SSL Labs is a collection of documents, tools and thoughts related to SSL. It's an attempt to better understand how SSL is deployed, and an attempt to make it better. I hope that, in time, SSL Labs will grow into a forum where SSL will be discussed and improved. ...
SSL Security Summary 66.0%secure sitesTotal sites surveyed134,495Inadequate security45,693Secure sites88,802- 0.2 %- 0.5 %+ 0.5 %A+AA- SSL Labs Grade Distribution ABCDF010%20%30%40%50%60%70% Certificate Chain 1.7%Sites with incompletecertificate chain2,303- 0.1 % Strict Transport Secur...
SSL Labs 推出的全球知名的 SSL 网站在线检测工具,会对 HTTPS 网站的证书链、安全性、性能、协议细节进行全面检测,检测完毕后会进行打分,同时给出一份详细的检测报告和改进建议。 测试网站:https://www.ssllabs.com/ssltest/ 测试规则概述 2020 年算法变更 January 2020 主要是修改了 TLS 1.0 和 TLS 1.1 的评...
理论上 Windows & IIS 不支持 TLS_FALLBACK_SCSV,所以无法 A+,但是开启 HSTS,并仅启用 TLS1.2 可以获得 A+ 得分,这样就不存在协议降级风险。 Microsoft 的 SSL 基于 Schannel 实现,与 OpenSSL 无关(或称 Microsoft TLS)。 Schannel is a Security Support Provider (SSP) that implements the Secure Sockets ...
推荐一个在线版全球知名的HTTPS网站检测工具-Qualys SSL Labs。Qualys SSL Labs同时也是很具有影响力的SSL安全和性能研究机构。 SSL Labs会对HTTPS网站的证书链、安全性、性能、协议细节进行全面检测,检测完毕后会进行打分,同时给出一份详细的检测报告和改进建议。
SSL 2 No Cipher Suites # TLS 1.3 (suites in server-preferred order) TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS 128 TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 307...
No secure protocols supported - if you get this message, but you know that the site supports SSL, wait until the cache expires on its own, then try again, making sure the hostname you enter uses the "www" prefix (e.g., "www.ssllabs.com", not just "ssllabs.com"). no more ...
SSL 3 No SSL 2 No (*) Experimental: Server negotiated using No-SNI Cipher Suites # TLS 1.3 (suites in server-preferred order) TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS ...
No secure protocols supported - if you get this message, but you know that the site supports SSL, wait until the cache expires on its own, then try again, making sure the hostname you enter uses the "www" prefix (e.g., "www.ssllabs.com", not just "ssllabs.com"). no more ...
SSL 3 No SSL 2 No (*) Experimental: Server negotiated using No-SNI Cipher Suites # TLS 1.2 (suites in server-preferred order) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp384r1 (eq. 7680 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp...