SSL Report:
submit.i-mri.org
(121.254.129.102)
Assessed on: Tue, 25 Nov 2025 06:02:39 UTC
| Clear cache
Summary
0
20
40
60
80
100
Certificate
Protocol Support
Key Exchange
Cipher Strength
Visit our documentation page
for more information, configuration guides, and books. Known issues are documented
here.
This server's certificate is not trusted, see below for details.
This server does not support TLS 1.3. MORE INFO »
This site works only in browsers with SNI support.
HTTP Strict Transport Security (HSTS) with long duration deployed on this server.
MORE INFO »
Certificate #1: RSA 2048 bits (SHA256withRSA)
|
Server Key and Certificate #1
|
|
| Subject |
www.m2-pi.com
Fingerprint SHA256: 6b2e4fb68be84c1e2dad0c6ff24d87fa215a85697bfcf9750234dc32882a123b Pin SHA256: pRyUh/YZxduK6dIIcAbg/BZNH4smuYBg9zGrYjBZF7M= |
| Common names | www.m2-pi.com |
| Alternative names | www.m2-pi.com m2-pi.com www.accjournal.org accjournal.org submit.accjournal.org www.annchildneurol.org annchildneurol.org submit.annchildneurol.org www.asianspinejournal.org asianspinejournal.org www.ceemjournal.org ceemjournal.org submit.ceemjournal.org www.chronobiologyinmedicine.org chronobiologyinmedicine.org submit.chronobiologyinmedicine.org www.coloproctol.org coloproctol.org submit.coloproctol.org www.e-acfs.org e-acfs.org submit.e-acfs.org www.e-agmr.org www.eaht.org eaht.org submit.eaht.org www.e-ajp.org e-ajp.org submit.e-ajp.org www.e-apem.org e-apem.org submit.e-apem.org www.e-arm.org e-arm.org www.e-asr.org e-asr.org submit.e-asr.org www.e-cacd.org e-cacd.org submit.e-cacd.org www.ecerm.org ecerm.org submit.ecerm.org www.e-chnr.org e-chnr.org www.e-cmh.org e-cmh.org www.e-epih.org e-epih.org submit.e-epih.org www.einj.org einj.org submit.einj.org www.ejao.org ejao.org submit.ejao.org www.e-jcs.org e-jcs.org www.e-jhis.org e-jhis.org www.e-jlc.org e-jlc.org www.e-jmls.org e-jmls.org submit.e-jmls.org www.e-jnic.org e-jnic.org submit.e-jnic.org www.ejournal-stem.org www.ekja.org ekja.org www.e-kjpt.org e-kjpt.org submit.e-kjpt.org www.e-mch.org e-mch.org www.emsasia.org emsasia.org www.emsjournal.org emsjournal.org www.e-neurospine.org e-neurospine.org submit.e-neurospine.org www.genominfo.org genominfo.org www.helicojournal.org helicojournal.org submit.helicojournal.org submit.ijat.net www.irjournal.org irjournal.org submission.irjournal.org j.kafn.or.kr www.jatsxml.org jatsxml.org www.jecst.org jecst.org submit.jecst.org www.jemsmed.org jemsmed.org submit.jemsmed.org www.jikm.or.kr jikm.or.kr submit.jikm.or.kr www.jkccn.org jkccn.org www.jkgn.org jkgn.org www.jkma.org jkma.org www.j-kosham.or.kr www.jksem.org jksem.org submit.jksem.org www.jksqm.org jksqm.org submit.jksqm.org www.jmisst.org jmisst.org submit.jmisst.org www.j-nn.org submit.j-nn.org www.joet.org submit.joet.org www.jpmph.org jpmph.org submit.jpmph.org www.jwmr.org jwmr.org submit.jwmr.org www.kifsejournal.or.kr www.kjfm.or.kr kjfm.or.kr www.kjpbt.org kjpbt.org submit.kjpbt.org www.kjvr.org submit.ksae.org www.ksep-es.org ksep-es.org submit.ksep-es.org www.medhist.or.kr medhist.or.kr www.neo-med.org neo-med.org submit.neo-med.org www.neurointervention.org neurointervention.org submit.neurointervention.org www.pemj.org pemj.org submit.pemj.org www.pha.or.kr pha.or.kr