SSL Server Test: api.faqswiss.cn (Powered by Qualys SSL Labs)

SSL Report: api.faqswiss.cn (54.153.114.62)

Assessed on: Tue, 17 Jun 2025 07:24:41 UTC | Clear cache

Due to a recently discovered bug in Apple's code, your browser is exposed to MITM attacks. Click here for more information.

Summary

Overall Rating

A-

100

Certificate

Protocol Support

Key Exchange

Cipher Strength

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.

This server does not support TLS 1.3. MORE INFO »

This site works only in browsers with SNI support.

HTTP Strict Transport Security (HSTS) with long duration deployed on this server. MORE INFO »

Certificate #1: RSA 2048 bits (SHA256withRSA)

Server Key and Certificate #1
Subject	api.faqswiss.cn Fingerprint SHA256: aa2426cdd6ecc04c1c365cd29c172b6f83dd7b965fd100a819e5a99c3f9a5cd1 Pin SHA256: wfG6Uy30ldEu6SR8PBzFmPlW3pGWbW1qLWPMSruOKaU=
Common names	api.faqswiss.cn
Alternative names	api.faqswiss.cn www.api.faqswiss.cn
Serial Number	0c7cec238ec40c15f8589ec1b24293f1
Valid from	Tue, 17 Jun 2025 00:00:00 UTC
Valid until	Tue, 16 Jun 2026 23:59:59 UTC (expires in 11 months and 30 days)
Key	RSA 2048 bits (e 65537)
Weak key (Debian)	No
Issuer	Encryption Everywhere DV TLS CA - G2 AIA: http://cacerts.digicert.com/EncryptionEverywhereDVTLSCA-G2.crt
Signature algorithm	SHA256withRSA
Extended Validation	No
Certificate Transparency	Yes (certificate)
OCSP Must Staple	No
Revocation information	OCSP OCSP: http://ocsp.digicert.com
Revocation status	Good (not revoked)
DNS CAA	No (more info)
Trusted	Yes Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (2746 bytes)
Chain issues	None
#2
Subject	Encryption Everywhere DV TLS CA - G2 Fingerprint SHA256: b1ac8cfb181b9c9354e1775fcbdfcfe7898c5cc9a17d76315b57c112eee55234 Pin SHA256: gxeKFFaZ2HFJIsTdTjEl6nVo3ckTCX+qzRMqb9Xoa1w=
Valid until	Sat, 27 Nov 2027 12:46:40 UTC (expires in 2 years and 5 months)
Key	RSA 2048 bits (e 65537)
Issuer	DigiCert Global Root G2
Signature algorithm	SHA256withRSA

