ImmuniWeb® Community Edition | SSL Security Test

Summary of chamadoshomol.casaavenida.com.br:443
(HTTPS) SSL Security Test
Provided "as is" without any warranty of any kind.

casaavenida.com.br was tested 3 times during the last 12 months.

Your final score:

A+
Date/Time: Jul 29th, 2024 22:26:37 GMT+0 B
Source IP/Port: 191.234.213.165:443
C
Type: HTTPS

Compliance Compliance Compliance Industry

Test Test Test Best Practices

COMPLIANT NO MAJOR ISSUES FOUND NO MAJOR ISSUES FOUND NO ISSUES FOUND

External
Content Security

NOT FOUND

The server supports the most recent and secure TLS protocol version of TLS 1.3. Good configuration

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 1 / 12
ImmuniWeb® Community Edition | SSL Security Test

Meet Regulatory and Compliance Requirements

Looking for a comprehensive security audit and compliance-ready report? You are at the right place.

Attack Surface Web Security Cybersecurity

Management Scanning Compliance

Trusted by 1,000+ customers 50+ international awards and

from over 50 countries industry recognitions

FREE DEMO

Because prevention is better

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 2 / 12
ImmuniWeb® Community Edition | SSL Security Test

SSL Certificate Analysis

RSA CERTIFICATE INFORMATION

Issuer R10
Trusted Yes
Common Name chamadoshomol.casaavenida.com.br
Key Type/Size RSA 4096 bits
Serial Number 0x04273966A4E6E19A5172EF2D79BD6F30D9D7
Signature Algorithm sha256WithRSAEncryption
Subject Alternative DNS:chamadoshomol.casaavenida.com.br
Names
Transparency Yes
Validation Level DV
CRL No
OCSP http://r10.o.lencr.org
OCSP Must-Staple No
Supports OCSP No
Stapling
Valid From July 18, 2024 16:27 CET
Valid To October 16, 2024 16:27 CET

CERTIFICATE CHAIN

📄 Root CA ISRG Root X1 📄 Intermediate CA R10

Type/Size RSA 4096 bits Type/Size RSA 2048 bits
Serial 0x8210CFB0D240E3594463E0BB63828B00 Serial 10056608043685912749318955786132399457
Number Number
Signature sha256WithRSAEncryption Signature sha256WithRSAEncryption

SHA256 96bcec06264976f374… SHA256 9d7c3f1aa6ad2b2ec0…

8ffcee05c0bddf08c6 37bb974b1f2fb603f3
PIN C5+lpZ7tcVwmwQIMcR… PIN K7rZOrXHknnsEhUH8n…
ABXhQzejna0wHFr8M= quUuIvOIr6tCa0rbo=
Expires in 3,962 days Expires in 956 days

Comment Self-signed Comment -

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 3 / 12
ImmuniWeb® Community Edition | SSL Security Test

📄 Server chamadoshomol.casaavenida.com.br
certificate
Type/Size RSA 4096 bits
Serial 0x04273966A4E6E19A5172EF2D79BD6F30D9D7
Number
Signature sha256WithRSAEncryption
SHA256 c2ec9b90e6ccd15ffa…
81b616d612efaa5727
PIN Na74iWt5whMq2vGuZW…
rxf3yr8mGKIjsLjEU=
Expires in 79 days

Comment -

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 4 / 12
ImmuniWeb® Community Edition | SSL Security Test

PCI DSS Compliance Test

Reference: PCI DSS 4.0, Requirement 4.2

CERTIFICATES ARE TRUSTED

All the certificates provided by the server are trusted. Good configuration

SUPPORTED CIPHERS

List of all cipher suites supported by the server:

TLSV1.3

TLS_CHACHA20_POLY1305_SHA256 Good configuration

TLS_AES_128_GCM_SHA256 Good configuration

TLS_AES_256_GCM_SHA384 Good configuration

TLSV1.2

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Good configuration

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration

SUPPORTED PROTOCOLS

List of all SSL/TLS protocols supported by the server:

TLSv1.2 Good configuration

TLSv1.3 Good configuration

SUPPORTED ELLIPTIC CURVES

List of all elliptic curves supported by the server:

P-384 (secp384r1) (384 bits) Good configuration

P-521 (secp521r1) (521 bits) Good configuration

P-256 (prime256v1) (256 bits) Good configuration

X25519 (253 bits) Good configuration

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 5 / 12
ImmuniWeb® Community Edition | SSL Security Test

POODLE OVER TLS

The server is not vulnerable to POODLE over TLS. Not vulnerable

GOLDENDOODLE

The server is not vulnerable to GOLDENDOODLE. Not vulnerable

ZOMBIE POODLE

The server is not vulnerable to Zombie POODLE. Not vulnerable

SLEEPING POODLE

The server is not vulnerable to Sleeping POODLE. Not vulnerable

0-LENGTH OPENSSL

The server is not vulnerable 0-Length OpenSSL. Not vulnerable

CVE-2016-2107

The server is not vulnerable to CVE-2016-2107. Not vulnerable

SERVER DOES NOT SUPPORT CLIENT-INITIATED INSECURE RENEGOTIATION

The server does not support client-initiated insecure renegotiation. Good configuration

ROBOT

The server is not vulnerable to ROBOT vulnerability. Not vulnerable

HEARTBLEED

The server version of OpenSSL is not vulnerable to Heartbleed attack. Not vulnerable

CVE-2014-0224

The server is not vulnerable to CCS Injection. Not vulnerable

CVE-2021-3449

The server is not vulnerable to CVE-2021-3449 (OpenSSL Maliciously Crafted

Not vulnerable
Renegotiation Vulnerability).