jppe.ppe.or.kr www.psychiatryinvestigation.org psychiatryinvestigation.org www.qihjournal.org qihjournal.org submit.qihjournal.org www.sleepmedres.org sleepmedres.org submit.sleepmedres.org www.jacs.or.kr jacs.or.kr www.jeaht.org jeaht.org submit.jeaht.org www.annocl.org www.exercmed.org exercmed.org submit.exercmed.org www.e-jat.org submit.e-jat.org www.e-kjar.org e-kjar.org submit.e-kjar.org www.jrpr.org jrpr.org submit.jrpr.org www.e-jgn.org e-jgn.org submit.e-jgn.org www.ajkinesiol.org ajkinesiol.org submit.ajkinesiol.org www.e-jyms.org e-jyms.org submit.e-jyms.org www.e-jcpp.org e-jcpp.org submit.e-jcpp.org www.kosinmedj.org kosinmedj.org submit.kosinmedj.org www.stressresearch.or.kr stressresearch.or.kr www.grsjournal.org grsjournal.org submit.grsjournal.org www.jepilia.org jepilia.org www.e-ajbc.org e-ajbc.org submit.e-ajbc.org www.childstudies.org childstudies.org submit.childstudies.org www.integrmed.org integrmed.org www.ijpem-st.org ijpem-st.org www.jkbns.org jkbns.org submit.jkbns.org www.hnmr.org hnmr.org submit.hnmr.org www.kmer.or.kr kmer.or.kr www.rcphn.org rcphn.org submit.rcphn.org www.jees.kr jees.kr submit.kjnt.org submit.i-mri.org submit.jkgn.org www.her.re.kr her.re.kr submit.kmer.or.kr submit.ijpem-st.org submit.e-mch.org www.e-neurofunction.org e-neurofunction.org submit.e-neurofunction.org www.ijat.net ijat.net submit.jkma.org |
| Serial Number | 06f73b16e1ebdd81037bd83c2afb5a3c |
| Valid from | Mon, 31 Mar 2025 00:00:00 UTC |
| Valid until | Fri, 01 May 2026 23:59:59 UTC (expires in 5 months and 6 days) |
| Key | RSA 2048 bits (e 65537) |
| Weak key (Debian) | No |
| Issuer | GeoTrust TLS RSA CA G1
AIA: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt |
| Signature algorithm | SHA256withRSA |
| Extended Validation | No |
| Certificate Transparency | Yes (certificate) |
| OCSP Must Staple | No |
| Revocation information |
CRL, OCSP CRL: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl OCSP: http://status.geotrust.com |
| Revocation status | Revoked INSECURE
CRL ERROR: IOException occurred |
| DNS CAA | No (more info) |
| Trusted | No NOT TRUSTED
(Why?)
Mozilla Apple Android Java Windows |
Certification Paths |
Certificate #2: RSA 2048 bits (SHA256withRSA)
No SNI
|
Server Key and Certificate #1
|
|
| Subject |
www.m2-pi.com
Fingerprint SHA256: bc28353225710b59deb4f75f41f8dbfe142439a09b92615cf4c9039007ed80a5 Pin SHA256: dQ604j9FxOvchTb9N3dHWUyPdy4USSgf/blCkky3GMM= |
| Common names | www.m2-pi.com |
| Alternative names | www.m2-pi.com m2-pi.com www.anesth-pain-med.org anesth-pain-med.org submit.anesth-pain-med.org www.bcjjl.org bcjjl.org submit.bcjjl.org www.ceramist.or.kr ceramist.or.kr www.cisejournal.org cisejournal.org submit.cisejournal.org www.clinicalultrasound.org clinicalultrasound.org submit.clinicalultrasound.org www.e-aaps.org e-aaps.org submit.e-aaps.org www.e-acn.org e-acn.org submit.e-acn.org www.e-algae.org e-algae.org submit.e-algae.org www.e-ce.org e-ce.org submit.e-ce.org www.e-ceo.org e-ceo.org www.e-ceth.org e-ceth.org submit.e-ceth.org www.e-crt.org e-crt.org www.e-csd.org e-csd.org submit.e-csd.org www.e-dmj.org e-dmj.org submit.e-dmj.org www.eeer.org www.e-enm.org e-enm.org submit.e-enm.org www.e-hir.org e-hir.org www.e-jbm.org e-jbm.org