Certification Paths


Path #1: Trusted
1	Sent by server	api.faqswiss.cn Fingerprint SHA256: aa2426cdd6ecc04c1c365cd29c172b6f83dd7b965fd100a819e5a99c3f9a5cd1 Pin SHA256: wfG6Uy30ldEu6SR8PBzFmPlW3pGWbW1qLWPMSruOKaU= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Encryption Everywhere DV TLS CA - G2 Fingerprint SHA256: b1ac8cfb181b9c9354e1775fcbdfcfe7898c5cc9a17d76315b57c112eee55234 Pin SHA256: gxeKFFaZ2HFJIsTdTjEl6nVo3ckTCX+qzRMqb9Xoa1w= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	api.faqswiss.cn Fingerprint SHA256: aa2426cdd6ecc04c1c365cd29c172b6f83dd7b965fd100a819e5a99c3f9a5cd1 Pin SHA256: wfG6Uy30ldEu6SR8PBzFmPlW3pGWbW1qLWPMSruOKaU= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Encryption Everywhere DV TLS CA - G2 Fingerprint SHA256: b1ac8cfb181b9c9354e1775fcbdfcfe7898c5cc9a17d76315b57c112eee55234 Pin SHA256: gxeKFFaZ2HFJIsTdTjEl6nVo3ckTCX+qzRMqb9Xoa1w= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	api.faqswiss.cn Fingerprint SHA256: aa2426cdd6ecc04c1c365cd29c172b6f83dd7b965fd100a819e5a99c3f9a5cd1 Pin SHA256: wfG6Uy30ldEu6SR8PBzFmPlW3pGWbW1qLWPMSruOKaU= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Encryption Everywhere DV TLS CA - G2 Fingerprint SHA256: b1ac8cfb181b9c9354e1775fcbdfcfe7898c5cc9a17d76315b57c112eee55234 Pin SHA256: gxeKFFaZ2HFJIsTdTjEl6nVo3ckTCX+qzRMqb9Xoa1w= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	api.faqswiss.cn Fingerprint SHA256: aa2426cdd6ecc04c1c365cd29c172b6f83dd7b965fd100a819e5a99c3f9a5cd1 Pin SHA256: wfG6Uy30ldEu6SR8PBzFmPlW3pGWbW1qLWPMSruOKaU= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Encryption Everywhere DV TLS CA - G2 Fingerprint SHA256: b1ac8cfb181b9c9354e1775fcbdfcfe7898c5cc9a17d76315b57c112eee55234 Pin SHA256: gxeKFFaZ2HFJIsTdTjEl6nVo3ckTCX+qzRMqb9Xoa1w= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	api.faqswiss.cn Fingerprint SHA256: aa2426cdd6ecc04c1c365cd29c172b6f83dd7b965fd100a819e5a99c3f9a5cd1 Pin SHA256: wfG6Uy30ldEu6SR8PBzFmPlW3pGWbW1qLWPMSruOKaU= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Encryption Everywhere DV TLS CA - G2 Fingerprint SHA256: b1ac8cfb181b9c9354e1775fcbdfcfe7898c5cc9a17d76315b57c112eee55234 Pin SHA256: gxeKFFaZ2HFJIsTdTjEl6nVo3ckTCX+qzRMqb9Xoa1w= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA

Click here to expand

Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI

Server Key and Certificate #1
Subject	*.foreo.com Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797 Pin SHA256: 5KFWq8NZbcCg2WkMjiyZRshZqDqB6TxYC8IITqGQjb4=
Common names	*.foreo.com
Alternative names	.foreo.com foreo.com MISMATCH*
Serial Number	00dc341bb56f5bae4e4f25f96c06813f2b
Valid from	Wed, 23 Apr 2025 00:00:00 UTC
Valid until	Sun, 24 May 2026 23:59:59 UTC (expires in 11 months and 7 days)
Key	RSA 2048 bits (e 65537)
Weak key (Debian)	No
Issuer	Sectigo RSA Domain Validation Secure Server CA AIA: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
Signature algorithm	SHA256withRSA
Extended Validation	No
Certificate Transparency	Yes (certificate)
OCSP Must Staple	No
Revocation information	OCSP OCSP: http://ocsp.sectigo.com
Revocation status	Good (not revoked)
Trusted	No NOT TRUSTED Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (3142 bytes)
Chain issues	None
#2
Subject	Sectigo RSA Domain Validation Secure Server CA Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=
Valid until	Tue, 31 Dec 2030 23:59:59 UTC (expires in 5 years and 6 months)
Key	RSA 2048 bits (e 65537)
Issuer	USERTrust RSA Certification Authority
Signature algorithm	SHA384withRSA

