Hey, Admin, your TLS cert expired.

Seriously, just set up auto-renewal. Please.

dead men don't renew certs

Please don't. Auto-renewal means that you can't trust a specific certificate and have to trust the CA instead.

SSL Report: bbs.progrider.org (188.138.9.112)

Server Key and Certificate #1
Subject bbs.progrider.org
Fingerprint SHA1: f0bcf79b8e025ff5ecdf31faa3072631f08b764c
Pin SHA256: b6enY267Z7l18SOuoWhn1kiI6KBQNpQEO9IURasVOw0=
Common names bbs.progrider.org
Alternative names bbs.progrider.org
Valid from Sat, 12 Mar 2016 15:49:00 UTC
Valid until Fri, 10 Jun 2016 15:49:00 UTC (expired 7 months and 15 days ago) EXPIRED
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer Let's Encrypt Authority X1
AIA: http://cert.int-x1.letsencrypt.org/
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency No
OCSP Must Staple No
Revocation information OCSP
OCSP: http://ocsp.int-x1.letsencrypt.org/
Revocation status Unchecked (only trusted certificates can be checked)
DNS CAA No
Trusted No NOT TRUSTED (Why?)

Additional Certificates (if supplied)
Certificates provided 1 (1290 bytes)
Chain issues Incomplete

Hide Certification Paths Certification Paths

Path #1: Not trusted (timestamp check failed)
1 Sent by server bbs.progrider.org
Fingerprint SHA1: f0bcf79b8e025ff5ecdf31faa3072631f08b764c
Pin SHA256: b6enY267Z7l18SOuoWhn1kiI6KBQNpQEO9IURasVOw0=
RSA 2048 bits (e 65537) / SHA256withRSA
Valid until: Fri, 10 Jun 2016 15:49:00 UTC
EXPIRED
2 Extra download Let's Encrypt Authority X1
Fingerprint SHA1: 3eae91937ec85d74483ff4b77b07b43e2af36bf4
Pin SHA256: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
RSA 2048 bits (e 65537) / SHA256withRSA
3 In trust store DST Root CA X3 Self-signed
Fingerprint SHA1: dac9024f54d8f6df94935fb1732638ca6ad77c13
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=
RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate

Configuration

Protocols
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 INSECURE Yes
SSL 2 No

Cipher Suites
# TLS 1.2 (server has no preference)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 1024 bits FS WEAK 112
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS 112
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits FS WEAK 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 1024 bits FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 1024 bits FS WEAK 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 1024 bits FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits FS WEAK 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
# TLS 1.1 (server has no preference)
# TLS 1.0 (server has no preference)
# SSL 3 (server has no preference)

Handshake Simulation
Android 2.3.7 No SNI 2 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Android 4.0.4 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Android 4.1.1 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Android 4.2.2 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Android 4.3 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Android 4.4.2 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Android 5.0.0 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Android 6.0 RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 7.0 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Baidu Jan 2015 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
BingPreview Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Chrome 49 / XP SP3 RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Chrome 51 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 31.3.0 ESR / Win 7 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 47 / Win 7 R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 49 / XP SP3 RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 49 / Win 7 R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Googlebot Feb 2015 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 6 / XP No FS 1 No SNI 2 RSA 2048 (SHA256) SSL 3 TLS_RSA_WITH_3DES_EDE_CBC_SHA
IE 7 / Vista RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
IE 8 / XP No FS 1 No SNI 2 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA
IE 8-10 / Win 7 R RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
IE 11 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
IE 11 / Win 8.1 R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
IE 10 / Win Phone 8.0 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
IE 11 / Win Phone 8.1 R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_RSA_WITH_AES_128_CBC_SHA256 No FS
IE 11 / Win Phone 8.1 Update R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
IE 11 / Win 10 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Edge 13 / Win 10 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Edge 13 / Win Phone 10 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Java 6u45 No SNI 2 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
Java 7u25 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH secp256r1 FS
Java 8u31 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH secp256r1 FS
OpenSSL 0.9.8y RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS
OpenSSL 1.0.1l R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 1.0.2e R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 5.1.9 / OS X 10.6.8 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH secp256r1 FS
Safari 6 / iOS 6.0.1 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 6.0.4 / OS X 10.8.4 R RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
Safari 7 / iOS 7.1 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 7 / OS X 10.9 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 8 / iOS 8.4 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 8 / OS X 10.10 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
Safari 9 / iOS 9 R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 9 / OS X 10.11 R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 10 / iOS 10 R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 10 / OS X 10.12 R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Apple ATS 9 / iOS 9 R RSA 2048 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Yahoo Slurp Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
YandexBot Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).

