← Back to Assessments

mcafee.com

TLS Security Assessment Details

Compare Scans Download PDF
70
ADEQUATE

[ cyphers ] score

TLS Validated by [ cyphers ] scout
FEB 2026

Harden your TLS Now

This endpoint has 3 findings that can be resolved (+30 pts). Choose how you want to proceed.

This is my server Get a free TLS certificate, generate a hardened server config, and verify your score improvement. Launch Remediation Wizard
I'm connecting to it Use a Cyphers proxy or SDK integration to connect safely with enforced TLS best practices on your side. View Safe Connection Tools

Connect Safely via Cyphers Proxy

[cyphers] Endpoint Tools allow you to connect safely to a server even though it will allow for insecure connections. Your connection will be secure regardless of the server's security posture.

N8N Cyphers Node
Drop-in workflow node. Routes HTTP requests through Cyphers proxy with enforced TLS 1.2+ and certificate pinning.
Install Node
Claude Proxy MCP
MCP server for Claude Code / Claude Desktop. Proxies all tool-initiated HTTP calls through a TLS-validated tunnel.
Configure MCP
OpenAI SDK Toolkit
Python / TypeScript wrapper. Patches the OpenAI SDK transport layer to enforce strict TLS validation on every API call.
View SDK Docs

These proxies don't modify the remote server — they enforce TLS best practices on your side of the connection. Traffic is routed through the Cyphers proxy network which negotiates the strongest available cipher suite and rejects connections that fall below your configured threshold.

Certificate

Subject platformoriginsplat4.mcafee.com
Issuer McAfee RSA Organization Validation Secure Server CA 3
Valid From 06/11/2025
Valid Until 06/11/2026
Days Remaining 267
Key RSA 2048-bit
OCSP Stapling No
SCT No

Compliance Status

PCI-DSS 4.2.1
1 failure(s)
NDcPP FCS_TLS_EXT.1
Passed
HIPAA
Passed

Supported Cipher Suites

5 ciphers across 1 protocol
TLS1.2 5 ciphers
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ACCEPTABLE

Protocols

1 of 4 supported
TLS 1.0 Disabled
TLS 1.1 Disabled
TLS 1.2 Enabled OK
TLS 1.3 Disabled

Findings

0 Critical
0 Major
1 Minor
4 Info
Headers
HSTS MINOR
-10 pts
HTTP Strict Transport Security (HSTS) header is not set
PCI-DSS 2.2.7
Observed: Strict-Transport-Security header missing
Expected: HSTS header with max-age >= 31536000
Remediation: Add HSTS header. For nginx: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
References: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
WHY THIS MATTERS
First-time visitors can be intercepted via man-in-the-middle attacks. Critical for authentication endpoints where credentials are transmitted.
Loading fix...
Protocol
! TLS 1.3 Support INFO
-10 pts
TLS 1.3 is not supported
Observed: TLS 1.3 connection failed
Expected: TLS 1.3 supported for optimal security
Remediation: Enable TLS 1.3 in server configuration. For nginx: ssl_protocols TLSv1.2 TLSv1.3;
References: https://wiki.mozilla.org/Security/Server_Side_TLS
WHY THIS MATTERS
Best practice for performance and security, but TLS 1.2 remains secure. Not an immediate security risk.
Loading fix...
Certificate
Certificate Validity INFO
Certificate is valid for 267 more days
! OCSP Stapling INFO
-5 pts
OCSP stapling is not enabled
Observed: No OCSP response in TLS handshake
Expected: OCSP stapling enabled for faster revocation checks
Remediation: Enable OCSP stapling. For nginx: ssl_stapling on; ssl_stapling_verify on;
References: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
WHY THIS MATTERS
Performance optimization that reduces latency for certificate revocation checks. Not a security vulnerability, but improves user experience.
Loading fix...
Certificate Transparency (SCT) INFO
-5 pts
No Signed Certificate Timestamps (SCT) found
Observed: No SCT in TLS handshake or certificate
Expected: SCT present for Certificate Transparency compliance
Remediation: Use a CA that supports Certificate Transparency. Most modern CAs include SCTs by default.
References: https://certificate.transparency.dev/
Loading fix...
Risk Summary

This endpoint has 3 findings that affect connection security. When connecting to mcafee.com, these risks apply to your client:

  • TLS 1.3 Support (-10 pts)
  • OCSP Stapling (-5 pts)
  • HSTS (-10 pts)
Recommended Profile

Based on the current score (70), we recommend the Adequate hardening profile for your client-side tools:

Adequate
Development and testing environments
TLS 1.2+ • Compatible ciphers • No revocation check
Get Config View Tools

Score History

Scan History

Scan ID Score Tier Findings Time
sc_e94d0dabe1e9 70/100 Adequate 0 2/12/2026, 3:33:01 AM
sc_f28b8c79b9c8 70/100 Adequate 0 2/12/2026, 3:30:08 AM