Skip to content
fast, API-first TLS scanning
A+

github.com

245ms · cached · 4h ago ↻ rescan

Certificate

subjectgithub.com
issuerSectigo Public Server Authentication CA DV E36 · Sectigo Limited · GB
sansgithub.com, www.github.com
keyECDSA 256
seriale7cecc3b13fb3b7b8a46ea8cd0aeb71c
valid from2026-05-05
expires2026-08-02 (46 days)
chain3 certs · valid
ocsp stapling✗ missing
scts✗ none

Chain

leafgithub.com
issuerSectigo Public Server Authentication CA DV E36
keyECDSA 256 · ECDSA-SHA256
expires2026-08-02 (46d)
intermediate 1Sectigo Public Server Authentication CA DV E36
issuerSectigo Public Server Authentication Root E46
keyECDSA 256 · ECDSA-SHA384
expires2036-03-21 (3565d)
rootSectigo Public Server Authentication Root E46
issuerUSERTrust ECC Certification Authority
keyECDSA 384 · ECDSA-SHA384
expires2038-01-18 (4233d)

Protocol

tls 1.3✓ supported
tls 1.2✓ supported
tls 1.1✗ disabled
tls 1.0✗ disabled
key exchangeECDHE (TLS 1.3)
forward secrecy✓ yes

Cipher Suites

total16 suites
strong7
acceptable4
weak5
TLS 1.3
AES-128-GCM-SHA256
TLS 1.2
ECDHE-ECDSA AES-256-CBC-SHAECDHE-RSA AES-256-CBC-SHAECDHE-ECDSA AES-128-GCM-SHA256ECDHE-ECDSA AES-256-GCM-SHA384ECDHE-RSA AES-128-GCM-SHA256ECDHE-RSA AES-256-GCM-SHA384ECDHE-RSA CHACHA20-POLY1305-SHA256ECDHE-ECDSA CHACHA20-POLY1305-SHA256RSA AES-128-CBC-SHARSA AES-256-CBC-SHARSA AES-128-CBC-SHA256RSA AES-128-GCM-SHA256RSA AES-256-GCM-SHA384ECDHE-ECDSA AES-128-CBC-SHA256ECDHE-RSA AES-128-CBC-SHA256

Transport

hsts✓ max-age=31536000
includeSubDomains
preload directive
preload list✓ listed
http/2✓ supported
http/3

DNS Security

dnssec✗ unsigned
caaissue digicert.com, issue globalsign.com, issue letsencrypt.org, issue sectigo.com, issuewild digicert.com, issuewild letsencrypt.org, issuewild sectigo.com
dane / tlsa

Compliance

PCI DSS 4.0✗ 1 issue: Weak/insecure ciphers: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256 +2 more
NIST 800-52r2✗ 1 issue: Weak/insecure ciphers: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256 +2 more
HIPAA✗ 1 issue: Insecure ciphers: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256 +2 more
transport-layer checks only
can search engines find github.com? check on yoke.lol →
API usage