Web Server Security Report
This report allows you to check the session security features and settings for your browser as seen by the server.Web Server Security Report (HTTPS - Using SSL)
Web Server Security Report (HTTP - Without SSL)
Server Security Report Fields
The report is based on what the Web server knows about the connection between your browser and the server. There are three tables in the report: Security, SSL, and Certificates, Browser Information, Server Information. Note that the security table will not be generated for non-secure connections initiated directly to the report generator URL with HTTP rather than HTTPS. Also not all fields are reported by every site.
| Security Report Field | Explanation | ||||||||||||||||||||
| Session Key Size | session key or session key/maximum
key The session key is the encryption or cipher strength of the web session expressed as the number of secret bits in the cipher key. In general, 40-bits here is weak encryption strength and 128-bits or more is strong. The actual encryption strength varies with the cipher method and how the cipher is used. Each web session uses a different, randomly generated session key so long term exposure is reduced, however the session packets can be collected and worked on later at the cracker's leisure. |
||||||||||||||||||||
| Session Key Size | maximum key The session maximum key size may be larger than the session key size above but only the size above is secret and therefore useful as a measure of security strength. |
||||||||||||||||||||
| Session SSL Protocol | Secure Socket Layers (SSL) is the security protocol used by your browser and the web server *. The current SSL version is 3. Prior versions, such as version 2, had weaknesses to certain types of crytoanalytical attack that were corrected in version 3. If the report shows your browser is using an earlier version, then you should upgrade your browser or check that SSL version 3 is enabled in your settings. | ||||||||||||||||||||
| Session Encryption | This is the name of the algorithm used with the session key for encryption for the session exchanges. ** | ||||||||||||||||||||
| Client Certificate | Normally blank or "NONE" because the server did not ask for your personal certificate. Personal certificates are a means of Internet authentication of individuals. | ||||||||||||||||||||
| Server Certificate | This lists the certified data contained in the authentication certificate received from the server. Your web browser will check the Common Name (CN) to be sure that it is the same as the host name in the URL. It is not a good idea to accept and rely on a certificate whose Common Name does not match the name in the URL. For example "/C=US/ST=California/L=Berkeley/O=University of California Berkeley/OU=Workstation Software Support Group/CN=software.berkeley.edu". | ||||||||||||||||||||
| Server Certificate Authority | The server certificate above is vouched for and cryptographically signed by a Certificate Authority (CA). This field shows the CA that signed the server certificate. Your web browser will use the CA's certificate, which is stored in your browser, to validate the public key used to sign the server certificate. For example "/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority". | ||||||||||||||||||||
| Server Certificate Effective Start/End | All certificates have a validity start and end date. Your browser will warn you if the server certificate it received is out-of-date. It is not a good idea to accept an out-of-date certificate. | ||||||||||||||||||||
| Server Certificate Version | I do not know what this is (yet). | ||||||||||||||||||||
| Server Certificate S/N | The Certificate Authority that generated and signed the server certificate assigns a unique serial number to each certificate. | ||||||||||||||||||||
| Server Key Size | This is the size of the public key used by the Certificate Authority to sign the server certificate. 1024-bits here is strong encryption strength. 512-bits here is moderate strength. | ||||||||||||||||||||
| Server Key Algorithm | This is the name of the algorithm used with the server key for encryption. ** | ||||||||||||||||||||
| Server Certificate Signature | This is the name of the algorithm used by the Certificate Authority to sign the server certificate. ** | ||||||||||||||||||||
| Server SSL Software Version | If present, this field gives the version of the SSLeay software use to support SSL operations on the web server. | ||||||||||||||||||||
| * | Internet Security Protocols:
|
||||||||||||||||||||
| ** | Cryptographic Standards:
|
| Browser Report Field | Explanation |
| Browser Type | This is the User Agent information supplied by your browser. "Mozilla/n.nn" is Netscape Navigator version "n.nn". "Mozilla/n.nn (compatible;MSIE m.mm ..." is Microsoft Internet Explorer version "m.mm" compatible with "Mozilla/n.nn". |
| Browser Host | This is the Domain Name Service name(DNS) or IP address for your browser's host. |
| Browser Address:Port | This is the IP address and TCP port number used by your browser for this session. |
| Browser Accepted Types | This is a list of MIME types that your browser says it can accept. This list seems to change at odd times in various browsers. |
| Browser Accepted Encodings | This is a list of encoding types that your browser can handle. |
| Browser Accepted Language | This is a list of languages that your browser can handle. This is usually "en-us" for US English. |
| Browser Referer | This is the URL for the web page that linked your browser to the current web page, if supplied by your browser. |
| Browser Cookie Sent | This is any "cookie" sent by your browser when requesting the report page. This should be blank because the Security Check Report page does does request "cookies". "Cookies" are little pieces of data that can be saved in your browser by the server. |
| Browser Request Method | This the method of access requested by the browser and is usually "GET". |
| Browser Request URI | This is the URL that your browser used to request the Security Check Report. |
| Server Report Field | Explanation |
| Server Type | This is the name and version of the web server software that delivered this report. |
| Server Host Name | This is the server host name. |
| Server Address:Port | This is the IP address and TCP port number used by the server for this session. |
| Server Protocol | HyperText Transport Protocol (HTTP) is the protocol used by web browsers and servers to exchange data. The current versions are 1.0 and 1.1. |
| Server CGI Interface | Common Gateway Interface (CGI) is a software interface between the web server and scripts, programs, or add-ons that are used to provide additional web function, such as this report. This field reports the version used. |
| Server Connection | Connections between the web browser and server are made with TCP connections over IP. To enhance performance the connection can be kept open and reused rather that opened and closed for each operation. This is known as "Keep-Alive". |
| Server Administrator | This is usually the email address of the server system administrator or the Web Master. |
About the SAFE Download Service
Software download secured by
VeriSign
Security Level
QuickLinks to WSS: CalAgenda • Cal WebDisk • Computer Labs • Computer Repair • Computer Store • Computer Training • Connecting@Berkeley • Departmental Support (DOCS) • Getting Help • Software Distribution • Student Consulting • UCLink • WSSG Software
Copyright and disclaimer notice
Send comments.
WSS is a unit of Information Systems & Technology (IS&T), UC Berkeley
URL: /about/ServerSecurityReport.html , page modified: Wednesday, 11-Jun-2003 12:54:55 PDT