submit.e-jbm.org www.e-jei.org submit.e-jei.org www.e-jend.org e-jend.org submit.e-jend.org www.e-jer.org e-jer.org submit.e-jer.org www.e-jkd.org e-jkd.org www.e-jmd.org e-jmd.org submit.e-jmd.org www.e-jnc.org e-jnc.org submit.e-jnc.org www.ejpbl.org ejpbl.org submit.ejpbl.org www.e-jsm.org e-jsm.org submit.e-jsm.org www.e-jwj.org e-jwj.org submit.e-jwj.org www.e-kjfs.org submit.e-kjfs.org www.ekjo.org ekjo.org www.e-kmj.org e-kmj.org submit.e-kmj.org www.encephalitisjournal.org encephalitisjournal.org submit.encephalitisjournal.org www.e-pan.org e-pan.org www.e-roj.org submit.e-roj.org www.e-rvs.org e-rvs.org submit.e-rvs.org www.escienceediting.org escienceediting.org submit.escienceediting.org www.e-trd.org e-trd.org www.e-ultrasonography.org submit.e-ultrasonography.org www.glonav.org www.handmicro.org handmicro.org submit.handmicro.org ijkh.khistory.org www.jbd.or.kr jbd.or.kr submit.jbd.or.kr www.jcdp.or.kr www.jeehp.org jeehp.org submit.jeehp.org www.j-epilepsy.org j-epilepsy.org submit.j-epilepsy.org j-kagedu.or.kr www.jkasne.org jkasne.org www.jkcs.or.kr jkcs.or.kr www.jkimst.org jkimst.org www.jkns.or.kr jkns.or.kr submit.jkns.or.kr www.jkom.org jkom.org submit.jkom.org www.jkos.org jkos.org www.jkpmhn.org jkpmhn.org www.jksee.or.kr submit.jksgn.org www.jksgn.org jksgn.org www.j-organoid.org j-organoid.org submit.j-organoid.org www.j-rhinology.org j-rhinology.org submit.j-rhinology.org jsms.sch.ac.kr www.j-stroke.org j-stroke.org submit.j-stroke.org www.jtraumainj.org jtraumainj.org submit.jtraumainj.org journal.kapd.org www.kcse.org kcse.org ecsac-korea.kcse.org www.kjah.org www.kjhno.org www.kjlm.or.kr kjlm.or.kr submit.kjlm.or.kr www.kjme.kr kjme.kr submit.kjme.kr www.kjsr.org kjsr.org www.krcp-ksn.org krcp-ksn.org submit.kosenv.or.kr www.ogscience.org ogscience.org www.online-rpd.org online-rpd.org submit.online-rpd.org www.ophrp.org ophrp.org www.pfmjournal.org pfmjournal.org www.ppjonline.org ppjonline.org www.the-jcen.org the-jcen.org www.thenerve.net thenerve.net submit.thenerve.net www.e-jkc.org www.jasci.org jasci.org www.cpkjournal.or.kr cpkjournal.or.kr www.kjcp.or.kr kjcp.or.kr www.chikd.org chikd.org submit.chikd.org kjco.org www.kjco.org submit.kjco.org www.e-jsst.org e-jsst.org www.apccjournal.org apccjournal.org submit.apccjournal.org www.e-juo.org e-juo.org www.geodata.kr geodata.kr www.jksct.or.kr jksct.or.kr www.e-whn.org e-whn.org submit.e-whn.org submit.ceramist.or.kr www.jkslp.org jkslp.org submit.jkslp.org submit.e-jkd.org publishing.m2comm.kr MISMATCH |
| Serial Number | 07867073b3caf68098d2052e8b1c67cd |
| Valid from | Wed, 30 Apr 2025 00:00:00 UTC |
| Valid until | Mon, 27 Apr 2026 23:59:59 UTC (expires in 5 months and 2 days) |
| Key | RSA 2048 bits (e 65537) |
| Weak key (Debian) | No |
| Issuer | GeoTrust TLS RSA CA G1
AIA: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt |
| Signature algorithm | SHA256withRSA |
| Extended Validation | No |
| Certificate Transparency | Yes (certificate) |
| OCSP Must Staple | No |
| Revocation information |
CRL, OCSP CRL: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl OCSP: http://status.geotrust.com |
| Revocation status | Good (not revoked)
CRL ERROR: IOException occurred |
| Trusted | No NOT TRUSTED
(Why?)
