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256               not a/v
 xc06e   RSA-PSK-ARIA128-GCM-SHA256        RSAPSK     ARIAGCM     128      TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256               not a/v
 xc070   -                                 ECDHEPSK   ARIA        128      TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256             not a/v
 xc07a   -                                 RSA        CamelliaGCM 128      TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256               not a/v
 xc07c   -                                 DH         CamelliaGCM 128      TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256           not a/v
 xc07e   -                                 DH/RSA     CamelliaGCM 128      TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256            not a/v
 xc080   -                                 DH         CamelliaGCM 128      TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256           not a/v
 xc082   -                                 DH/DSS     CamelliaGCM 128      TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256            not a/v
 xc084   -                                 DH         CamelliaGCM 128      TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256           not a/v
 xc086   -                                 ECDH       CamelliaGCM 128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256       not a/v
 xc088   -                                 ECDH/ECDSA CamelliaGCM 128      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256        not a/v
 xc08a   -                                 ECDH       CamelliaGCM 128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256         not a/v
 xc08c   -                                 ECDH/RSA   CamelliaGCM 128      TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256          not a/v
 xc08e   -                                 PSK        CamelliaGCM 128      TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256               not a/v
 xc090   -                                 DHEPSK     CamelliaGCM 128      TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256           not a/v
 xc092   -                                 RSAPSK     CamelliaGCM 128      TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256           not a/v
 xc011   ECDHE-RSA-RC4-SHA                 ECDH       RC4         128      TLS_ECDHE_RSA_WITH_RC4_128_SHA                     not a/v
 xc007   ECDHE-ECDSA-RC4-SHA               ECDH       RC4         128      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA                   not a/v
 x66     DHE-DSS-RC4-SHA                   DH         RC4         128      TLS_DHE_DSS_WITH_RC4_128_SHA                       not a/v
 xc016   AECDH-RC4-SHA                     ECDH       RC4         128      TLS_ECDH_anon_WITH_RC4_128_SHA                     not a/v
 x18     ADH-RC4-MD5                       DH         RC4         128      TLS_DH_anon_WITH_RC4_128_MD5                       not a/v
 xc00c   ECDH-RSA-RC4-SHA                  ECDH/RSA   RC4         128      TLS_ECDH_RSA_WITH_RC4_128_SHA                      not a/v
 xc002   ECDH-ECDSA-RC4-SHA                ECDH/ECDSA RC4         128      TLS_ECDH_ECDSA_WITH_RC4_128_SHA                    not a/v
 x05     RC4-SHA                           RSA        RC4         128      TLS_RSA_WITH_RC4_128_SHA                           not a/v
 x04     RC4-MD5                           RSA        RC4         128      TLS_RSA_WITH_RC4_128_MD5                           not a/v
 x010080 RC4-MD5                           RSA        RC4         128      SSL_CK_RC4_128_WITH_MD5                            not a/v
 x92     RSA-PSK-RC4-SHA                   RSAPSK     RC4         128      TLS_RSA_PSK_WITH_RC4_128_SHA                       not a/v
 x8a     PSK-RC4-SHA                       PSK        RC4         128      TLS_PSK_WITH_RC4_128_SHA                           not a/v
 x20     KRB5-RC4-SHA                      KRB5       RC4         128      TLS_KRB5_WITH_RC4_128_SHA                          not a/v
 x24     KRB5-RC4-MD5                      KRB5       RC4         128      TLS_KRB5_WITH_RC4_128_MD5                          not a/v
 xc033   ECDHE-PSK-RC4-SHA                 ECDHEPSK   RC4         128      TLS_ECDHE_PSK_WITH_RC4_128_SHA                     not a/v
 x8e     DHE-PSK-RC4-SHA                   DHEPSK     RC4         128      TLS_DHE_PSK_WITH_RC4_128_SHA                       not a/v
 xc012   ECDHE-RSA-DES-CBC3-SHA            ECDH       3DES        168      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA                not a/v
 xc008   ECDHE-ECDSA-DES-CBC3-SHA          ECDH       3DES        168      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA              not a/v
 xc01c   SRP-DSS-3DES-EDE-CBC-SHA          SRP        3DES        168      TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA              not a/v
 xc01b   SRP-RSA-3DES-EDE-CBC-SHA          SRP        3DES        168      TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA              not a/v
 xc01a   SRP-3DES-EDE-CBC-SHA              SRP        3DES        168      TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA                  not a/v
