TLS Deep Scan
Full chain validation, OCSP stapling, SCT count, and per-TLS-version cipher matrix.
Rate-limited to 5 scans/min per IP. Results cached for 5 min per (host, port, SNI, options).
State: …
Elapsed: 0.0 s
(cached, 0 s ago)
Target: ():
— SNI:
Chain trusted (Mozilla store): pending…
Hostname matches: pending…
OCSP stapled: pending…
Embedded SCTs: pending… — Certificate Transparency
Origin is on an old TLS stack (TLS 1.2 only)
negotiated TLS 1.2 and refuses TLS 1.3. The cert chain itself can still be valid — this is a handshake-layer issue, not a verification one. Typical fingerprint: older Apache / IIS / Nginx with a modern Let's Encrypt cert grafted on, or a stale load-balancer config. Modern Chrome (124+) sends a TLS 1.3 ClientHello with a post-quantum key share (~1.5 KB); older servers often mishandle that and surface as ERR_SSL_PROTOCOL_ERROR. The fix is to upgrade the origin (or fronting LB) to support TLS 1.3.
Protocols & accepted ciphers
| Version | Supported | Ciphers |
|---|