Mozilla Apple Android Java Windows |
|
Certification Paths |
Configuration
| Protocols | |
| TLS 1.3 | No |
| TLS 1.2 | Yes* |
| TLS 1.1 | No |
| TLS 1.0 | No |
| SSL 3 | No |
| SSL 2 | No |
| (*) Experimental: Server negotiated using No-SNI | |
| Cipher Suites | ||
|
# TLS 1.2 (suites in server-preferred order)
|
||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
ECDH secp256r1 (eq. 3072 bits RSA) FS
|
128 | |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
ECDH secp256r1 (eq. 3072 bits RSA) FS
|
256 | |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
DH 2048 bits FS
|
128 | |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
DH 2048 bits FS
|
256 | |
| Handshake Simulation | |||
| Android 4.4.2 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Android 5.0.0 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Android 6.0 | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Android 7.0 | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Android 8.0 | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Android 8.1 | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Android 9.0 | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| BingPreview Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Chrome 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Chrome 69 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Chrome 70 / Win 10 | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Chrome 80 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Firefox 31.3.0 ESR / Win 7 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Firefox 47 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Firefox 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Firefox 62 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Firefox 73 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Googlebot Feb 2018 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| IE 11 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH 2048 FS |
| IE 11 / Win 8.1 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH 2048 FS |
| IE 11 / Win Phone 8.1 R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win Phone 8.1 Update R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH 2048 FS |
| IE 11 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Edge 15 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Edge 16 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Edge 18 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Edge 13 / Win Phone 10 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Java 8u161 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Java 11.0.3 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Java 12.0.1 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| OpenSSL 1.0.1l R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| OpenSSL 1.0.2s R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| OpenSSL 1.1.0k R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| OpenSSL 1.1.1c R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Safari 6 / iOS 6.0.1 |
Server sent fatal alert: handshake_failure |
||
| Safari 7 / iOS 7.1 R |
Server sent fatal alert: handshake_failure |
||
| Safari 7 / OS X 10.9 R |
Server sent fatal alert: handshake_failure |
||
| Safari 8 / iOS 8.4 R |
Server sent fatal alert: handshake_failure |
||
| Safari 8 / OS X 10.10 R |
Server sent fatal alert: handshake_failure |
||
| Safari 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Safari 9 / OS X 10.11 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Safari 10 / iOS 10 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Safari 10 / OS X 10.12 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Safari 12.1.2 / MacOS 10.14.6 Beta R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Safari 12.1.1 / iOS 12.3.1 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Apple ATS 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Yahoo Slurp Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| YandexBot Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
|
# Not simulated clients (Protocol mismatch)
|
|||
| Android 2.3.7 No SNI 2 |
Protocol mismatch (not simulated) |
||
| Android 4.0.4 |
Protocol mismatch (not simulated) |
||
| Android 4.1.1 |
Protocol mismatch (not simulated) |
||
| Android 4.2.2 |
Protocol mismatch (not simulated) |
||
| Android 4.3 |
Protocol mismatch (not simulated) |
||
| Baidu Jan 2015 |
Protocol mismatch (not simulated) |
||
| IE 6 / XP No FS 1 No SNI 2 |
Protocol mismatch (not simulated) |
||
| IE 7 / Vista |
Protocol mismatch (not simulated) |
||
| IE 8 / XP No FS 1 No SNI 2 |
Protocol mismatch (not simulated) |
||
| IE 8-10 / Win 7 R |
Protocol mismatch (not simulated) |
||
| IE 10 / Win Phone 8.0 |
Protocol mismatch (not simulated) |
||
| Java 6u45 No SNI 2 |
Protocol mismatch (not simulated) |
||
| Java 7u25 |
Protocol mismatch (not simulated) |
||
| OpenSSL 0.9.8y |
Protocol mismatch (not simulated) |
||
| Safari 5.1.9 / OS X 10.6.8 |
Protocol mismatch (not simulated) |
||
