diff --git a/.github/workflow-fixtures/testssl-results/10.52.7.42_p443.csv b/.github/workflow-fixtures/testssl-results/10.52.7.42_p443.csv
new file mode 100644
index 0000000..de84238
--- /dev/null
+++ b/.github/workflow-fixtures/testssl-results/10.52.7.42_p443.csv
@@ -0,0 +1,112 @@
+"id","fqdn/ip","port","severity","finding","cve","cwe"
+"service","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","HTTP","",""
+"pre_128cipher","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","No 128 cipher limit bug","",""
+"SSLv2","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not offered","",""
+"SSLv3","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not offered","",""
+"TLS1","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","not offered","",""
+"TLS1_1","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","not offered","",""
+"TLS1_2","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","offered","",""
+"TLS1_3","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","offered with final","",""
+"NPN","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","not offered","",""
+"ALPN_HTTP2","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","h2","",""
+"ALPN","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","http/1.1","",""
+"GREASE","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","No bugs found.","",""
+"cipherlist_NULL","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not offered","","CWE-327"
+"cipherlist_aNULL","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not offered","","CWE-327"
+"cipherlist_EXPORT","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not offered","","CWE-327"
+"cipherlist_LOW","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not offered","","CWE-327"
+"cipherlist_3DES_IDEA","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","not offered","","CWE-310"
+"cipherlist_OBSOLETED","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","offered","","CWE-310"
+"cipherlist_STRONG_NOFS","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","offered","",""
+"cipherlist_STRONG_FS","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","offered","",""
+"cipher_order-tls1_2","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","server -- server prioritizes ChaCha ciphers when preferred by clients","",""
+"cipher-tls1_2_xc02c","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","TLSv1.2   xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 253   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_xc030","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","TLSv1.2   xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 253   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_xcca9","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","TLSv1.2   xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_2_xcca8","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","TLSv1.2   xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_2_xc02b","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","TLSv1.2   xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 253   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_xc02f","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","TLSv1.2   xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 253   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_xc024","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   xc024   ECDHE-ECDSA-AES256-SHA384         ECDH 253   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","",""
+"cipher-tls1_2_xc028","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   xc028   ECDHE-RSA-AES256-SHA384           ECDH 253   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","",""
+"cipher-tls1_2_xc023","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   xc023   ECDHE-ECDSA-AES128-SHA256         ECDH 253   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_xc027","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   xc027   ECDHE-RSA-AES128-SHA256           ECDH 253   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_xc00a","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   xc00a   ECDHE-ECDSA-AES256-SHA            ECDH 253   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_xc014","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   xc014   ECDHE-RSA-AES256-SHA              ECDH 253   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_xc009","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   xc009   ECDHE-ECDSA-AES128-SHA            ECDH 253   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","",""
+"cipher-tls1_2_xc013","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   xc013   ECDHE-RSA-AES128-SHA              ECDH 253   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","",""
+"cipher-tls1_2_x9d","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","TLSv1.2   x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_x9c","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","TLSv1.2   x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_x3d","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256","",""
+"cipher-tls1_2_x3c","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_x35","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_x2f","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","TLSv1.2   x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA","",""
+"cipherorder_TLSv1_2","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA","",""
+"prioritize_chacha_TLSv1_2","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","true","",""
+"cipher_order-tls1_3","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","server -- server prioritizes ChaCha ciphers when preferred by clients","",""
+"cipher-tls1_3_x1302","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","TLSv1.3   x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384","",""
+"cipher-tls1_3_x1303","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","TLSv1.3   x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_3_x1301","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","TLSv1.3   x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256","",""
+"cipherorder_TLSv1_3","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256","",""
+"prioritize_chacha_TLSv1_3","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","true","",""
+"cipher_order","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","server","",""
+"FS","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","offered","",""
+"FS_ciphers","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA","",""
+"FS_KEMs","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","No KEMs offered","",""
+"FS_ECDHE_curves","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","prime256v1 secp384r1 secp521r1 X25519 X448","",""
+"DH_groups","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192","",""
+"FS_TLS12_sig_algs","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224 ECDSA+SHA256 ECDSA+SHA384 ECDSA+SHA512 ECDSA+SHA224","",""
+"FS_TLS13_sig_algs","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","ECDSA+SHA256 RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512","",""
