This appendix lists the fields present in the response of the List Endpoints API, along with a description.
Field |
Description |
---|---|
vulnBeast |
True if the endpoint is vulnerable to the BEAST attack |
renegSupport |
Integer value to describe the endpoint support for renegotiation
|
compressionMethods |
Integer value to describe supported compression methods bit 0 is set for DEFLATE |
supportsRc4 |
True if the server supports at least one RC4 suite |
rc4WithModern |
True if RC4 is used with modern clients |
rc4Only |
True if only RC4 suites are supported |
forwardSecrecy |
Integer value to describe support for Forward Secrecy
|
supportsAead |
True if the server supports at least one AEAD suite |
protocolIntolerance |
Integer value to indicate protocol version intolerance issues:
|
heartbleed |
True if the server is vulnerable to the Heartbleed attack |
heartbeat |
True if the server supports the Heartbeat extension |
openSslCcs |
Indicates result of the CVE-2014-0224 test:
|
openSSLLuckyMinus20 |
Indicates result of the CVE-2016-2107 test:
|
ticketbleed |
Indicates result of the ticketbleed CVE-2016-9244 test:
|
bleichenbacher |
Indicates result of the Return Of Bleichenbacher's Oracle Threat (ROBOT) test:
|
poodle |
True if the endpoint is vulnerable to POODLE; false otherwise |
poodleTls |
Indicates result of the POODLE TLS test:
|
fallbackScsv |
True if the server supports TLS_FALLBACK_SCSV, false if it doesn't. This field will not be available if the server's support for TLS_FALLBACK_SCSV can not be tested because it supports only one protocol version (e.g., only TLS 1.2). |
freak |
True if the server is vulnerable to the FREAK attack, meaning it supports 512-bit key exchange. |
hasSct |
Indicates information about the availability of certificate transparency information (embedded SCTs):
|
logjam |
True if the server uses DH parameters weaker than 1024 bits |
drownVulnerable |
True if server vulnerable to the DROWN attack |
zombiePoodle |
Indicates result of the Zombie POODLE test:
|
goldenDoodle |
Indicates result of the GOLDENDOODLE test:
|
supportsCBC |
True if the server supports at least one CBC suite |
zeroLengthPaddingOracle |
Indicates result of the 0-Length Padding Oracle (CVE-2019-1559) test:
|
sleepingPoodle |
Indicates result of the Sleeping POODLE test:
|