Secure Client-Initiated Renegotiation not vulnerable (OK)
Renegotiation (CVE 2009-3555) not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) =HTTP Compression no HTTP compression (OK) (only "/flags.html" tested)
POODLE, SSL (CVE-2014-3566), experimental not vulnerable (OK)
FREAK (CVE-2015-0204), experimental not vulnerable (OK)
BEAST (CVE-2011-3389) no CBC ciphers for TLS1 (OK)
--> Checking RC4 Ciphers
no RC4 ciphers detected (OK)
--> Testing (Perfect) Forward Secrecy (P)FS) -- omitting 3DES, RC4 and Null Encryption here
OK: PFS is offered. Client/browser support is important here. Offered PFS server ciphers follow...
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits
-------------------------------------------------------------------------
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH AESGCM 256
x9f DHE-RSA-AES256-GCM-SHA384 DH AESGCM 256
x6b DHE-RSA-AES256-SHA256 DH AES 256
x39 DHE-RSA-AES256-SHA DH AES 256
xcc13 ECDHE-RSA-CHACHA20-POLY1305 ECDH ChaCha20 256
xc014 ECDHE-RSA-AES256-SHA ECDH AES 256
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH AESGCM 128
xc027 ECDHE-RSA-AES128-SHA256 ECDH AES 128
x9e DHE-RSA-AES128-GCM-SHA256 DH AESGCM 128
x67 DHE-RSA-AES128-SHA256 DH AES 128
x33 DHE-RSA-AES128-SHA DH AES 128
xc013 ECDHE-RSA-AES128-SHA ECDH AES 128
cipherscan shows all 3 Nginx SPDY/3.1, OLS 1.4.6 and h2o with same preferences though
##############
Nginx SPDY/3.1
....................
prio ciphersuite protocols pubkey_size signature_algorithm trusted ticket_hint ocsp_staple pfs_keysize
1 ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
3 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
4 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
5 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
6 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
7 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
8 ECDHE-RSA-AES256-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True None True ECDH,P-256,256bits
9 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
10 DHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
11 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
12 DHE-RSA-AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
13 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
14 AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
15 AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
16 AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
17 AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
18 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
19 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
OCSP stapling: supported
Server side cipher ordering
##############
h2o HTTP/2
....................
prio ciphersuite protocols pubkey_size signature_algorithm trusted ticket_hint ocsp_staple pfs_keysize
1 ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
3 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
4 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,4096bits
5 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,4096bits
6 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
7 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
8 ECDHE-RSA-AES256-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True None True ECDH,P-256,256bits
9 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
10 DHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,4096bits
11 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,4096bits
12 DHE-RSA-AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,4096bits
13 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,4096bits
14 AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
15 AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
16 AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
17 AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
18 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True
19 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True
OCSP stapling: supported
Server side cipher ordering
##############
OLS 1.4.6
....................
prio ciphersuite protocols pubkey_size signature_algorithm trusted ticket_hint ocsp_staple pfs_keysize
1 ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
3 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
4 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
5 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
6 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
7 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
8 ECDHE-RSA-AES256-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True None True ECDH,P-256,256bits
9 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
10 DHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
11 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
12 DHE-RSA-AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
13 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
14 AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
15 AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
16 AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
17 AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
18 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True
19 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True
OCSP stapling: supported
Server side cipher ordering