 x16     EDH-RSA-DES-CBC3-SHA              DH         3DES        168      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA                  not a/v
 x13     EDH-DSS-DES-CBC3-SHA              DH         3DES        168      TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA                  not a/v
 x10     DH-RSA-DES-CBC3-SHA               DH/RSA     3DES        168      TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA                   not a/v
 x0d     DH-DSS-DES-CBC3-SHA               DH/DSS     3DES        168      TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA                   not a/v
 xc017   AECDH-DES-CBC3-SHA                ECDH       3DES        168      TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA                not a/v
 x1b     ADH-DES-CBC3-SHA                  DH         3DES        168      TLS_DH_anon_WITH_3DES_EDE_CBC_SHA                  not a/v
 xc00d   ECDH-RSA-DES-CBC3-SHA             ECDH/RSA   3DES        168      TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA                 not a/v
 xc003   ECDH-ECDSA-DES-CBC3-SHA           ECDH/ECDSA 3DES        168      TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA               not a/v
 x0a     DES-CBC3-SHA                      RSA        3DES        168      TLS_RSA_WITH_3DES_EDE_CBC_SHA                      not a/v
 x0700c0 DES-CBC3-MD5                      RSA        3DES        168      SSL_CK_DES_192_EDE3_CBC_WITH_MD5                   not a/v
 x93     RSA-PSK-3DES-EDE-CBC-SHA          RSAPSK     3DES        168      TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA                  not a/v
 x8b     PSK-3DES-EDE-CBC-SHA              PSK        3DES        168      TLS_PSK_WITH_3DES_EDE_CBC_SHA                      not a/v
 x1f     KRB5-DES-CBC3-SHA                 KRB5       3DES        168      TLS_KRB5_WITH_3DES_EDE_CBC_SHA                     not a/v
 x23     KRB5-DES-CBC3-MD5                 KRB5       3DES        168      TLS_KRB5_WITH_3DES_EDE_CBC_MD5                     not a/v
 xc034   ECDHE-PSK-3DES-EDE-CBC-SHA        ECDHEPSK   3DES        168      TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA                not a/v
 x8f     DHE-PSK-3DES-EDE-CBC-SHA          DHEPSK     3DES        168      TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA                  not a/v
 xfeff   -                                 RSA        3DES        168      SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA                 not a/v
 xffe0   -                                 RSA        3DES        168      SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA                 not a/v
 x080080 RC4-64-MD5                        RSA        RC4         64       SSL_CK_RC4_64_WITH_MD5                             not a/v
 x63     EXP1024-DHE-DSS-DES-CBC-SHA       DH(1024)   DES         56,exp   TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA            not a/v
 x15     EDH-RSA-DES-CBC-SHA               DH         DES         56       TLS_DHE_RSA_WITH_DES_CBC_SHA                       not a/v
 x12     EDH-DSS-DES-CBC-SHA               DH         DES         56       TLS_DHE_DSS_WITH_DES_CBC_SHA                       not a/v
 x0f     DH-RSA-DES-CBC-SHA                DH/RSA     DES         56       TLS_DH_RSA_WITH_DES_CBC_SHA                        not a/v
 x0c     DH-DSS-DES-CBC-SHA                DH/DSS     DES         56       TLS_DH_DSS_WITH_DES_CBC_SHA                        not a/v
 x1a     ADH-DES-CBC-SHA                   DH         DES         56       TLS_DH_anon_WITH_DES_CBC_SHA                       not a/v
 x62     EXP1024-DES-CBC-SHA               RSA(1024)  DES         56,exp   TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA                not a/v
 x09     DES-CBC-SHA                       RSA        DES         56       TLS_RSA_WITH_DES_CBC_SHA                           not a/v
 x61     EXP1024-RC2-CBC-MD5               RSA(1024)  RC2         56,exp   TLS_RSA_EXPORT1024_WITH_RC2_56_MD5                 not a/v
 x060040 DES-CBC-MD5                       RSA        DES         56       SSL_CK_DES_64_CBC_WITH_MD5                         not a/v
 x1e     KRB5-DES-CBC-SHA                  KRB5       DES         56       TLS_KRB5_WITH_DES_CBC_SHA                          not a/v
 x22     KRB5-DES-CBC-MD5                  KRB5       DES         56       TLS_KRB5_WITH_DES_CBC_MD5                          not a/v
 xfefe   -                                 RSA        DES         56       SSL_RSA_FIPS_WITH_DES_CBC_SHA                      not a/v
 xffe1   -                                 RSA        DES         56       SSL_RSA_FIPS_WITH_DES_CBC_SHA                      not a/v
 x65     EXP1024-DHE-DSS-RC4-SHA           DH(1024)   RC4         56,exp   TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA             not a/v
 x64     EXP1024-RC4-SHA                   RSA(1024)  RC4         56,exp   TLS_RSA_EXPORT1024_WITH_RC4_56_SHA                 not a/v
 x60     EXP1024-RC4-MD5                   RSA(1024)  RC4         56,exp   TLS_RSA_EXPORT1024_WITH_RC4_56_MD5                 not a/v
 x14     EXP-EDH-RSA-DES-CBC-SHA           DH(512)    DES         40,exp   TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA              not a/v
 x11     EXP-EDH-DSS-DES-CBC-SHA           DH(512)    DES         40,exp   TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA              not a/v
