INFO: Accessible SSL Report

DESCRIPTION LAST UPDATED:  2024-01-01

DEFAULT SEVERITY LEVEL: INFO

This report identifies accessible SSL/TLS-enabled servers. While having an SSL/TLS enabled service is not inherently dangerous, this report is intended to raise awareness of services with  SSL/TLS exposure.

This is just a population/external surface exposure scan. If you prefer not to receive it, contact us to opt-out.

You can track accessible SSL services on our Dashboard.

For a report dedicated solely to vulnerable SSL services, please check out the SSL POODLE Report and the SSL FREAK Report.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report comes in 2 versions, IPv4 and IPv6.

Filenames: scan_ssl, scan6_ssl

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • port
    Port that the SSL response came from
  • hostname
    Reverse DNS name of the device in question. Note, this will be taken from the subject_common_name if it resembles a domain if no reverse DNS entry is found
  • tag
    Report tags
  • handshake
    The highest SSL handshake that could be negotiated (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3)
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • cipher_suite
    The highest CipherSuite that was able to be negotiated
  • ssl_poodle
    If "Y", then the device completed an SSLv3 handshake that used CBC (Cipher-Block Chaining) CipherSuites, which is vulnerable to a POODLE attack
  • cert_length
    Certificate Key Length (1024 bit, 2048 bit, etc)
  • subject_common_name
    The Common Name (CN) of the SSL certificate
  • issuer_common_name
    The Common Name of the entity that signed the SSL certificate
  • cert_issue_date
    Date when the SSL certificate became valid
  • cert_expiration_date
    Date when the SSL certificate expires
  • sha1_fingerprint
    SHA1 fingerprint of certificate
  • cert_serial_number
    Certificate serial number
  • ssl_version
    SSL/TLS version
  • signature_algorithm
    Signature algorithm used
  • key_algorithm
    Key algorithm used
  • subject_organization_name
    The subject organization name (ON) of the certificate
  • subject_organization_unit_name
    The organization unit name of the subject of the certificate
  • subject_country
    The country of the subject of the certificate
  • subject_state_or_province_name
    The state or province name of the subject of the certificate
  • subject_locality_name
    The locality name of the subject of the certificate
  • subject_street_address
    The street address of the subject of the certificate
  • subject_postal_code
    The postal code of the subject of the certificate
  • subject_surname
    The surname of the subject of the certificate
  • subject_given_name
    The given name of the subject of the certificate
  • subject_email_address
    The e-mail address of the subject of the certificate
  • subject_business_category
    The business category of the subject of the certificate
  • subject_serial_number
    Serial number of the subject of the certificate
  • issuer_organization_name
    Issuing organization name
  • issuer_organization_unit_name
    Issuing organization unit name
  • issuer_country
    Country of issuer
  • issuer_state_or_province_name
    State or province of issuer
  • issuer_locality_name
    Locality of issuer
  • issuer_street_address
    Street address of issuer
  • issuer_postal_code
    Postal code of issuer
  • issuer_surname
    Surname of issuer
  • issuer_given_name
    Given name of issuer
  • issuer_email_address
    Email address of issuer
  • issuer_business_category
    Business category of issuer
  • issuer_serial_number
    Serial number of issuer
  • naics
    North American Industry Classification System Code
  • hostname
    Hostname source
  • freak_vulnerable
    If "Y", then the device allowed the use of export-grade ciphers and can be used in a FREAK attack
  • freak_cipher_suite
    The export-grade CipherSuite that was able to be negotiated
  • sector
    Sector information of the IP in question, e.g. "Retail Trade", "Communications, Service Provider, and Hosting Service"
  • sha256_fingerprint
    SHA256 fingerprint of certificate
  • sha512_fingerprint
    SHA512 fingerprint of the certificate
  • md5_fingerprint
    MD5 fingerprint of certificate
  • http_response_type
    HTTP version in used in response, e.g HTTP/1.1
  • http_code
    HTTP Response code: e.g., 200, 401, 404
  • http_reason
    The text reason to go with the HTTP Code
  • content_type
    The MIME type of the body of the request (used with POST and PUT requests)
  • http_connection
    Control options for the current connection and list of hop-by-hop request fields
  • www_authenticate
    Indicates the authentication scheme that should be used to access the requested entity
  • set_cookie
    The HTTP Cookie to be set
  • server_type
    HTTP Server type
  • content_length
    The length of the response body in octets
  • transfer_encoding
    The form of encoding used to safely transfer the entity to the user
  • http_date
    The date and time that the message was sent
  • cert_valid
    Is the certificate valid (Y/N)?
  • self_signed
    Is the certificate self-signed (Y/N)?
  • cert_expired
    Whether the cert has expired (Y/N)
  • browser_trusted
    Browser trusted certificate (Y/N)?
  • validation_level
    Certificate validation level, e.g. DV, OV, EV
  • browser_error
    Browser certificate errors encountered when scanning
  • tlsv13_support
    Is TLS v1.3 supported?
  • tlsv13_cipher
    TLS v1.3 cipher used
  • jarm
    JARM signature of server