+"heartbleed","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119"
+"CCS","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable","CVE-2014-0224","CWE-310"
+"ticketbleed","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable","CVE-2016-9244","CWE-200"
+"ROBOT","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable","CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168","CWE-203"
+"secure_renego","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","supported","","CWE-310"
+"secure_client_renego","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable, mitigated","CVE-2011-1473","CWE-310"
+"CRIME_TLS","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable","CVE-2012-4929","CWE-310"
+"BREACH","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable, no gzip/deflate/compress/br HTTP compression  - only supplied '/' tested","CVE-2013-3587","CWE-310"
+"POODLE_SSL","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable, no SSLv3","CVE-2014-3566","CWE-310"
+"fallback_SCSV","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","no protocol below TLS 1.2 offered","",""
+"SWEET32","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable","CVE-2016-2183 CVE-2016-6329","CWE-327"
+"FREAK","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable","CVE-2015-0204","CWE-310"
+"DROWN","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable on this host and port","CVE-2016-0800 CVE-2016-0703","CWE-310"
+"LOGJAM","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable, no DH EXPORT ciphers,","CVE-2015-4000","CWE-310"
+"LOGJAM-common_primes","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","no DH key with <= TLS 1.2","CVE-2015-4000","CWE-310"
+"BEAST","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable, no SSL3 or TLS1","CVE-2011-3389","CWE-20"
+"LUCKY13","dns.digitale-gesellschaft.ch/10.52.7.42","443","LOW","potentially vulnerable, uses obsolete TLS CBC ciphers","CVE-2013-0169","CWE-310"
+"winshock","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable","CVE-2014-6321","CWE-94"
+"RC4","dns.digitale-gesellschaft.ch/10.52.7.42","443","OK","not vulnerable","CVE-2013-2566 CVE-2015-2808","CWE-310"
+"clientsimulation-android_70","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-android_81","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-android_90","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_X","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_11_12","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_13_14","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_15","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-chrome_101_win10","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-chromium_137_win11","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-firefox_100_win10","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-firefox_137_win11","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-ie_8_win7","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","No connection","",""
+"clientsimulation-ie_11_win7","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_win81","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_winphone81","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_win10","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-edge_15_win10","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-edge_101_win10_21h2","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-edge_133_win11_23h2","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_184_ios_184","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_154_osx_1231","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_184_osx_154","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_7u25","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","No connection","",""
+"clientsimulation-java_80442","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_1102","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_1703","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_2106","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-go_1178","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-libressl_336","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_CHACHA20_POLY1305_SHA256","",""
+"clientsimulation-openssl_102e","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-openssl_111d","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-openssl_315","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-openssl_350","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-apple_mail_16_0","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-thunderbird_91_9","dns.digitale-gesellschaft.ch/10.52.7.42","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
diff --git a/.github/workflow-fixtures/testssl-results/10.52.7.42_p853.csv b/.github/workflow-fixtures/testssl-results/10.52.7.42_p853.csv
new file mode 100644
index 0000000..4c20812
--- /dev/null
+++ b/.github/workflow-fixtures/testssl-results/10.52.7.42_p853.csv
@@ -0,0 +1,110 @@
+"id","fqdn/ip","port","severity","finding","cve","cwe"
+"service","dns.digitale-gesellschaft.ch/10.52.7.42","853","DEBUG","Couldn't determine service, skipping all HTTP checks","",""
+"pre_128cipher","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","No 128 cipher limit bug","",""
+"SSLv2","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not offered","",""
+"SSLv3","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not offered","",""
+"TLS1","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","not offered","",""
+"TLS1_1","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","not offered","",""
+"TLS1_2","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","offered","",""
+"TLS1_3","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","offered with final","",""
+"NPN","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","not offered","",""
+"ALPN","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","not offered","",""
+"GREASE","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","No bugs found.","",""
+"cipherlist_NULL","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not offered","","CWE-327"
+"cipherlist_aNULL","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not offered","","CWE-327"
+"cipherlist_EXPORT","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not offered","","CWE-327"
+"cipherlist_LOW","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not offered","","CWE-327"
+"cipherlist_3DES_IDEA","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","not offered","","CWE-310"
+"cipherlist_OBSOLETED","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","offered","","CWE-310"
+"cipherlist_STRONG_NOFS","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","offered","",""
+"cipherlist_STRONG_FS","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","offered","",""
+"cipher_order-tls1_2","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","server -- server prioritizes ChaCha ciphers when preferred by clients","",""