 x19     EXP-ADH-DES-CBC-SHA               DH(512)    DES         40,exp   TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA              not a/v
 x08     EXP-DES-CBC-SHA                   RSA(512)   DES         40,exp   TLS_RSA_EXPORT_WITH_DES40_CBC_SHA                  not a/v
 x06     EXP-RC2-CBC-MD5                   RSA(512)   RC2         40,exp   TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5                 not a/v
 x040080 EXP-RC2-CBC-MD5                   RSA(512)   RC2         40,exp   SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5               not a/v
 x27     EXP-KRB5-RC2-CBC-SHA              KRB5       RC2         40,exp   TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA                not a/v
 x26     EXP-KRB5-DES-CBC-SHA              KRB5       DES         40,exp   TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA                not a/v
 x2a     EXP-KRB5-RC2-CBC-MD5              KRB5       RC2         40,exp   TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5                not a/v
 x29     EXP-KRB5-DES-CBC-MD5              KRB5       DES         40,exp   TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5                not a/v
 x0b     EXP-DH-DSS-DES-CBC-SHA            DH/DSS     DES         40,exp   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA               not a/v
 x0e     EXP-DH-RSA-DES-CBC-SHA            DH/RSA     DES         40,exp   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA               not a/v
 x17     EXP-ADH-RC4-MD5                   DH(512)    RC4         40,exp   TLS_DH_anon_EXPORT_WITH_RC4_40_MD5                 not a/v
 x03     EXP-RC4-MD5                       RSA(512)   RC4         40,exp   TLS_RSA_EXPORT_WITH_RC4_40_MD5                     not a/v
 x020080 EXP-RC4-MD5                       RSA(512)   RC4         40,exp   SSL_CK_RC4_128_EXPORT40_WITH_MD5                   not a/v
 x28     EXP-KRB5-RC4-SHA                  KRB5       RC4         40,exp   TLS_KRB5_EXPORT_WITH_RC4_40_SHA                    not a/v
 x2b     EXP-KRB5-RC4-MD5                  KRB5       RC4         40,exp   TLS_KRB5_EXPORT_WITH_RC4_40_MD5                    not a/v
 xc010   ECDHE-RSA-NULL-SHA                ECDH       None        None     TLS_ECDHE_RSA_WITH_NULL_SHA                        not a/v
 xc006   ECDHE-ECDSA-NULL-SHA              ECDH       None        None     TLS_ECDHE_ECDSA_WITH_NULL_SHA                      not a/v
 xc015   AECDH-NULL-SHA                    ECDH       None        None     TLS_ECDH_anon_WITH_NULL_SHA                        not a/v
 xc00b   ECDH-RSA-NULL-SHA                 ECDH/RSA   None        None     TLS_ECDH_RSA_WITH_NULL_SHA                         not a/v
 xc001   ECDH-ECDSA-NULL-SHA               ECDH/ECDSA None        None     TLS_ECDH_ECDSA_WITH_NULL_SHA                       not a/v
 xc03b   ECDHE-PSK-NULL-SHA384             ECDHEPSK   None        None     TLS_ECDHE_PSK_WITH_NULL_SHA384                     not a/v
 xc03a   ECDHE-PSK-NULL-SHA256             ECDHEPSK   None        None     TLS_ECDHE_PSK_WITH_NULL_SHA256                     not a/v
 xc039   ECDHE-PSK-NULL-SHA                ECDHEPSK   None        None     TLS_ECDHE_PSK_WITH_NULL_SHA                        not a/v
 xb9     RSA-PSK-NULL-SHA384               RSAPSK     None        None     TLS_RSA_PSK_WITH_NULL_SHA384                       not a/v
 xb8     RSA-PSK-NULL-SHA256               RSAPSK     None        None     TLS_RSA_PSK_WITH_NULL_SHA256                       not a/v
 xb5     DHE-PSK-NULL-SHA384               DHEPSK     None        None     TLS_DHE_PSK_WITH_NULL_SHA384                       not a/v
 xb4     DHE-PSK-NULL-SHA256               DHEPSK     None        None     TLS_DHE_PSK_WITH_NULL_SHA256                       not a/v
 x2e     RSA-PSK-NULL-SHA                  RSAPSK     None        None     TLS_RSA_PSK_WITH_NULL_SHA                          not a/v
 x2d     DHE-PSK-NULL-SHA                  DHEPSK     None        None     TLS_DHE_PSK_WITH_NULL_SHA                          not a/v
 xb1     PSK-NULL-SHA384                   PSK        None        None     TLS_PSK_WITH_NULL_SHA384                           not a/v
 xb0     PSK-NULL-SHA256                   PSK        None        None     TLS_PSK_WITH_NULL_SHA256                           not a/v
 x2c     PSK-NULL-SHA                      PSK        None        None     TLS_PSK_WITH_NULL_SHA                              not a/v
 x3b     NULL-SHA256                       RSA        None        None     TLS_RSA_WITH_NULL_SHA256                           not a/v
 x02     NULL-SHA                          RSA        None        None     TLS_RSA_WITH_NULL_SHA                              not a/v
 x01     NULL-MD5                          RSA        None        None     TLS_RSA_WITH_NULL_MD5                              not a/v
 x82     GOST94-NULL-GOST94                GOST       None        None     TLS_GOSTR341094_WITH_NULL_GOSTR3411                not a/v
 x83     GOST2001-NULL-GOST94              GOST       None        None     TLS_GOSTR341001_WITH_NULL_GOSTR3411                not a/v
 xff87   GOST2012256-NULL-STREEBOG256      GOST       None        None                                                        not a/v


