Wednesday, April 24, 2024


The SSLTEST utility offered by SSL Labs delves deep into the various security defenses of a website, listing (sorry for the techie talk) which varieties of encryption protocols it supports, which cipher suites can be used, and whether it's vulnerable to known attacks such as POODLE and ROBOT.  

What I like about this test site the most is that it grades the website with the familiar grading system as shown below.  Getting an A+ rating is very uncommon and while it would appear to be the best, that is somewhat arguable.  For example, the A+ website below only supports TLS 1.2 and leaves out supporting TLS 1.0 and TLS 1.1, both of which have known vulnerabilities.  That begs the question, is it better to support only newer protocols and have some number of users/systems unable to connect to your website or make those people upgrade before they can connect.  If you're Amazon, you accept your "B" rating to allow as many customers to connect as possible.

You can try SSLTEST using the link below.

No comments:

Post a Comment