Protocol Details
DROWN Unable to perform this test due to an internal error.
(1) For a better understanding of this test, please read this longer explanation
(2) Key usage data kindly provided by the Censys network search engine; original DROWN test here
(3) Censys data is only indicative of possible key and certificate reuse; possibly out-of-date and not complete
INTERNAL ERROR: Connection refused
INTERNAL ERROR: Connection refused
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No
BEAST attack Not mitigated server-side (more info) SSL 3: 0xa, TLS 1.0: 0xa
POODLE (SSLv3) Vulnerable INSECURE (more info) SSL 3: 0xa
POODLE (TLS) No (more info)
Downgrade attack prevention Yes, TLS_FALLBACK_SCSV supported (more info)
SSL/TLS compression No
RC4 No
Heartbeat (extension) Yes
Heartbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
OpenSSL Padding Oracle vuln.
(CVE-2016-2107) No (more info)
Forward Secrecy Weak key exchange WEAK
ALPN No
NPN Yes http/1.1
Session resumption (caching) No (IDs assigned but not accepted)
Session resumption (tickets) Yes
OCSP stapling No
Strict Transport Security (HSTS) No
HSTS Preloading Not in: Chrome Edge Firefox IE
Public Key Pinning (HPKP) No
Public Key Pinning Report-Only No
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance No
Incorrect SNI alerts No
Uses common DH primes Yes Replace with custom DH parameters if possible (more info)
DH public server param (Ys) reuse No
ECDH public server param reuse No
Supported EC Named Curves secp256r1
SSL 2 handshake compatibility Yes

HTTP Requests
1 https://bbs.progrider.org/ (HTTP/1.1 200 OK)

Miscellaneous
Test date Thu, 26 Jan 2017 11:45:13 UTC
Test duration 115.741 seconds
HTTP status code 200
HTTP server signature nginx/1.8.0
Server hostname atlantic547.eu.unmetered.com

JACKSON FIVE GET

Why does anon need encrypted transport?

>>6
To hide the CP on admins server.

>>6
What if I'm on an untrusted public network and don't want eleventy exploit kits embedded into every page? Christ. Think before you type.

>>8
And what difference does it make to have the exploit stream encrypted or not?

>>8
SOCKS5 proxy via ssh.

🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳
DUBS FOR DA PEOPLE
🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳

ALL DISEASES ARE FROM COMPUTER

https://pbs.twimg.com/media/C3mDX23WQAE2nMb.jpg:large

ALL DISEASES ARE FROM COMPUTER

COMPUTERS CREATE ALL CANCERS ALL TUMORS ALL DENTAL DISEASES. YOUR BROWSER, SSL, AND HTTPS ARE ALL CREATED WITH GASSES. ENCRYPTION IS CREATED WITH GASSES. CERTIFICATES ARE CREATED WITH GASSES. 21.

>>12
Wow its like ANDRU and the time cube guy had a baby

>>9
are you retarded? or maybe it's the opposite - are you a brilliant cryptographer who knows how to MITM TLS? inb4 sslstrip - that's solved by HSTS

>>14
It's not opposite. He can be a proud aspergus and a brilliant cryptographer.

>>15
aspergus != retard. I meant retard, as in 'you retard, TLS encrypts the contents of websites you visit so the skid with aircrack (or just a rogue hotspot operator) won't know how to inject exploit kit into those websites due to not knowing the key to encrypt exploits correctly, and even if he was able to manipulate the ciphertext through bit flips then HMAC would be incorrect and your browser would drop the packet'.

>>16
Whatever, just don't cry over this, you SJW lady.

>>17
understanding cryptography is an SJW thing now?

>>18
No, distinguishing between aspergi and retards is.

>>19
but most /prog/riders are spergs, sperging about optimizing for single asm instructions (Cudder), C preprocessor (FrozenAnus) and their homebrew 'Lisp' dialects which are nothing like any actual Lisp (Nikita)

>>20
I do not hate spergs, or retards. I just hate people who think we have to be all touchy-feely and make fine distinctions between types of retards.

🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳
DUBS FOR DA PEOPLE
🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳🇨🇳

>>21
I'm just spergy about different categories of spergs

What programming language is this?