Here are the SSLScan results without the options of --no-failed. Please focus on connections with accepted only. When reading the SSLScan test results, we will focus on weak HTTPS protocols and encryption algorithms such as SSL v3, TLS v1.0, TLS v1.1, and NULL. Generally, the following will be considered as vulnerable:
- SSLv2 and SSLv3
- Symmetric encryption algorithms smaller than 112 bits
- X509 certificates with RSA or DSA keys smaller than 2048 bits
- Weak hash algorithms such as MD5
This screenshot shows the sslScan results for the NodeGoat website:
SSLScan report
In addition to SSLScan, we can also use SSLTest, SSLyze, or NAMP for SSL configuration inspection.
To read the SSLScan test results, focus on the connections with accepted or specify --no-failed to reduce unnecessary information.