[WEB SECURITY] Announcing the SSL Rating Guide and the Public SSL Server Database

Ivan Ristic ivan.ristic at gmail.com
Fri Jul 24 05:41:39 EDT 2009

Realising how difficult it could be to assess SSL servers (especially
if security is not your profession and you are not into SSL), I wrote
a little something to help. I call is the SSL Rating Guide. The
purpose of the guide is twofold:

  1. Help people assess their servers and improve the configuration of
their servers -- the guide is concise and, above all, practical.
  2. Assign a meaningful score to every SSL server so that their
configurations can be compared.

You can get the rating guide from the SSL Labs web site:


Although it is still nominally a draft, it's complete as far as I am
concerned. I would appreciate if you sent me some feedback (positive
and negative), after which I will be able to declare this edition
(2009) done.

I have also released my online service that tracks public SSL servers:


Naturally, it uses the rating guide for assessment.

Ivan Ristic

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list