[WEB SECURITY] Announcing the SSL Rating Guide and the Public SSL Server Database
Ivan Ristic
ivan.ristic at gmail.com
Fri Jul 24 05:41:39 EDT 2009
Realising how difficult it could be to assess SSL servers (especially
if security is not your profession and you are not into SSL), I wrote
a little something to help. I call is the SSL Rating Guide. The
purpose of the guide is twofold:
1. Help people assess their servers and improve the configuration of
their servers -- the guide is concise and, above all, practical.
2. Assign a meaningful score to every SSL server so that their
configurations can be compared.
You can get the rating guide from the SSL Labs web site:
https://www.ssllabs.com/projects/rating-guide/
Although it is still nominally a draft, it's complete as far as I am
concerned. I would appreciate if you sent me some feedback (positive
and negative), after which I will be able to declare this edition
(2009) done.
I have also released my online service that tracks public SSL servers:
https://www.ssllabs.com/ssldb/
Naturally, it uses the rating guide for assessment.
--
Ivan Ristic
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list