[WEB SECURITY] Announcing the SSL Rating Guide and the Public SSL Server Database

Ivan Ristic ivan.ristic at gmail.com
Fri Jul 24 05:41:39 EDT 2009


Realising how difficult it could be to assess SSL servers (especially
if security is not your profession and you are not into SSL), I wrote
a little something to help. I call is the SSL Rating Guide. The
purpose of the guide is twofold:

  1. Help people assess their servers and improve the configuration of
their servers -- the guide is concise and, above all, practical.
  2. Assign a meaningful score to every SSL server so that their
configurations can be compared.

You can get the rating guide from the SSL Labs web site:

    https://www.ssllabs.com/projects/rating-guide/

Although it is still nominally a draft, it's complete as far as I am
concerned. I would appreciate if you sent me some feedback (positive
and negative), after which I will be able to declare this edition
(2009) done.

I have also released my online service that tracks public SSL servers:

    https://www.ssllabs.com/ssldb/

Naturally, it uses the rating guide for assessment.

-- 
Ivan Ristic

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list