+"cipher-tls1_2_xc02c","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","TLSv1.2   xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 253   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_xc030","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","TLSv1.2   xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 253   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_xcca9","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","TLSv1.2   xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_2_xcca8","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","TLSv1.2   xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_2_xc02b","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","TLSv1.2   xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 253   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_xc02f","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","TLSv1.2   xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 253   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_xc024","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   xc024   ECDHE-ECDSA-AES256-SHA384         ECDH 253   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","",""
+"cipher-tls1_2_xc028","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   xc028   ECDHE-RSA-AES256-SHA384           ECDH 253   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","",""
+"cipher-tls1_2_xc023","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   xc023   ECDHE-ECDSA-AES128-SHA256         ECDH 253   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_xc027","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   xc027   ECDHE-RSA-AES128-SHA256           ECDH 253   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_xc00a","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   xc00a   ECDHE-ECDSA-AES256-SHA            ECDH 253   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_xc014","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   xc014   ECDHE-RSA-AES256-SHA              ECDH 253   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_xc009","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   xc009   ECDHE-ECDSA-AES128-SHA            ECDH 253   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","",""
+"cipher-tls1_2_xc013","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   xc013   ECDHE-RSA-AES128-SHA              ECDH 253   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","",""
+"cipher-tls1_2_x9d","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","TLSv1.2   x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_x9c","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","TLSv1.2   x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_x3d","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256","",""
+"cipher-tls1_2_x3c","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_x35","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_x2f","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","TLSv1.2   x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA","",""
+"cipherorder_TLSv1_2","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA","",""
+"prioritize_chacha_TLSv1_2","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","true","",""
+"cipher_order-tls1_3","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","server -- server prioritizes ChaCha ciphers when preferred by clients","",""
+"cipher-tls1_3_x1302","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","TLSv1.3   x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384","",""
+"cipher-tls1_3_x1303","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","TLSv1.3   x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_3_x1301","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","TLSv1.3   x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256","",""
+"cipherorder_TLSv1_3","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256","",""
+"prioritize_chacha_TLSv1_3","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","true","",""
+"cipher_order","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","server","",""
+"FS","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","offered","",""
+"FS_ciphers","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA","",""
+"FS_KEMs","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","No KEMs offered","",""
+"FS_ECDHE_curves","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","prime256v1 secp384r1 secp521r1 X25519 X448","",""
+"DH_groups","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192","",""
+"FS_TLS12_sig_algs","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224 ECDSA+SHA256 ECDSA+SHA384 ECDSA+SHA512 ECDSA+SHA224","",""
+"FS_TLS13_sig_algs","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","ECDSA+SHA256 RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512","",""
+"heartbleed","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119"
+"CCS","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable","CVE-2014-0224","CWE-310"
+"ticketbleed","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","not applicable, not HTTP","CVE-2016-9244","CWE-200"
+"ROBOT","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable","CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168","CWE-203"
+"secure_renego","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","supported","","CWE-310"
+"secure_client_renego","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable","CVE-2011-1473","CWE-310"
+"CRIME_TLS","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable (not using HTTP anyway)","CVE-2012-4929","CWE-310"
+"POODLE_SSL","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable, no SSLv3","CVE-2014-3566","CWE-310"
+"fallback_SCSV","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","no protocol below TLS 1.2 offered","",""
+"SWEET32","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable","CVE-2016-2183 CVE-2016-6329","CWE-327"
+"FREAK","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable","CVE-2015-0204","CWE-310"
+"DROWN","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable on this host and port","CVE-2016-0800 CVE-2016-0703","CWE-310"
+"LOGJAM","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable, no DH EXPORT ciphers,","CVE-2015-4000","CWE-310"
+"LOGJAM-common_primes","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","no DH key with <= TLS 1.2","CVE-2015-4000","CWE-310"
+"BEAST","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable, no SSL3 or TLS1","CVE-2011-3389","CWE-20"
+"LUCKY13","dns.digitale-gesellschaft.ch/10.52.7.42","853","LOW","potentially vulnerable, uses obsolete TLS CBC ciphers","CVE-2013-0169","CWE-310"
+"winshock","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable","CVE-2014-6321","CWE-94"
+"RC4","dns.digitale-gesellschaft.ch/10.52.7.42","853","OK","not vulnerable","CVE-2013-2566 CVE-2015-2808","CWE-310"