Certification Paths


Path #1: Not trusted (invalid certificate [Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797])
1	Sent by server	*.foreo.com Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797 Pin SHA256: 5KFWq8NZbcCg2WkMjiyZRshZqDqB6TxYC8IITqGQjb4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Sectigo RSA Domain Validation Secure Server CA Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= RSA 2048 bits (e 65537) / SHA384withRSA
3	In trust store	USERTrust RSA Certification Authority Self-signed Fingerprint SHA256: e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2 Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= RSA 4096 bits (e 65537) / SHA384withRSA
Path #2: Not trusted (invalid certificate [Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797])
1	Sent by server	*.foreo.com Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797 Pin SHA256: 5KFWq8NZbcCg2WkMjiyZRshZqDqB6TxYC8IITqGQjb4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Sectigo RSA Domain Validation Secure Server CA Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= RSA 2048 bits (e 65537) / SHA384withRSA
3	Extra download	USERTrust RSA Certification Authority Fingerprint SHA256: 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= RSA 4096 bits (e 65537) / SHA384withRSA
4	In trust store	AAA Certificate Services Self-signed Fingerprint SHA256: d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4 Pin SHA256: vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= RSA 2048 bits (e 65537) / SHA1withRSA Weak or insecure signature, but no impact on root certificate
Path #1: Not trusted (invalid certificate [Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797])
1	Sent by server	*.foreo.com Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797 Pin SHA256: 5KFWq8NZbcCg2WkMjiyZRshZqDqB6TxYC8IITqGQjb4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Sectigo RSA Domain Validation Secure Server CA Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= RSA 2048 bits (e 65537) / SHA384withRSA
3	In trust store	USERTrust RSA Certification Authority Self-signed Fingerprint SHA256: e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2 Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= RSA 4096 bits (e 65537) / SHA384withRSA
Path #2: Not trusted (invalid certificate [Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797])
1	Sent by server	*.foreo.com Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797 Pin SHA256: 5KFWq8NZbcCg2WkMjiyZRshZqDqB6TxYC8IITqGQjb4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Sectigo RSA Domain Validation Secure Server CA Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= RSA 2048 bits (e 65537) / SHA384withRSA
3	Extra download	USERTrust RSA Certification Authority Fingerprint SHA256: 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= RSA 4096 bits (e 65537) / SHA384withRSA
4	In trust store	AAA Certificate Services Self-signed Fingerprint SHA256: d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4 Pin SHA256: vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= RSA 2048 bits (e 65537) / SHA1withRSA Weak or insecure signature, but no impact on root certificate
Path #1: Not trusted (invalid certificate [Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797])
1	Sent by server	*.foreo.com Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797 Pin SHA256: 5KFWq8NZbcCg2WkMjiyZRshZqDqB6TxYC8IITqGQjb4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Sectigo RSA Domain Validation Secure Server CA Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= RSA 2048 bits (e 65537) / SHA384withRSA
3	In trust store	USERTrust RSA Certification Authority Self-signed Fingerprint SHA256: e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2 Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= RSA 4096 bits (e 65537) / SHA384withRSA
Path #2: Not trusted (invalid certificate [Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797])
1	Sent by server	*.foreo.com Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797 Pin SHA256: 5KFWq8NZbcCg2WkMjiyZRshZqDqB6TxYC8IITqGQjb4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Sectigo RSA Domain Validation Secure Server CA Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= RSA 2048 bits (e 65537) / SHA384withRSA
3	Extra download	USERTrust RSA Certification Authority Fingerprint SHA256: 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= RSA 4096 bits (e 65537) / SHA384withRSA
4	In trust store	AAA Certificate Services Self-signed Fingerprint SHA256: d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4 Pin SHA256: vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= RSA 2048 bits (e 65537) / SHA1withRSA Weak or insecure signature, but no impact on root certificate
Path #1: Not trusted (invalid certificate [Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797])
1	Sent by server	*.foreo.com Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797 Pin SHA256: 5KFWq8NZbcCg2WkMjiyZRshZqDqB6TxYC8IITqGQjb4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Sectigo RSA Domain Validation Secure Server CA Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= RSA 2048 bits (e 65537) / SHA384withRSA
3	In trust store	USERTrust RSA Certification Authority Self-signed Fingerprint SHA256: e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2 Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= RSA 4096 bits (e 65537) / SHA384withRSA
Path #2: Not trusted (invalid certificate [Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797])
1	Sent by server	*.foreo.com Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797 Pin SHA256: 5KFWq8NZbcCg2WkMjiyZRshZqDqB6TxYC8IITqGQjb4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Sectigo RSA Domain Validation Secure Server CA Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= RSA 2048 bits (e 65537) / SHA384withRSA
3	Extra download	USERTrust RSA Certification Authority Fingerprint SHA256: 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= RSA 4096 bits (e 65537) / SHA384withRSA
4	In trust store	AAA Certificate Services Self-signed Fingerprint SHA256: d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4 Pin SHA256: vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= RSA 2048 bits (e 65537) / SHA1withRSA Weak or insecure signature, but no impact on root certificate
Path #1: Not trusted (invalid certificate [Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797])
1	Sent by server	*.foreo.com Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797 Pin SHA256: 5KFWq8NZbcCg2WkMjiyZRshZqDqB6TxYC8IITqGQjb4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Sectigo RSA Domain Validation Secure Server CA Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= RSA 2048 bits (e 65537) / SHA384withRSA
3	In trust store	USERTrust RSA Certification Authority Self-signed Fingerprint SHA256: e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2 Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= RSA 4096 bits (e 65537) / SHA384withRSA
Path #2: Not trusted (invalid certificate [Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797])
1	Sent by server	*.foreo.com Fingerprint SHA256: 760d3c5e4178617cd1ba693e1759b4594e0bf5776a930a09b2185a87d123b797 Pin SHA256: 5KFWq8NZbcCg2WkMjiyZRshZqDqB6TxYC8IITqGQjb4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	Sectigo RSA Domain Validation Secure Server CA Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676 Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= RSA 2048 bits (e 65537) / SHA384withRSA
3	Extra download	USERTrust RSA Certification Authority Fingerprint SHA256: 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= RSA 4096 bits (e 65537) / SHA384withRSA
4	In trust store	AAA Certificate Services Self-signed Fingerprint SHA256: d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4 Pin SHA256: vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= RSA 2048 bits (e 65537) / SHA1withRSA Weak or insecure signature, but no impact on root certificate