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","handshake","asn","geo","region","city","cipher_suite","ssl_poodle","cert_length","subject_common_name","issuer_common_name","cert_issue_date","cert_expiration_date","sha1_fingerprint","cert_serial_number","ssl_version","signature_algorithm","key_algorithm","subject_organization_name","subject_organization_unit_name","subject_country","subject_state_or_province_name","subject_locality_name","subject_street_address","subject_postal_code","subject_surname","subject_given_name","subject_email_address","subject_business_category","subject_serial_number","issuer_organization_name","issuer_organization_unit_name","issuer_country","issuer_state_or_province_name","issuer_locality_name","issuer_street_address","issuer_postal_code","issuer_surname","issuer_given_name","issuer_email_address","issuer_business_category","issuer_serial_number","naics","hostname_source","freak_vulnerable","freak_cipher_suite","sector","sha256_fingerprint","sha512_fingerprint","md5_fingerprint","http_response_type","http_code","http_reason","content_type","http_connection","www_authenticate","set_cookie","server_type","content_length","transfer_encoding","http_date","cert_valid","self_signed","cert_expired","browser_trusted","validation_level","browser_error","tlsv13_support","tlsv13_cipher","jarm"
"2010-02-10 00:00:00",info,192.168.0.1,tcp,10443,node01.example.com,ssl;vpn,TLSv1.3,64512,ZZ,Region,City,TLS_AES_256_GCM_SHA384,N,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,2,sha256WithRSAEncryption,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,0,ptr,N,,,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,HTTP/1.1,200,OK,text/html,,,,xxxxxxxx-xxxxx,131,,"Wed, 10 Feb 2010 00:00:00 GMT",N,N,Y,N,unknown,,Y,TLS_AES_256_GCM_SHA384,
"2010-02-10 00:00:01",info,192.168.0.2,tcp,10443,node02.example.com,ssl;vpn,TLSv1.3,64512,ZZ,Region,City,TLS_AES_256_GCM_SHA384,N,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,2,sha256WithRSAEncryption,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,0,ptr,N,,"Communications, Service Provider, and Hosting Service",E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,HTTP/1.1,200,OK,text/html,,,,xxxxxxxx-xxxxx,131,,"Wed, 10 Feb 2010 00:00:01 GMT",N,N,Y,N,unknown,,Y,TLS_AES_256_GCM_SHA384,
"2010-02-10 00:00:02",info,192.168.0.3,tcp,10443,node03.example.com,ssl;vpn,TLSv1.3,64512,ZZ,Region,City,TLS_AES_256_GCM_SHA384,N,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,2,sha256WithRSAEncryption,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,0,,N,,,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,HTTP/1.1,200,OK,text/html,,,,xxxxxxxx-xxxxx,131,,"Wed, 10 Feb 2010 00:00:02 GMT",N,N,Y,N,unknown,,Y,TLS_AES_256_GCM_SHA384,

Our 132 Report Types