+"clientsimulation-android_70","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-android_81","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-android_90","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_X","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_11_12","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_13_14","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_15","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-chrome_101_win10","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-chromium_137_win11","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-firefox_100_win10","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-firefox_137_win11","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-ie_8_win7","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","No connection","",""
+"clientsimulation-ie_11_win7","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_win81","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_winphone81","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_win10","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-edge_15_win10","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-edge_101_win10_21h2","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-edge_133_win11_23h2","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_184_ios_184","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_154_osx_1231","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_184_osx_154","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_7u25","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","No connection","",""
+"clientsimulation-java_80442","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_1102","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_1703","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_2106","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-go_1178","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-libressl_336","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_CHACHA20_POLY1305_SHA256","",""
+"clientsimulation-openssl_102e","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-openssl_111d","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-openssl_315","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-openssl_350","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-apple_mail_16_0","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-thunderbird_91_9","dns.digitale-gesellschaft.ch/10.52.7.42","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
diff --git a/.github/workflow-fixtures/testssl-results/10.52.7.43_p443.csv b/.github/workflow-fixtures/testssl-results/10.52.7.43_p443.csv
new file mode 100644
index 0000000..d168678
--- /dev/null
+++ b/.github/workflow-fixtures/testssl-results/10.52.7.43_p443.csv
@@ -0,0 +1,112 @@
+"id","fqdn/ip","port","severity","finding","cve","cwe"
+"service","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","HTTP","",""
+"pre_128cipher","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","No 128 cipher limit bug","",""
+"SSLv2","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not offered","",""
+"SSLv3","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not offered","",""
+"TLS1","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","not offered","",""
+"TLS1_1","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","not offered","",""
+"TLS1_2","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","offered","",""
+"TLS1_3","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","offered with final","",""
+"NPN","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","not offered","",""
+"ALPN_HTTP2","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","h2","",""
+"ALPN","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","http/1.1","",""
+"GREASE","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","No bugs found.","",""
+"cipherlist_NULL","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not offered","","CWE-327"
+"cipherlist_aNULL","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not offered","","CWE-327"
+"cipherlist_EXPORT","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not offered","","CWE-327"
+"cipherlist_LOW","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not offered","","CWE-327"
+"cipherlist_3DES_IDEA","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","not offered","","CWE-310"
+"cipherlist_OBSOLETED","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","offered","","CWE-310"
+"cipherlist_STRONG_NOFS","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","offered","",""
+"cipherlist_STRONG_FS","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","offered","",""
+"cipher_order-tls1_2","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","server -- server prioritizes ChaCha ciphers when preferred by clients","",""
+"cipher-tls1_2_xc02c","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","TLSv1.2   xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 253   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_xc030","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","TLSv1.2   xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 253   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_xcca9","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","TLSv1.2   xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_2_xcca8","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","TLSv1.2   xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_2_xc02b","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","TLSv1.2   xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 253   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_xc02f","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","TLSv1.2   xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 253   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_xc024","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   xc024   ECDHE-ECDSA-AES256-SHA384         ECDH 253   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","",""
+"cipher-tls1_2_xc028","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   xc028   ECDHE-RSA-AES256-SHA384           ECDH 253   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","",""
+"cipher-tls1_2_xc023","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   xc023   ECDHE-ECDSA-AES128-SHA256         ECDH 253   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_xc027","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   xc027   ECDHE-RSA-AES128-SHA256           ECDH 253   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_xc00a","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   xc00a   ECDHE-ECDSA-AES256-SHA            ECDH 253   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_xc014","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   xc014   ECDHE-RSA-AES256-SHA              ECDH 253   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_xc009","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   xc009   ECDHE-ECDSA-AES128-SHA            ECDH 253   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","",""
+"cipher-tls1_2_xc013","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   xc013   ECDHE-RSA-AES128-SHA              ECDH 253   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","",""
+"cipher-tls1_2_x9d","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","TLSv1.2   x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_x9c","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","TLSv1.2   x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_x3d","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256","",""
