https://www.ssllabs.com/ssltest/analyze.html?d=professionnels.societegenerale.frNote C!C'est CATASTROPHIQUE pour un établissement bancaire!
Signature algorithm SHA1withRSA WEAK
Additional Certificates (if supplied)
Certificates provided 3 (4196 bytes)
Chain issues Extra certs
#2
Subject VeriSign Class 3 Secure Server CA - G3
Fingerprint: 5deb8f339e264c19f6686f5f8f32b54a4c46b476
Valid until Fri Feb 07 15:59:59 PST 2020 (expires in 4 years and 9 months)
Key RSA 2048 bits (e 65537)
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Signature algorithm SHA1withRSA WEAK
#3
Subject VeriSign Class 3 Public Primary Certification Authority - G5
Fingerprint: 32f30882622b87cf8856c63db873df0853b4dd27
Valid until Sun Nov 07 15:59:59 PST 2021 (expires in 6 years and 6 months)
Key RSA 2048 bits (e 65537)
Issuer VeriSign / Class 3 Public Primary Certification Authority
Signature algorithm SHA1withRSA WEAK
Protocols
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3 INSECURE Yes
SSL 2 No
Cipher Suites (sorted by strength; the server has no preference)
TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
Protocol Details
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation Supported DoS DANGER
Insecure Client-Initiated Renegotiation No
BEAST attack Not mitigated server-side SSL 3: 0x2f, TLS 1.0: 0x2f
POODLE (SSLv3) Vulnerable INSECURE
POODLE (TLS) No
Downgrade attack prevention Yes, TLS_FALLBACK_SCSV supported
TLS compression No
RC4 Yes WEAK
Heartbeat (extension) No
Heartbleed (vulnerability) No
OpenSSL CCS vuln. (CVE-2014-0224) No
Forward Secrecy No WEAK
Next Protocol Negotiation (NPN) No
Session resumption (caching) Yes
Session resumption (tickets) Yes
OCSP stapling No
Strict Transport Security (HSTS) No
Public Key Pinning (HPKP) No
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance TLS 2.98
SSL 2 handshake compatibility Yes