 Running client simulations via sockets 

 Browser                      Protocol  Cipher Suite Name (OpenSSL)       Forward Secrecy
------------------------------------------------------------------------------------------------
 Java 6u45                    No connection
 Java 7u25                    TLSv1.0   ECDHE-RSA-AES128-SHA              256 bit ECDH (P-256)
 Java 8u161                   TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Java 9.0.4                   TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 OpenSSL 1.0.1l               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 OpenSSL 1.0.2e               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)

 Done 2018-09-18 07:58:13 [ 147s] --\>\> 159.89.187.50:25 (www6.checktls.com) \<\<--

TestReceiverFull

These additional input fields are documented in the expandable Instruction/Info section at the top of the TestReceiver screen. See the expandable section titled FULL Version at the bottom of the Instruction/Info.

Custom/Private Systems
TestReceiverFull targets the TestReceiver test to non-standard email systems, to specific portions of an email system, or to private email systems. Testing custom/private email systems requires them to be reachable from the Internet, but TestReceiverFull can target non-standard SMTP ports (i.e. other than port 25) and/or it can authenticate into private systems. The tests run by TestReceiverFull and the report options and output are the same as with TestReceiver.

Individual MX Hosts
It allows controlled testing of individual MX servers. It can target a specific MX server but feed it the regular domain address, for example testing mx3.mydomain.com with an email addressed to myname@mydomain.com. This can uncover problems masked by the fall-back and redundancy built into many email systems.

Wild-Cards, Protocols, Ciphers, Authorities
Full Version allows control of how server names are matched on wild-card certificates, which SSL protocols and ciphers are allowed, and what Certificate Authorities are acceptable signors of the server's certificate. These options allow very detailed testing of email receivers.

Client Certificates
Full also can send a client certificate to servers that request or require it.

Direct TLS
The option "Direct TLS" under Full can test services that do not need a STARTTLS. TestReceiver will connect and immediately negotiate an SSL session.

For example, "Direct TLS" and a short "SMTP Timeput" can be used to test a web server. Put the server address in MX Host, 443 in MX Port, check Direct TLS, and put 3 in the SMTP Timeout.

Compel TLS
The option "Compel TLS" under Full is used to try to force an email server that does not offer TLS to use it anyway.