+"cipher-tls1_2_x3c","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_x35","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_x2f","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","TLSv1.2   x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA","",""
+"cipherorder_TLSv1_2","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA","",""
+"prioritize_chacha_TLSv1_2","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","true","",""
+"cipher_order-tls1_3","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","server -- server prioritizes ChaCha ciphers when preferred by clients","",""
+"cipher-tls1_3_x1302","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","TLSv1.3   x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384","",""
+"cipher-tls1_3_x1303","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","TLSv1.3   x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_3_x1301","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","TLSv1.3   x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256","",""
+"cipherorder_TLSv1_3","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256","",""
+"prioritize_chacha_TLSv1_3","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","true","",""
+"cipher_order","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","server","",""
+"FS","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","offered","",""
+"FS_ciphers","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA","",""
+"FS_KEMs","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","No KEMs offered","",""
+"FS_ECDHE_curves","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","prime256v1 secp384r1 secp521r1 X25519 X448","",""
+"DH_groups","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192","",""
+"FS_TLS12_sig_algs","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224 ECDSA+SHA256 ECDSA+SHA384 ECDSA+SHA512 ECDSA+SHA224","",""
+"FS_TLS13_sig_algs","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","ECDSA+SHA256 RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512","",""
+"heartbleed","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119"
+"CCS","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable","CVE-2014-0224","CWE-310"
+"ticketbleed","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable","CVE-2016-9244","CWE-200"
+"ROBOT","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable","CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168","CWE-203"
+"secure_renego","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","supported","","CWE-310"
+"secure_client_renego","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable, mitigated","CVE-2011-1473","CWE-310"
+"CRIME_TLS","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable","CVE-2012-4929","CWE-310"
+"BREACH","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable, no gzip/deflate/compress/br HTTP compression  - only supplied '/' tested","CVE-2013-3587","CWE-310"
+"POODLE_SSL","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable, no SSLv3","CVE-2014-3566","CWE-310"
+"fallback_SCSV","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","no protocol below TLS 1.2 offered","",""
+"SWEET32","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable","CVE-2016-2183 CVE-2016-6329","CWE-327"
+"FREAK","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable","CVE-2015-0204","CWE-310"
+"DROWN","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable on this host and port","CVE-2016-0800 CVE-2016-0703","CWE-310"
+"LOGJAM","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable, no DH EXPORT ciphers,","CVE-2015-4000","CWE-310"
+"LOGJAM-common_primes","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","no DH key with <= TLS 1.2","CVE-2015-4000","CWE-310"
+"BEAST","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable, no SSL3 or TLS1","CVE-2011-3389","CWE-20"
+"LUCKY13","dns.digitale-gesellschaft.ch/10.52.7.43","443","LOW","potentially vulnerable, uses obsolete TLS CBC ciphers","CVE-2013-0169","CWE-310"
+"winshock","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable","CVE-2014-6321","CWE-94"
+"RC4","dns.digitale-gesellschaft.ch/10.52.7.43","443","OK","not vulnerable","CVE-2013-2566 CVE-2015-2808","CWE-310"
+"clientsimulation-android_70","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-android_81","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-android_90","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_X","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_11_12","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_13_14","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_15","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-chrome_101_win10","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-chromium_137_win11","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-firefox_100_win10","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-firefox_137_win11","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-ie_8_win7","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","No connection","",""
+"clientsimulation-ie_11_win7","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_win81","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_winphone81","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_win10","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-edge_15_win10","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-edge_101_win10_21h2","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-edge_133_win11_23h2","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_184_ios_184","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_154_osx_1231","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_184_osx_154","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_7u25","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","No connection","",""
+"clientsimulation-java_80442","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_1102","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_1703","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_2106","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-go_1178","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-libressl_336","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_CHACHA20_POLY1305_SHA256","",""
+"clientsimulation-openssl_102e","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-openssl_111d","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-openssl_315","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-openssl_350","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-apple_mail_16_0","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-thunderbird_91_9","dns.digitale-gesellschaft.ch/10.52.7.43","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
diff --git a/.github/workflow-fixtures/testssl-results/10.52.7.43_p853.csv b/.github/workflow-fixtures/testssl-results/10.52.7.43_p853.csv
new file mode 100644
index 0000000..15df990
--- /dev/null
+++ b/.github/workflow-fixtures/testssl-results/10.52.7.43_p853.csv