Click here to expand

Configuration

Protocols
TLS 1.3	No
TLS 1.2	Yes^*
TLS 1.1	No
TLS 1.0	No
SSL 3	No
SSL 2	No
(*) Experimental: Server negotiated using No-SNI

Cipher Suites
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (`0xc030`) ECDH secp256r1 (eq. 3072 bits RSA) FS	256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (`0xc02f`) ECDH secp256r1 (eq. 3072 bits RSA) FS	128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (`0xc028`) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK	256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (`0xc027`) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK	128

Handshake Simulation
Android 4.4.2	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Android 5.0.0	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 6.0	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 7.0	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Android 8.0	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Android 8.1	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Android 9.0	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
BingPreview Jan 2015	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Chrome 49 / XP SP3	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Chrome 69 / Win 7 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Chrome 70 / Win 10	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Chrome 80 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Firefox 31.3.0 ESR / Win 7	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 47 / Win 7 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 49 / XP SP3	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Firefox 62 / Win 7 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Firefox 73 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Googlebot Feb 2018	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
IE 11 / Win 7 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
IE 11 / Win 8.1 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
IE 11 / Win Phone 8.1 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH secp256r1 FS
IE 11 / Win Phone 8.1 Update R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
IE 11 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Edge 15 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Edge 16 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Edge 18 / Win 10 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Edge 13 / Win Phone 10 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Java 8u161	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Java 11.0.3	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Java 12.0.1	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 1.0.1l R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 1.0.2s R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 1.1.0k R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 1.1.1c R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 6 / iOS 6.0.1	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 7 / iOS 7.1 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 7 / OS X 10.9 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 8 / iOS 8.4 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 8 / OS X 10.10 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 9 / iOS 9 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 9 / OS X 10.11 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 10 / iOS 10 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 10 / OS X 10.12 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 12.1.2 / MacOS 10.14.6 Beta R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 12.1.1 / iOS 12.3.1 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Apple ATS 9 / iOS 9 R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Yahoo Slurp Jan 2015	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
YandexBot Jan 2015	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
# Not simulated clients (Protocol mismatch)
Android 2.3.7 No SNI ²	Protocol mismatch (not simulated)
Android 4.0.4	Protocol mismatch (not simulated)
Android 4.1.1	Protocol mismatch (not simulated)
Android 4.2.2	Protocol mismatch (not simulated)
Android 4.3	Protocol mismatch (not simulated)
Baidu Jan 2015	Protocol mismatch (not simulated)
IE 6 / XP No FS ¹ No SNI ²	Protocol mismatch (not simulated)
IE 7 / Vista	Protocol mismatch (not simulated)
IE 8 / XP No FS ¹ No SNI ²	Protocol mismatch (not simulated)
IE 8-10 / Win 7 R	Protocol mismatch (not simulated)
IE 10 / Win Phone 8.0	Protocol mismatch (not simulated)
Java 6u45 No SNI ²	Protocol mismatch (not simulated)
Java 7u25	Protocol mismatch (not simulated)
OpenSSL 0.9.8y	Protocol mismatch (not simulated)
Safari 5.1.9 / OS X 10.6.8	Protocol mismatch (not simulated)
Safari 6.0.4 / OS X 10.8.4 R	Protocol mismatch (not simulated)
Click here to expand
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.

