In view of COVID-19 precaution measures, we remind you that ImmuniWeb Platform allows to easily configure and safely buy online all available solutions in a few clicks.

Total Tests:

SSL Security Test

Free online security tool to test your security
  • Web Server SSL Test
  • Email Server SSL Test
  • SSL Certificate Test
  • PCI DSS, HIPAA & NIST Test

Free online security tool to test your security

40,033,412 security tests performed


0 tests running
  tests today

Latest Tested SSL/TLS Servers

Free API

ImmuniWeb Community Edition provides a free API for the SSL security test. It shares the number of tests performed via web interface:

Account type Tests per day Monthly subscription
No Account 10 Free
Free Account 20 Free

Premium API

ImmuniWeb Community Edition provide a premium API for higher number of requests via API or web interface:

Select package Requests per day Cost per month
50 $49
500 $490
1000 $980
2500 $2450
?

The number of API requests will be available via web interface under your account

?

The number of API requests will be shared among all users with the same domain name as your account

Total: $1440
Get in touch for details.

Public schools, local governments and non-for-profit organizations may request a free access to the premium API.

API Documentation

Full API Documentation

API Specifications

Field Name Value
Protocol HTTPS
Request Type POST
URL https://www.immuniweb.com/ssl/api/v1/check/[ustamp].html - where "ustamp" is an arbitrary UNIX time-stamp (must be an integer). Such construction is done to prevent caching on client side.

POST Data Specification

Field Name Value
api_key secret token which you submit alongside with the request
domain:port must be a valid domain name, or IP address, followed by a port number. If port is not supplied, 443 is used by default.
show_test_results "false" means that test results will be hidden, "true" means that test results will be displayed in statistics.
choosen_ip IP address of tested server (if tested domain resolves to multiple addresses).
recheck "false" will use results from cache if the server has been tested within the past 24 hours, "true" will perform a new test without looking at the cache.
verbosity 1 means output will be detailed, 0 means output will be short.
token value of the token sent by the server if the tested domain is resolved into several IP addresses.

Example of Transaction Using CURL

# New test (not cached)
curl -d "domain=twitter.com:443&choosen_ip=any&show_test_results=true&recheck=false" "https://www.immuniweb.com/ssl/api/v1/check/1451425590.html"
{
"job_id": "2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc",
"status": "test_started",
"status_id": 1,
"message": "Test has started"
}
curl -d "job_id=2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc" "https://www.immuniweb.com/ssl/api/v1/get_result/1451425590.html"
{
"job_id": "2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc",
"status": "in_progress",
"status_id": 2,
"eta": 2,
"message": "Your test is in progress"
}
New test (cached)
curl -d "domain=twitter.com:443&choosen_ip=any&show_test_results=true&recheck=false" "https://www.immuniweb.com/ssl/api/v1/check/1451425590.html"
{
"test_id": "c84936eef26eeb8aaef5ffc43f38ddb91adfd90ac27fb416bd0b21fe2edb1004",
"status": "test_cached",
"status_id": 3,
"message": "Test is cached"
}
curl -d "id=c84936eef26eeb8aaef5ffc43f38ddb91adfd90ac27fb416bd0b21fe2edb1004" "https://www.immuniweb.com/ssl/api/v1/get_result/1451425590.html"
{ ... }
Example with multiple IP addresses
curl -d "domain=twitter.com:443&recheck=false" "https://www.immuniweb.com/ssl/api/v1/check/1451425590.html"
{
"multiple_ips": ["199.16.156.6","199.16.156.102","199.16.156.70","199.16.156.230"],
"token": "68j3OCZLEomtjASxKoObjZXzX7p2M7L0"
}
curl -d "domain=twitter.com:443&choosen_ip=199.16.156.230&show_test_results=true&recheck=false&token="68j3OCZLEomtjASxKoObjZXzX7p2M7L0"" "https://www.immuniweb.com/ssl/api/v1/check/1451425590.html"
Example with error
curl -d "domain=0.0.0.0&show_test_results=true&recheck=false" "https://www.immuniweb.com/ssl/api/v1/check/1451425590.html"
{
"error": "Domain name 0.0.0.0 was resolved in an invalid IP address",
"error_name": "invalid_ip_resolved",
"error_id": 16
}
Download PDF
curl -d "api_key=your_api_key" "https://www.immuniweb.com/ssl/gen_pdf/test_id/" > report.pdf

Example of Server Response

         

