Test your website's SSL implementation with the free Qualys SSL Labs tool
By
06 January 2019 (Edited 06 January 2019)

Subscribe to my blog

Share This Article


Source: David|6 January 2019


Since Google Chrome in July 2018 began calling out websites not using secure socket layer (SSL) encryption - sites with HTTP URLs - as "not secure," there's been a flurry of activity in adding SSL to sites, making the URLs HTTPS.

Implementing SSL looks deceptively simple. On the surface, it is - but underneath it's not. And not all the people doing it understand all the complexities that are involved.

In part, that's the case because a lot of the SSL documentation that's out there is incomplete or wrong.

Right now, only about 3% of sites with SSL implementations rate A+ in rigorous tests.

If SSL has been implemented on your website, that's good. But if there are any underlying misconfigurations or security holes, you need to identify these and get them fixed.

California-based cloud security company Qualys (NASDAC QLYS) provides an excellent, free online tool for testing SSL implementations.

In the example below, I went to the Qualys tool here https://www.ssllabs.com/ssltest/ where there's an input form that looks like this:

For purposes of example, I sent the tool off to test the website of Singaporean hotel booking site agoda.com. Here's the top-line result I got back after a few minutes:

So just by blind luck I hit on one of those rare sites with a grade of A+.

The complete report is 6 pages long, so I'm not going to reproduce all of it here. But here are a couple of key snippets:

Primary SSL Certificate information:

That shows us the identity of the issuing authority, the start and end dates of the certificate, the fact that it hasn't been revoked, and more.

Below that is information on additional certificates, followed by a Configuration section which among other things includes:

Handshake Simulation results for 50 browsers (not all shown here):

All handshakes were successful except in the case of Internet Explorer 8 running on Windows XP - a notoriously troublesome browser. The Qualys tool obviously found this to be an acceptable exception.

So Agoda's SSL implementation is in fine shape.

Is yours? Use the free Qualys tool and find out fast.

And if fixes are necessary, I'm sure the people at Qualys could help you with that.

FYI, Qualys has not compensated me in any way for this review.


If you found this article helpful and would like to see more like it, please share it via the Share This Article link at the top of the page.

And if you have questions or comments, you can easily send them to me with the Quick Reply form, below.


David Boggs    - David
View David Boggs's profile on LinkedIn

Google Certifications - David H Boggs
Subscribe to my blog

   
Rating
4/5 based on 1 votes.
Show Individual Votes
Tags , ,
Related Listings
External Article: https://www.ssllabs.com/ssltest/


E-mail:
Quick Reply
Name:
E-mail:
Subscribe to my blog:
Your Comment:


You may use BB Codes in your message.
Spam Prevention:


Members currently reading this thread:

Previous Article | Next Article