Protocol Details
Secure Renegotiation	Supported
Secure Client-Initiated Renegotiation	No
Insecure Client-Initiated Renegotiation	No
BEAST attack	Mitigated server-side (more info)
POODLE (SSLv3)	No, SSL 3 not supported (more info)
POODLE (TLS)	No (more info)
Zombie POODLE	No (more info) TLS 1.2 : `0xc027`
GOLDENDOODLE	No (more info) TLS 1.2 : `0xc027`
OpenSSL 0-Length	No (more info) TLS 1.2 : `0xc027`
Sleeping POODLE	No (more info) TLS 1.2 : `0xc027`
Downgrade attack prevention	Unknown (requires support for at least two protocols, excl. SSL2)
SSL/TLS compression	No
RC4	No
Heartbeat (extension)	Yes
Heartbleed (vulnerability)	No (more info)
Ticketbleed (vulnerability)	No (more info)
OpenSSL CCS vuln. (CVE-2014-0224)	No (more info)
OpenSSL Padding Oracle vuln. (CVE-2016-2107)	No (more info)
ROBOT (vulnerability)	No (more info)
Forward Secrecy	Yes (with most browsers) ROBUST (more info)
ALPN	No
NPN	No
Session resumption (caching)	Yes
Session resumption (tickets)	Yes
OCSP stapling	No
Strict Transport Security (HSTS)	Yes max-age=16000000
HSTS Preloading	Not in: Chrome Edge Firefox IE
Public Key Pinning (HPKP)	No (more info)
Public Key Pinning Report-Only	No
Public Key Pinning (Static)	No (more info)
Long handshake intolerance	No
TLS extension intolerance	No
TLS version intolerance	No
Incorrect SNI alerts	No
Uses common DH primes	No, DHE suites not supported
DH public server param (Ys) reuse	No, DHE suites not supported
ECDH public server param reuse	No
Supported Named Groups	secp256r1
SSL 2 handshake compatibility	Yes