Scoring Methodology

- At the beginning of the test, server score is 100.
- Points are deducted when server configuration does not correspond to the PCI DSS requirements, HIPAA guidance or NIST guidelines.
- Points are deducted when server configuration contains exploitable vulnerabilities or weaknesses that are not yet covered by PCI DSS, HIPAA or NIST.
- Points are added for every extra best practice which is not mentioned in the PCI DSS requirements, HIPAA guidance or NIST guidelines.
- Server cannot get an "A+" if a misconfiguration makes it lose more than 10 points.
- Server gets an "N" if a tested port is closed.
- The server gets an "F" grade if HTTPS (443/tcp) port is closed but HTTP (80/tcp) port is open.
Grade Score
A+ Score greater than 99
A Score between 90 and 99
A- Score between 80 and 89
Grade Score
B+ Score between 70 and 79
B Score between 60 and 69
B- Score between 50 and 59
Grade Score
C+ Score between 35 and 49
C Score between 20 and 34
F Score lower than 20

Scoring

Description Score
Certificate is an Extended Validation (EV) certificate +10 points
HTTP website redirects to HTTPS (Always-On SSL) +10 points
Server prefers cipher suites providing strong Perfect Forward Secrecy (PFS) +10 points
Server provides TLS_Fallback_SCSV extension +10 points
Server implements HTTP Strict Transport Security (HSTS) with long duration +10 points
Server supports TLSv1.3 +10 points
Server X509 certificate is prior to version 3 -5 points
Server certificate has been issued for more than 3 year period -5 points
Server certificate has not been signed with the proper algorithm -5 points
Server does not support OCSP stapling -5 points
Server does not support neither P-256 nor P-384 curves -5 points
Server does not support some cipher suites required by NIST guidelines or HIPAA guidance -5 points
TLS cipher suites that are not approved by NIST guidelines or HIPAA guidance are supported -5 points
Server supports Elliptic Curves but does not support EC Point Format extension -5 points
Certificate chain is not provided -10 points
Website includes insecure (HTTP) content -10 points
Server accepts client-initiated secure renegotiation -10 points
Server does not provide information about support for secure renegotiation -10 points
Server does not support TLSv1.3 -10 points
Certificate chain rely on expired certificate -20 points
Certificate signature is not SHA2 -20 points
Certificate does not provide revocation information -20 points
SSL is supported but TLSv1.1 or TLSv1.2 or TLSv1.3 are preferred -20 points
SSL/TLS cipher suites that are not approved by PCI DSS are supported -40 points
Certificate key length or DH parameter are too small (< 2048 bits or 256 bits for EC) -40 points
Server supports at least one elliptic curve whose size is below 224 bits -40 points
SSL is supported while TLSv1.1 or TLSv1.2 or TLSv1.3 are not -40 points
Server supports TLS compression which may allow CRIME attack -40 points
SSL/TLS cipher suites that are not approved by PCI DSS are preferred -50 points
Certificate is untrusted or invalid* -60 points
Server is vulnerable to CVE-2014-0224 (OpenSSL CCS flaw) -60 points
Server is vulnerable to CVE-2016-2107 (OpenSSL padding-oracle flaw) -60 points
Server is vulnerable to POODLE over TLS -60 points
Server is vulnerable to GOLDENDOODLE -60 points
Server is vulnerable to Zombie POODLE -60 points
Server is vulnerable to Sleeping POODLE -60 points
Server is vulnerable to 0-Length OpenSSL -60 points
Server accepts client-initiated insecure renegotiation -60 points
Server is vulnerable to ROBOT (Return Of Bleichenbacher's Oracle Threat) -60 points
Server is vulnerable to Heartbleed -70 points

* including mismatch of the certificate’s CN and SAN unless the test is for an IP and IP’s PTR matches domain from CN and SAN

About the Service

SSL Security Test is a free product available online, provided and operated by ImmuniWeb.

SSL Security Test performs the following tests:

IP Ranges

IP ranges of our outbound servers are:

  • 192.175.111.224/27
  • 64.15.129.96/27
  • 70.38.27.240/28
  • 72.55.136.144/28
  • 72.55.136.192/28
  • 79.141.85.24/29
Interactive SSL/TLS Security Live World Map
Hostname
Grade
Date/Time ()
Compliant with
Server location
Click to view full test results
View in fullscreen
Current time:
Latest update:

Recent HTTPS:

Recent non-HTTPS:

Recent Web Servers SSLSecurity Tests

Recent Email Servers SSLSecurity Tests

Summary of SSL Security Test Security Score

Compliance:

PCI DSS HIPAA NIST
Date/Time:
Source IP/Port:
Type:

Your final score

Get instant notifications on SSL grade or compliance change with ImmuniWeb Discovery.

Discovered Email Servers and Subdomains Subdomains

Discover all your subdomains, APIs and public cloud storage with ImmuniWeb Discovery.