@@ -0,0 +1,110 @@
+"id","fqdn/ip","port","severity","finding","cve","cwe"
+"service","dns.digitale-gesellschaft.ch/10.52.7.43","853","DEBUG","Couldn't determine service, skipping all HTTP checks","",""
+"pre_128cipher","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","No 128 cipher limit bug","",""
+"SSLv2","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not offered","",""
+"SSLv3","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not offered","",""
+"TLS1","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","not offered","",""
+"TLS1_1","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","not offered","",""
+"TLS1_2","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","offered","",""
+"TLS1_3","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","offered with final","",""
+"NPN","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","not offered","",""
+"ALPN","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","not offered","",""
+"GREASE","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","No bugs found.","",""
+"cipherlist_NULL","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not offered","","CWE-327"
+"cipherlist_aNULL","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not offered","","CWE-327"
+"cipherlist_EXPORT","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not offered","","CWE-327"
+"cipherlist_LOW","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not offered","","CWE-327"
+"cipherlist_3DES_IDEA","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","not offered","","CWE-310"
+"cipherlist_OBSOLETED","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","offered","","CWE-310"
+"cipherlist_STRONG_NOFS","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","offered","",""
+"cipherlist_STRONG_FS","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","offered","",""
+"cipher_order-tls1_2","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","server -- server prioritizes ChaCha ciphers when preferred by clients","",""
+"cipher-tls1_2_xc02c","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","TLSv1.2   xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 253   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_xc030","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","TLSv1.2   xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 253   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_xcca9","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","TLSv1.2   xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_2_xcca8","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","TLSv1.2   xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_2_xc02b","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","TLSv1.2   xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 253   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_xc02f","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","TLSv1.2   xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 253   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_xc024","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   xc024   ECDHE-ECDSA-AES256-SHA384         ECDH 253   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","",""
+"cipher-tls1_2_xc028","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   xc028   ECDHE-RSA-AES256-SHA384           ECDH 253   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","",""
+"cipher-tls1_2_xc023","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   xc023   ECDHE-ECDSA-AES128-SHA256         ECDH 253   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_xc027","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   xc027   ECDHE-RSA-AES128-SHA256           ECDH 253   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_xc00a","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   xc00a   ECDHE-ECDSA-AES256-SHA            ECDH 253   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_xc014","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   xc014   ECDHE-RSA-AES256-SHA              ECDH 253   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_xc009","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   xc009   ECDHE-ECDSA-AES128-SHA            ECDH 253   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","",""
+"cipher-tls1_2_xc013","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   xc013   ECDHE-RSA-AES128-SHA              ECDH 253   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","",""
+"cipher-tls1_2_x9d","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","TLSv1.2   x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384","",""
+"cipher-tls1_2_x9c","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","TLSv1.2   x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256","",""
+"cipher-tls1_2_x3d","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256","",""
+"cipher-tls1_2_x3c","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256","",""
+"cipher-tls1_2_x35","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA","",""
+"cipher-tls1_2_x2f","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","TLSv1.2   x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA","",""
+"cipherorder_TLSv1_2","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA","",""
+"prioritize_chacha_TLSv1_2","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","true","",""
+"cipher_order-tls1_3","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","server -- server prioritizes ChaCha ciphers when preferred by clients","",""
+"cipher-tls1_3_x1302","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","TLSv1.3   x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384","",""
+"cipher-tls1_3_x1303","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","TLSv1.3   x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256","",""
+"cipher-tls1_3_x1301","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","TLSv1.3   x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256","",""
+"cipherorder_TLSv1_3","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256","",""
+"prioritize_chacha_TLSv1_3","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","true","",""
+"cipher_order","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","server","",""
+"FS","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","offered","",""
+"FS_ciphers","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA","",""
+"FS_KEMs","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","No KEMs offered","",""
+"FS_ECDHE_curves","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","prime256v1 secp384r1 secp521r1 X25519 X448","",""
+"DH_groups","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192","",""
+"FS_TLS12_sig_algs","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224 ECDSA+SHA256 ECDSA+SHA384 ECDSA+SHA512 ECDSA+SHA224","",""
+"FS_TLS13_sig_algs","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","ECDSA+SHA256 RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512","",""
+"heartbleed","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119"
+"CCS","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable","CVE-2014-0224","CWE-310"