| Safari 6.0.4 / OS X 10.8.4 R |
Protocol mismatch (not simulated) |
||
| (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. | |||
| (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. | |||
| (3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version. | |||
| (R) Denotes a reference browser or client, with which we expect better effective security. | |||
| (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). | |||
| (All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake. | |||
| Protocol Details | |
| Secure Renegotiation | Supported |
| Secure Client-Initiated Renegotiation | No |
| Insecure Client-Initiated Renegotiation | No |
| BEAST attack | Mitigated server-side (more info) |
| POODLE (SSLv3) | No, SSL 3 not supported (more info) |
| POODLE (TLS) | No (more info) |
| Zombie POODLE | No (more info) |
| GOLDENDOODLE | No (more info) |
| OpenSSL 0-Length | No (more info) |
| Sleeping POODLE | No (more info) |
| Downgrade attack prevention | Unknown (requires support for at least two protocols, excl. SSL2) |
| SSL/TLS compression | No |
| RC4 | No |
| Heartbeat (extension) | Yes |
| Heartbleed (vulnerability) | No (more info) |
| Ticketbleed (vulnerability) | No (more info) |
| OpenSSL CCS vuln. (CVE-2014-0224) | No (more info) |
| OpenSSL Padding Oracle vuln. (CVE-2016-2107) |
No (more info) |
| ROBOT (vulnerability) | No (more info) |
| Forward Secrecy | Yes (with most browsers) ROBUST (more info) |
| ALPN | Yes http/1.1 |
| NPN | No |
| Session resumption (caching) | Yes |
| Session resumption (tickets) | Yes |
| OCSP stapling | No |
| Strict Transport Security (HSTS) | Yes
max-age=15768000; |
| HSTS Preloading | Not in: Chrome Edge Firefox IE |
| Public Key Pinning (HPKP) | No (more info) |
| Public Key Pinning Report-Only | No |
| Public Key Pinning (Static) | No (more info) |
| Long handshake intolerance | No |
| TLS extension intolerance | No |
| TLS version intolerance | No |
| Incorrect SNI alerts | No |
| Uses common DH primes | No |
| DH public server param (Ys) reuse | No |
| ECDH public server param reuse | No |
| Supported Named Groups | secp256r1, secp521r1, secp384r1, secp256k1 (server preferred order) |
| SSL 2 handshake compatibility | No |
|
HTTP Requests
|
|
1 https://submit.i-mri.org/
(HTTP/1.1 200 OK)
| 1 | |
| Date | Tue, 25 Nov 2025 06:01:27 GMT | |
| Server | Apache | |
| X-Frame-Options | SAMEORIGIN | |
| Content-Security-Policy | default-src'self' | |
| X-XSS-Protection | 1; mode=block | |
| X-Content-Type-Options | nosniff | |
| Strict-Transport-Security | max-age=15768000; | |
| Connection | close | |
| Transfer-Encoding | chunked | |
| Content-Type | text/html | |
| Miscellaneous | |
| Test date | Tue, 25 Nov 2025 06:01:12 UTC |
| Test duration | 86.962 seconds |
| HTTP status code | 200 |
| HTTP server signature | Apache |
| Server hostname | jatsxml.org |
Why is my certificate not trusted?
There are many reasons why a certificate may not be trusted. The exact problem is indicated on the report card in bright red. The problems fall into three categories:
- Invalid certificate
- Invalid configuration
- Unknown Certificate Authority
1. Invalid certificate
A certificate is invalid if:
- It is used before its activation date
- It is used after its expiry date
- Certificate hostnames don't match the site hostname
- It has been revoked
- It has insecure signature
- It has been blacklisted
2. Invalid configuration
In some cases, the certificate chain does not contain all the necessary certificates to connect the web server certificate to one of the root certificates in our trust store. Less commonly, one of the certificates in the chain (other than the web server certificate) will have expired, and that invalidates the entire chain.
3. Unknown Certificate Authority
In order for trust to be established, we must have the root certificate of the signing Certificate Authority in our trust store. SSL Labs does not maintain its own trust store; instead we use the store maintained by Mozilla.
If we mark a web site as not trusted, that means that the average web user's browser will not trust it either. For certain special groups of users, such web sites can still be secure. For example, if you can securely verify that a self-signed web site is operated by a person you trust, then you can trust that self-signed web site too. Or, if you work for an organisation that manages its own trust, and you have their own root certificate already embedded in your browser. Such special cases do not work for the general public, however, and this is what we indicate on our report card.
4. Interoperability issues
In some rare cases trust cannot be established because of interoperability issues between our code and the code or configuration running on the server. We manually review such cases, but if you encounter such an issue please feel free to contact us. Such problems are very difficult to troubleshoot and you may be able to provide us with information that might help us determine the root cause.
SSL Report v2.4.1