SSL Certificate Analysis SSL Certificate

Get a timely notice about all your expiring or untrusted certificates with ImmuniWeb Discovery.

Email Server Security Hardening Email Server Security

PCI DSS Compliance Analysis PCI DSS

Reference: PCI DSS 3.2.1 - Requirements 2.3 and 4.1

Get continuous PCI DSS compliance monitoring for all your websites and cloud with ImmuniWeb Discovery.

NIST Compliance Analysis NIST

Reference: NIST Special Publication 800-52 Revision 2 - Section 3

Get continuous NIST compliance monitoring for all your websites and cloud with ImmuniWeb Discovery.

Industry Best Practices Analysis Best Practices

Get continuous security monitoring for all your websites, APIs and cloud with ImmuniWeb Discovery.

External Content Analysis External Content

SSL/TLS Security Publications

Frequently Asked Questions

  • Q
    What is SSL?
    A

    Secure Sockets Layer (SSL) is a family of network protocols aimed to encrypt data transmission over other, higher level, protocols that transport web content, email or other types of information. Today SSL is considered obsolete and insecure, and is now replaced with a newer TLS (Transport Layer Security) family of protocols. Many people, however, still use the SSL acronym interchangeably with TLS. Billions of people unwittingly use SSL/TLS in a daily manner, for example, when they visit an HTTPS website, they are relying on TLS encryption when sending and receiving the data from the web server where the website is hosted.

  • Q
    How does SSL work?
    A

    Secure Sockets Layer (SSL) is now replaced by a more secure TLS (Transport Layer Security) family of data encryption protocols. They serve to wrap digitally transmitted data (e.g. emails or HTTP requests sent to a website) sent over a network to prevent data interception and falsification. You may consider SSL encryption to be a sealed and unbreakable envelope to protect content of your letter sent by a public postal service.

  • Q
    What is SSL certificate?
    A

    From a technical standpoint, SSL certificate is a file stored on the server. From a practical standpoint, SSL certificate is a key to encrypt and decrypt information sent or received by a web, email or other servers with SSL/TLS encryption enabled. Furthermore, some SSL certificates may also confirm identity of the website owner, ensuring its visitors that they deal with the genuine website they can trust.

  • Q
    How to check SSL certificate?
    A

    You may inspect and check SSL certificate of a website just by clicking on the green (grey or blue) lock icon on the left side of your browser’s address bar. Your web browser will display all available information about the SSL certificate. You may also check validity and correct configuration of your SSL certificate by running a free SSL security test operated by ImmuniWeb Community Edition.

  • Q
    Why SSL certificate is required for website?
    A

    SSL certificate is required to allow data encryption between your website and its visitors by using HTTPS encryption. Google, Mozilla and many other companies may warn about insecurity of a website without HTTPS encryption or even block access to such website.

    An EV (Extended Validation) SSL certificate also provides a certain degree of trust to your website visitors by ensuring that your organization is a valid and existing business. Recently, however, many organizations and web browsers announced a gradual discontinuity of EV SSL certificates support stating lack of efficiency and exorbitant prices for EV certificates among the main causes of their decision.

  • Q
    Can SSL be decrypted?
    A

    Some of the inherent cryptographic vulnerabilities (e.g. BEAST or POODLE) or SSL/TLS implementational vulnerabilities (Heartbleed) of SSL/TLS allow decrypting SSL/TLS traffic under some circumstances, usually involving social engineering, vulnerable or misconfigured software on the client or server side. Some variations of MITM (Man-in-the-Middle) attacks also permit intercepting and forging encrypted content under similar set of circumstances.

  • Q
    What is the SSL test and how do I perform it?
    A

    SSL test aims to illuminate the wide spectrum of configurational, implementational and cryptographical problems inherent to SSL/TLS protocols and underlying software. ImmuniWeb Community Edition provides a free SSL test to detect all known security and cryptographic issues in your SSL/TLS-enabled services (e.g. HTTPS or SMTPS servers) and also test whether PCI DSS, NIST and HIPAA requirements related to SSL are properly implemented.

  • Q
    What is SSL/TLS security testing used for?
    A

    SSSL/TLS security testing may be used to ensure that regulatory requirements and compliance, including different requirements of PCI DSS, GDPR or NIST, are properly implemented. Furthermore, SSL/TLS security testing ensures that your clients and other websites visitors (in the case of HTTPS encryption) are well protected from MITM attacks and other vectors of data interception. Finally, proper SSL/TLS configuration ensures that modern web and mobile browsers won’t block access to your website considering its insecure. You can test your SSL/TLS security by a free online test provided as a part of ImmuniWeb Community Edition.

Try Other ImmuniWeb® Free Products

AI Products Ask a Question