+"ticketbleed","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","not applicable, not HTTP","CVE-2016-9244","CWE-200"
+"ROBOT","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable","CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168","CWE-203"
+"secure_renego","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","supported","","CWE-310"
+"secure_client_renego","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable","CVE-2011-1473","CWE-310"
+"CRIME_TLS","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable (not using HTTP anyway)","CVE-2012-4929","CWE-310"
+"POODLE_SSL","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable, no SSLv3","CVE-2014-3566","CWE-310"
+"fallback_SCSV","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","no protocol below TLS 1.2 offered","",""
+"SWEET32","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable","CVE-2016-2183 CVE-2016-6329","CWE-327"
+"FREAK","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable","CVE-2015-0204","CWE-310"
+"DROWN","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable on this host and port","CVE-2016-0800 CVE-2016-0703","CWE-310"
+"LOGJAM","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable, no DH EXPORT ciphers,","CVE-2015-4000","CWE-310"
+"LOGJAM-common_primes","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","no DH key with <= TLS 1.2","CVE-2015-4000","CWE-310"
+"BEAST","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable, no SSL3 or TLS1","CVE-2011-3389","CWE-20"
+"LUCKY13","dns.digitale-gesellschaft.ch/10.52.7.43","853","LOW","potentially vulnerable, uses obsolete TLS CBC ciphers","CVE-2013-0169","CWE-310"
+"winshock","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable","CVE-2014-6321","CWE-94"
+"RC4","dns.digitale-gesellschaft.ch/10.52.7.43","853","OK","not vulnerable","CVE-2013-2566 CVE-2015-2808","CWE-310"
+"clientsimulation-android_70","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-android_81","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-android_90","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_X","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_11_12","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_13_14","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-android_15","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-chrome_101_win10","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-chromium_137_win11","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-firefox_100_win10","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-firefox_137_win11","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-ie_8_win7","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","No connection","",""
+"clientsimulation-ie_11_win7","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_win81","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_winphone81","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-ie_11_win10","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-edge_15_win10","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-edge_101_win10_21h2","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-edge_133_win11_23h2","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_184_ios_184","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_154_osx_1231","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-safari_184_osx_154","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_7u25","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","No connection","",""
+"clientsimulation-java_80442","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_1102","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_1703","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-java_2106","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-go_1178","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-libressl_336","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_CHACHA20_POLY1305_SHA256","",""
+"clientsimulation-openssl_102e","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-openssl_111d","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-openssl_315","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-openssl_350","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
+"clientsimulation-apple_mail_16_0","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384","",""
+"clientsimulation-thunderbird_91_9","dns.digitale-gesellschaft.ch/10.52.7.43","853","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","",""
diff --git a/.github/workflows/run-integration-test.yml b/.github/workflows/run-integration-test.yml
index 4ef6076..7d96399 100644
--- a/.github/workflows/run-integration-test.yml
+++ b/.github/workflows/run-integration-test.yml
@@ -71,6 +71,10 @@ jobs:
           # Run playbook a second time to setup TLS services.
           ansible-playbook configuration-files/resolver.yml -i configuration-files/local.yml --ssh-common-args '-p 55022'
 
+      - name: Run smoketest
+        run: |
+          ansible-playbook configuration-files/smoketest.yml -i configuration-files/local.yml --ssh-common-args '-p 55022'
+
       - name: Dump system logs
         if: always()
         run: |
diff --git a/configuration-files/smoketest.yml b/configuration-files/smoketest.yml
new file mode 100644
index 0000000..f4e81e2
--- /dev/null
+++ b/configuration-files/smoketest.yml
@@ -0,0 +1,77 @@
+---
+- hosts: all
+  become: false
+  gather_facts: no
+  tasks:
+    - name: "Smoketest | dig"
+      loop:
+        - ["/usr/bin/dig", "@{{ ip4_vip_dns1 }}", "-tTXT", "txt.dns-probe.znerol.ch", "+retry=0", "+short", "+identify", "+https"]
+        - ["/usr/bin/dig", "@{{ ip4_vip_dns1 }}", "-tTXT", "txt.dns-probe.znerol.ch", "+retry=0", "+short", "+identify", "+tls"]
+        - ["/usr/bin/dig", "@{{ ip4_vip_dns2 }}", "-tTXT", "txt.dns-probe.znerol.ch", "+retry=0", "+short", "+identify", "+https"]
+        - ["/usr/bin/dig", "@{{ ip4_vip_dns2 }}", "-tTXT", "txt.dns-probe.znerol.ch", "+retry=0", "+short", "+identify", "+tls"]
+        - ["/usr/bin/dig", "@{{ ip6_vip_dns1 }}", "-tTXT", "txt.dns-probe.znerol.ch", "+retry=0", "+short", "+identify", "+https"]
+        - ["/usr/bin/dig", "@{{ ip6_vip_dns1 }}", "-tTXT", "txt.dns-probe.znerol.ch", "+retry=0", "+short", "+identify", "+tls"]
+        - ["/usr/bin/dig", "@{{ ip6_vip_dns2 }}", "-tTXT", "txt.dns-probe.znerol.ch", "+retry=0", "+short", "+identify", "+https"]
+        - ["/usr/bin/dig", "@{{ ip6_vip_dns2 }}", "-tTXT", "txt.dns-probe.znerol.ch", "+retry=0", "+short", "+identify", "+tls"]
+      delegate_to: 127.0.0.1
+      when: ip4 == ip4_dns1
+      changed_when: false
+      retries: 7
+      delay: 7
+      register: smoketest_dig
+      until: smoketest_dig.rc == 0 and smoketest_dig['stdout'].startswith('"hello world" from server')
+      command:
+        argv: "{{ item }}"
+
+    - name: "Smoketest | testssl | async"
+      loop:
+        - ["/usr/bin/podman", "run", "--rm", "--userns=keep-id", "--volume=./../.github/workflow-fixtures/testssl-results:/testssl-results", "docker.io/drwetter/testssl.sh", "--categories", "--forward-secrecy", "--protocols", "--server-preference", "--client-simulation", "--grease", "--vulnerabilities", "--overwrite", "--csvfile", "/testssl-results/{{ ip4_vip_dns1 }}_p443.csv", "--ip", "{{ ip4_vip_dns1 }}", "dns.digitale-gesellschaft.ch:443" ]