HTTP Requests

1 https://api.faqswiss.cn/ (HTTP/1.1 200 OK)
1
	Content-Type	text/html; charset=UTF-8
	Content-Length	294856
	Connection	close
	Vary	Accept-Encoding
	Cache-Control	max-age=86400, public
	Date	Tue, 17 Jun 2025 06:54:10 GMT
	X-Drupal-Dynamic-Cache	HIT
	Content-language	en
	X-Content-Type-Options	nosniff
	X-Frame-Options	SAMEORIGIN
	Expires	Sun, 19 Nov 1978 05:00:00 GMT
	Last-Modified	Tue, 17 Jun 2025 07:24:28 GMT
	ETag	"1750145068"
	Vary	Cookie
	X-Generator	Drupal 10 (https://www.drupal.org)
	X-Commerce-Core	2
	Surrogate-Key	7d0 f5f cef 229 a40 2d5 657 f55 97d a80 e36 1d7 891 9e4 73a d44 cd0 7d8 b63 d79 c25 98b 183 eb9 0d2 e95 cd1 0a4 6cd 771 f8d 37b ba9 2eb ae2 960 74d 36d cfb 3cb 187 f43 b8f 8d9 dea ee5 488 a40 17e d66 684 c6b 0f7 32f 072 4ac 4d6 baf 670 b9f 894 809 32f 003 074 3df 2da 5b7 ff7 21c f53 7a8 a48 56a 71f 5aa c7f a58 b85 ea0 c64 92a 29f e6b 20a b19 bd4 181 c59 3e2 b8a 06c e65 192 85c 53d e74 98b 58a c39 736 278 497 9b4 d14 e1d 340 9ee afb 06b 790 4cc d90 6f7 511 1b9 acd 1e5 d4d b74 f59 8be 2fa ad0 e97 17f 97f 3e3 fd8 c32 2a4 831 2a7 a05 28d 899 e9f 5b3 2ce 320 4ac f12 2ff e22 fa2 610 2fb 812 21c b5d db2 4b7 257 77d 03d adc dbf c0f a7a 7a8 05f cad e97 0ca 2a4 195 c6e e81 460 6a2 32b bbc 16b 5ec 267 2af 5d8 fc8 3c2 29a 86e fc5 869 17e 5ee 346 cbe c8c fe7 08b df0 b8f 13b 5a3 ca1 4bf eb1 7d9 b52 760 f71 406 d36 7e3 65b fa9 1b6 b14 d2b 155 167 a67 373 20c 612 a74 2d2 6cc 02b d16 793 c4d 820 a82 8a4 3ae 18d 68e e5a fe6 33a 2f4 fcf 0d9 03d 56b 0c7 73e aa9 dd4 05b bc6 f8f 7d9 e2a 930 d99 ea1 4f2 81e 961 0f2 7c7 fca e45 f86 d1b 7fd 5ff b9e ba0 40f eef fde db6 683 c1c 049 964 fe1 ae3 bb4 cec d35 b14 e17 2a5 30e 591 810 aad 72c c17 124 31a 447 0eb c41 4a1 2e2 51d 1e3 7df 19e 80e e41 2b4 d3f a8c 8f8 9e8 c4d d93 7e9 f19 bf1 d9c e05 e6d 8d0 464 9a4 cb2 aa3 e4b 950 5d2 288 93a 9b6 2f1 3c4 5b0 4bb 245 12b a16 84d 4a6 018 75e a02 184 1cc b87 781 426 3ad 5c8 69e 38a 5dc 7d6 9d3 f1c ba1 622 370 1ea 426 63f 5d9 bd4 a60 b30 17e dc4 6c5 a1d 583 871 4b7 33c 384 ead 4c6 933 466 752 266 d9a 898 7eb 8b0 6c2 e0e 0ba 3bb 81e e97 577 9c6 3cd cd6 56b 938 57a 3dd 482 448 280 e15 c32 b15 d9f 5fe 210 d76 69b 878 566 607 123 10c 595 255 2cd 132 be8 e82 bb2 75e 684 58c a8b 401 f70
	Surrogate-Control	max-age=86400, public, stale-while-revalidate=120, stale-if-error=7200
	Fastly-Drupal-HTML	YES
	Lfi-Geo-Country	US
	Lfi-Shipping-Country	US
	Lfi-Role	1
	Lfi-Currency	USD
	Access-Control-Allow-Origin	*
	Strict-Transport-Security	max-age=16000000

Miscellaneous
Test date	Tue, 17 Jun 2025 07:24:10 UTC
Test duration	31.521 seconds
HTTP status code	200
HTTP server signature	-
Server hostname	ec2-54-153-114-62.us-west-1.compute.amazonaws.com

SSL Report v2.4.0

Copyright © 2009-2025 Qualys, Inc. All Rights Reserved. Privacy Policy.	Terms and Conditions
Try Qualys for free! Experience the award-winning Qualys Cloud Platform and the entire collection of Qualys Cloud Apps, including certificate security solutions.