← Back to Assessments

api.cellcrypt.io

TLS Security Assessment Details

Compare Scans Download PDF
80
ADEQUATE

[ cyphers ] score

TLS Validated by [ cyphers ] scout
FEB 2026

Harden your TLS Now

This endpoint has 2 findings that can be resolved (+20 pts). Choose how you want to proceed.

This is my server Get a free TLS certificate, generate a hardened server config, and verify your score improvement. Launch Remediation Wizard
I'm connecting to it Use a Cyphers proxy or SDK integration to connect safely with enforced TLS best practices on your side. View Safe Connection Tools

Connect Safely via Cyphers Proxy

[cyphers] Endpoint Tools allow you to connect safely to a server even though it will allow for insecure connections. Your connection will be secure regardless of the server's security posture.

N8N Cyphers Node
Drop-in workflow node. Routes HTTP requests through Cyphers proxy with enforced TLS 1.2+ and certificate pinning.
Install Node
Claude Proxy MCP
MCP server for Claude Code / Claude Desktop. Proxies all tool-initiated HTTP calls through a TLS-validated tunnel.
Configure MCP
OpenAI SDK Toolkit
Python / TypeScript wrapper. Patches the OpenAI SDK transport layer to enforce strict TLS validation on every API call.
View SDK Docs

These proxies don't modify the remote server — they enforce TLS best practices on your side of the connection. Traffic is routed through the Cyphers proxy network which negotiates the strongest available cipher suite and rejects connections that fall below your configured threshold.

Certificate

Subject api.cellcrypt.io
Issuer R12
Valid From 27/01/2026
Valid Until 27/04/2026
Days Remaining 67
Key RSA 2048-bit
OCSP Stapling No
SCT No

Compliance Status

PCI-DSS 4.2.1
1 failure(s)
NDcPP FCS_TLS_EXT.1
Passed
HIPAA
Passed

Supported Cipher Suites

13 ciphers across 2 protocols — 5 insecure
TLS1.3 3 ciphers
TLS_AES_128_GCM_SHA256 STRONG
TLS_AES_256_GCM_SHA384 STRONG
TLS_CHACHA20_POLY1305_SHA256 STRONG
TLS1.2 10 ciphers 5 insecure
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ACCEPTABLE
TLS_RSA_WITH_AES_128_GCM_SHA256 INSECURE
TLS_RSA_WITH_AES_256_GCM_SHA384 INSECURE
TLS_RSA_WITH_AES_128_CBC_SHA INSECURE
TLS_RSA_WITH_AES_256_CBC_SHA INSECURE
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ACCEPTABLE
TLS_RSA_WITH_AES_128_CBC_SHA256 INSECURE

Protocols

2 of 4 supported
TLS 1.0 Disabled
TLS 1.1 Disabled
TLS 1.2 Enabled OK
TLS 1.3 Enabled GOOD

Findings

0 Critical
0 Major
1 Minor
4 Info
Headers
HSTS MINOR
-10 pts
HTTP Strict Transport Security (HSTS) header is not set
PCI-DSS 2.2.7
Observed: Strict-Transport-Security header missing
Expected: HSTS header with max-age >= 31536000
Remediation: Add HSTS header. For nginx: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
References: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
WHY THIS MATTERS
First-time visitors can be intercepted via man-in-the-middle attacks. Critical for authentication endpoints where credentials are transmitted.
Loading fix...
Protocol
TLS 1.3 Support INFO
TLS 1.3 is supported
Certificate
Certificate Validity INFO
Certificate is valid for 67 more days
! OCSP Stapling INFO
-5 pts
OCSP stapling is not enabled
Observed: No OCSP response in TLS handshake
Expected: OCSP stapling enabled for faster revocation checks
Remediation: Enable OCSP stapling. For nginx: ssl_stapling on; ssl_stapling_verify on;
References: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
WHY THIS MATTERS
Performance optimization that reduces latency for certificate revocation checks. Not a security vulnerability, but improves user experience.
Loading fix...
Certificate Transparency (SCT) INFO
-5 pts
No Signed Certificate Timestamps (SCT) found
Observed: No SCT in TLS handshake or certificate
Expected: SCT present for Certificate Transparency compliance
Remediation: Use a CA that supports Certificate Transparency. Most modern CAs include SCTs by default.
References: https://certificate.transparency.dev/
Loading fix...
Risk Summary

This endpoint has 2 findings that affect connection security. When connecting to api.cellcrypt.io, these risks apply to your client:

  • OCSP Stapling (-5 pts)
  • HSTS (-10 pts)
Recommended Profile

Based on the current score (80), we recommend the Adequate hardening profile for your client-side tools:

Adequate
Development and testing environments
TLS 1.2+ • Compatible ciphers • No revocation check
Get Config View Tools

Score History

Scan History

Scan ID Score Tier Findings Time
sc_a7168e00-2ab 80/100 Adequate 5 2/18/2026, 6:54:39 PM
sc_f97cd26d-5fc 80/100 Adequate 5 2/17/2026, 11:45:57 AM