+        - ["/usr/bin/podman", "run", "--rm", "--userns=keep-id", "--volume=./../.github/workflow-fixtures/testssl-results:/testssl-results", "docker.io/drwetter/testssl.sh", "--categories", "--forward-secrecy", "--protocols", "--server-preference", "--client-simulation", "--grease", "--vulnerabilities", "--overwrite", "--csvfile", "/testssl-results/{{ ip4_vip_dns1 }}_p853.csv", "--ip", "{{ ip4_vip_dns1 }}", "dns.digitale-gesellschaft.ch:853" ]
+        - ["/usr/bin/podman", "run", "--rm", "--userns=keep-id", "--volume=./../.github/workflow-fixtures/testssl-results:/testssl-results", "docker.io/drwetter/testssl.sh", "--categories", "--forward-secrecy", "--protocols", "--server-preference", "--client-simulation", "--grease", "--vulnerabilities", "--overwrite", "--csvfile", "/testssl-results/{{ ip4_vip_dns2 }}_p443.csv", "--ip", "{{ ip4_vip_dns2 }}", "dns.digitale-gesellschaft.ch:443" ]
+        - ["/usr/bin/podman", "run", "--rm", "--userns=keep-id", "--volume=./../.github/workflow-fixtures/testssl-results:/testssl-results", "docker.io/drwetter/testssl.sh", "--categories", "--forward-secrecy", "--protocols", "--server-preference", "--client-simulation", "--grease", "--vulnerabilities", "--overwrite", "--csvfile", "/testssl-results/{{ ip4_vip_dns2 }}_p853.csv", "--ip", "{{ ip4_vip_dns2 }}", "dns.digitale-gesellschaft.ch:853" ]
+      delegate_to: 127.0.0.1
+      when: ip4 == ip4_dns1
+      changed_when: false
+      async: 300
+      poll: 0
+      register: smoketest_testssl
+      command:
+        argv: "{{ item }}"
+
+    - name: "Smoketest | testssl | poll"
+      loop: "{{ smoketest_testssl.results }}"
+      loop_control:
+        loop_var: "async_result_item"
+      delegate_to: 127.0.0.1
+      when: ip4 == ip4_dns1
+      changed_when: false
+      register: async_poll_results
+      until: async_poll_results is finished
+      failed_when: "async_poll_results.rc > 200"
+      retries: 300
+      async_status:
+        jid: "{{ async_result_item.ansible_job_id }}"
+
+    - name: "Smoketest | testssl | cleanup"
+      loop:
+        - ["/usr/bin/sed", "-i", "/DROWN_hint/d", "./../.github/workflow-fixtures/testssl-results/{{ ip4_vip_dns1 }}_p443.csv" ]
+        - ["/usr/bin/sed", "-i", "/DROWN_hint/d", "./../.github/workflow-fixtures/testssl-results/{{ ip4_vip_dns1 }}_p853.csv" ]
+        - ["/usr/bin/sed", "-i", "/DROWN_hint/d", "./../.github/workflow-fixtures/testssl-results/{{ ip4_vip_dns2 }}_p443.csv" ]
+        - ["/usr/bin/sed", "-i", "/DROWN_hint/d", "./../.github/workflow-fixtures/testssl-results/{{ ip4_vip_dns2 }}_p853.csv" ]
+      delegate_to: 127.0.0.1
+      when: ip4 == ip4_dns1
+      changed_when: false
+      command:
+        argv: "{{ item }}"
+
+    - name: "Smoketest | testssl | results up-to-date"
+      loop:
+        - ["/usr/bin/git", "diff", "--quiet", "./../.github/workflow-fixtures/testssl-results/{{ ip4_vip_dns1 }}_p443.csv" ]
+        - ["/usr/bin/git", "diff", "--quiet", "./../.github/workflow-fixtures/testssl-results/{{ ip4_vip_dns1 }}_p853.csv" ]
+        - ["/usr/bin/git", "diff", "--quiet", "./../.github/workflow-fixtures/testssl-results/{{ ip4_vip_dns2 }}_p443.csv" ]
+        - ["/usr/bin/git", "diff", "--quiet", "./../.github/workflow-fixtures/testssl-results/{{ ip4_vip_dns2 }}_p853.csv" ]
+      delegate_to: 127.0.0.1
+      when: ip4 == ip4_dns1
+      changed_when: false
+      command:
+        argv: "{{ item }}"
diff --git a/configuration-files/tf-local/README.md b/configuration-files/tf-local/README.md
index c291fbb..2109ea2 100644
--- a/configuration-files/tf-local/README.md
+++ b/configuration-files/tf-local/README.md
@@ -33,6 +33,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_libvirt_connect_uri"></a> [libvirt\_connect\_uri](#input\_libvirt\_connect\_uri) | Connect string for libvirt. | `string` | `"qemu:///system"` | no |
 | <a name="input_libvirt_network_name"></a> [libvirt\_network\_name](#input\_libvirt\_network\_name) | Network to connect the libvirt node to. | `string` | `"localdns"` | no |
+| <a name="input_libvirt_network_routes"></a> [libvirt\_network\_routes](#input\_libvirt\_network\_routes) | n/a | `list(object({ cidr = string, gateway = string }))` | <pre>[<br/>  {<br/>    "cidr": "10.52.7.42/32",<br/>    "gateway": "10.52.7.125"<br/>  },<br/>  {<br/>    "cidr": "10.52.7.43/32",<br/>    "gateway": "10.52.7.126"<br/>  },<br/>  {<br/>    "cidr": "fd42:56b6:246b:67bc::42/128",<br/>    "gateway": "fd42:56b6:246b:67bc::125"<br/>  },<br/>  {<br/>    "cidr": "fd42:56b6:246b:67bc::43/128",<br/>    "gateway": "fd42:56b6:246b:67bc::126"<br/>  }<br/>]</pre> | no |
 | <a name="input_libvirt_network_subnets"></a> [libvirt\_network\_subnets](#input\_libvirt\_network\_subnets) | Subnets for of libvirt network. | `list(string)` | <pre>[<br/>  "10.52.7.112/28",<br/>  "fd42:56b6:246b:67bc::/64"<br/>]</pre> | no |
 | <a name="input_libvirt_pool_name"></a> [libvirt\_pool\_name](#input\_libvirt\_pool\_name) | Storage pool to use for libvirt images. | `string` | `"default"` | no |
 | <a name="input_nodes"></a> [nodes](#input\_nodes) | n/a | `list(string)` | <pre>[<br/>  "localdns1",<br/>  "localdns2"<br/>]</pre> | no |
diff --git a/configuration-files/tf-local/main.tf b/configuration-files/tf-local/main.tf
index 4232d8e..1678c3b 100644
--- a/configuration-files/tf-local/main.tf
+++ b/configuration-files/tf-local/main.tf
@@ -41,6 +41,14 @@ resource "libvirt_network" "local" {
   mode      = "nat"
   domain    = "${var.libvirt_network_name}.local"
   addresses = var.libvirt_network_subnets
+  dynamic "routes" {
+    for_each = var.libvirt_network_routes
+    iterator = route
+    content {
+      cidr    = route.value["cidr"]
+      gateway = route.value["gateway"]
+    }
+  }
   xml {
     xslt = file("${path.module}/libvirt-network.xsl")
   }
diff --git a/configuration-files/tf-local/variables.tf b/configuration-files/tf-local/variables.tf
index 542ea9a..33615b5 100644
--- a/configuration-files/tf-local/variables.tf
+++ b/configuration-files/tf-local/variables.tf
@@ -4,7 +4,7 @@ variable "nodes" {
 }
 
 variable "nodes_addresses" {
-  type    = list(list(string))
+  type = list(list(string))
   default = [
     ["10.52.7.116/28", "fd42:56b6:246b:67bc::116/64"],
     ["10.52.7.117/28", "fd42:56b6:246b:67bc::117/64"]
@@ -51,6 +51,28 @@ variable "libvirt_network_subnets" {
   description = "Subnets for of libvirt network."
 }
 
+variable "libvirt_network_routes" {
+  type = list(object({ cidr = string, gateway = string }))
+  default = [
+    {
+      cidr    = "10.52.7.42/32"
+      gateway = "10.52.7.125"
+    },
+    {
+      cidr    = "10.52.7.43/32",
+      gateway = "10.52.7.126"
+    },
+    {
+      cidr    = "fd42:56b6:246b:67bc::42/128"
+      gateway = "fd42:56b6:246b:67bc::125"
+    },
+    {
+      cidr    = "fd42:56b6:246b:67bc::43/128",
+      gateway = "fd42:56b6:246b:67bc::126"
+    }
+  ]
+}
+
 variable "libvirt_pool_name" {
   type        = string
   default     = "default"