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 6 / 12
ImmuniWeb® Community Edition | SSL Security Test

HIPAA and NIST Compliance Test

Reference: HIPAA, Security Rule (Ref. NIST SP 800-52: “Guidelines for the Selection and Use of TLS
Implementations”)

X.509 CERTIFICATES ARE IN VERSION 3

All the X509 certificates provided by the server are in version 3. Good configuration

SERVER DOES NOT SUPPORT OCSP STAPLING

The server is not configured to support OCSP stapling for its RSA certificate that allows
Non-compliant with
better verification of the certificate validation status. Reconfigure or upgrade your web
NIST guidelines
server to enable OCSP stapling.

SUPPORTED CIPHERS

List of all cipher suites supported by the server:

TLSV1.3

TLS_CHACHA20_POLY1305_SHA256 Good configuration

TLS_AES_128_GCM_SHA256 Good configuration

TLS_AES_256_GCM_SHA384 Good configuration

TLSV1.2

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Good configuration

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration

SUPPORTED PROTOCOLS

List of all SSL/TLS protocols supported by the server:

TLSv1.2 Good configuration

TLSv1.3 Good configuration

SUPPORTED ELLIPTIC CURVES

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 7 / 12
ImmuniWeb® Community Edition | SSL Security Test

List of all elliptic curves supported by the server:

P-384 (secp384r1) (384 bits) Good configuration

P-521 (secp521r1) (521 bits) Good configuration

P-256 (prime256v1) (256 bits) Good configuration

X25519 (253 bits) Good configuration

SERVER DOES NOT SUPPORT SERVER NAME INDICATION

The server does not support Server Name Indication (SNI) extension for TLS versions
≤1.3. SNI allows a user to specify the domain name it's trying to connect to, and prevents
Information
common name mismatch errors, when a server hosts several domains with different SSL
certificates.

EC_POINT_FORMAT EXTENSION

The server supports the EC_POINT_FORMAT TLS extension. Good configuration

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 8 / 12
ImmuniWeb® Community Edition | SSL Security Test

Industry Best Practices Test

DNSCAA

This domain does not have a Certification Authority Authorization (CAA) record. Information

CERTIFICATES HAVE A VALIDITY PERIOD OF 398 DAYS OR LESS

All the server certificates provided have been validated for less than 398 days (13
Good configuration
months).

CERTIFICATES DO NOT PROVIDE EV

The RSA certificate provided is NOT an Extended Validation (EV) certificate. Information

TLS 1.3 SUPPORTED

The server supports TLS 1.3 which is the only version of TLS that currently has no known
Good configuration
flaws or exploitable weaknesses.

TLS 1.3 EARLY DATA (0-RTT)

Server's TLS 1.3 Early Data (RFC 8446, page 17) is not enabled. Information

SERVER HAS CIPHER PREFERENCE

The server enforces cipher suites preference. Good configuration

SERVER PREFERRED CIPHER SUITES

Preferred cipher suite for each protocol supported (except SSLv2). Expected configuration are ciphers allowed by PCI
DSS and enabling PFS:

TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Good configuration

TLSv1.3 TLS_AES_128_GCM_SHA256 Good configuration

SERVER PREFERS CIPHER SUITES PROVIDING PFS

For TLS family of protocols, the server prefers cipher suite(s) providing Perfect Forward
Good configuration
Secrecy (PFS).

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 9 / 12
ImmuniWeb® Community Edition | SSL Security Test

ALWAYS-ON SSL

The HTTP version of the website redirects to the HTTPS version. Good configuration

SERVER PROVIDES HSTS WITH LONG DURATION

The server provides HTTP Strict Transport Security for more than 6 months: 31536000
Good configuration
seconds

HSTS PRELOAD

This domain does not support HSTS Preload, which means it may not enforce HTTPS
connections strictly and could be more vulnerable to security threats like protocol Information
downgrade attacks.

TLS_FALLBACK_SCSV

The server supports TLS_FALLBACK_SCSV extension for protocol downgrade attack

Good configuration
prevention.

SERVER DOES NOT SUPPORT CLIENT-INITIATED SECURE RENEGOTIATION

The server does not support client-initiated secure renegotiation. Good configuration

SERVER-INITIATED SECURE RENEGOTIATION

The server supports secure server-initiated renegotiation. Good configuration

SERVER DOES NOT SUPPORT TLS COMPRESSION

TLS compression is not supported by the server. Good configuration

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 10 / 12
ImmuniWeb® Community Edition | SSL Security Test

External Content Privacy and Security Analysis

No external content found on tested page. Information

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 11 / 12
ImmuniWeb® Community Edition | SSL Security Test

Meet Regulatory and Compliance Requirements

Looking for a comprehensive security audit and compliance-ready report? You are at the right place.

Attack Surface Web Security Cybersecurity

Management Scanning Compliance

Trusted by 1,000+ customers 50+ international awards and

from over 50 countries industry recognitions

FREE DEMO

Because prevention is better

The End of Report

Upgrade from Free Community Edition to ImmuniWeb® AI Platform

Full Test Results: https://www.immuniweb.com/ssl/chamadoshomol.casaavenida.com.br/bDoTMy7U/

This document is intellectual property of ImmuniWeb SA and must never be used for any commercial purposes without
express written permission. Please report any violations to [email protected]
Copyright © 2024 ImmuniWeb SA 12 / 12