no DNS security or client-initiated renegotiation protection either
for a start the web server allows for client-initiated renegotiation, which is NOT good at all..
Although the option does not bear a risk for confidentiality, it does make a web server vulnerable to DoS attacks within the same TLS connection. Therefore you should not support it.
they have not enabled DNSSEC... spoof away !