https://www.immuniweb.com/ssl/api/v1/check/[ustamp].html - where "ustamp" is an arbitrary UNIX time-stamp (must be an integer). Such construction is done to prevent caching on client side.
POST Data Specification
Field Name
Value
api_key
secret token which you submit alongside with the request
domain
must be a valid domain name, or IP address, followed by a port number. If port is not supplied, 443 is used by default.
show_test_results
"false" means that test results will be hidden, "true" means that test results will be displayed in statistics.
choosen_ip
IP address of tested server (if tested domain resolves to multiple addresses).
recheck
"false" will use results from cache if the server has been tested within the past 24 hours, "true" will perform a new test without looking at the cache.
verbosity
1 means output will be detailed, 0 means output will be short.
token
value of the token sent by the server if the tested domain is resolved into several IP addresses.
{ "job_id":"2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc", "status":"in_progress", "status_id":2, "eta":2, "message":"Your test is in progress" }
- Server cannot get an "A+" if a misconfiguration makes it lose more than 10 points.
- Server gets an "N" if a tested port is closed.
- The server gets an "F" grade if HTTPS (443/tcp) port is closed but HTTP (80/tcp) port is open.
Grade
Score
A+
Score greater than 99
A
Score between 90 and 99
A-
Score between 80 and 89
Grade
Score
B+
Score between 70 and 79
B
Score between 60 and 69
B-
Score between 50 and 59
Grade
Score
C+
Score between 35 and 49
C
Score between 20 and 34
F
Score lower than 20
Scoring
Description
Score
Certificate is an Extended Validation (EV) certificate
+10 points
HTTP website redirects to HTTPS (Always-On SSL)
+10 points
Server prefers cipher suites providing strong Perfect Forward Secrecy (PFS)
+10 points
Server provides TLS_Fallback_SCSV extension
+10 points
Server implements HTTP Strict Transport Security (HSTS) with long duration
+10 points
Server supports TLSv1.3
+10 points
Server X509 certificate is prior to version 3
-5 points
Server certificate has been issued for more than 3 year period
-5 points
Server certificate has not been signed with the proper algorithm
-5 points
Server does not support OCSP stapling
-5 points
Server does not support neither P-256 nor P-384 curves
-5 points
Server does not support some cipher suites required by NIST guidelines or HIPAA guidance
-5 points
TLS cipher suites that are not approved by NIST guidelines or HIPAA guidance are supported
-5 points
Server supports Elliptic Curves but does not support EC Point Format extension
-5 points
Certificate chain is not provided
-10 points
Website includes insecure (HTTP) content
-10 points
Server accepts client-initiated secure renegotiation
-10 points
Server does not provide information about support for secure renegotiation
-10 points
Server does not support TLSv1.3
-10 points
Certificate chain relies on expired certificate, it can break connection for some clients.
-20 points
Certificate signature is not SHA2
-20 points
Certificate does not provide revocation information
-20 points
SSL is supported but TLSv1.1 or TLSv1.2 or TLSv1.3 are preferred
-20 points
SSL/TLS cipher suites that are not approved by PCI DSS are supported
-40 points
Certificate key length or DH parameter are too small (< 2048 bits or 256 bits for EC)
-40 points
Server supports at least one elliptic curve whose size is below 224 bits
-40 points
SSL is supported while TLSv1.1 or TLSv1.2 or TLSv1.3 are not
-40 points
Server supports TLS compression which may allow CRIME attack
-40 points
SSL/TLS cipher suites that are not approved by PCI DSS are preferred
-50 points
Certificate is untrusted or invalid*
-60 points
Server is vulnerable to CVE-2014-0224 (OpenSSL CCS flaw)
-60 points
Server is vulnerable to CVE-2016-2107 (OpenSSL padding-oracle flaw)
-60 points
Server may be vulnerable to CVE-2021-3449 (OpenSSL maliciously crafted renegotiation vulnerability)
-60 points
Server is vulnerable to POODLE over TLS
-60 points
Server is vulnerable to GOLDENDOODLE
-60 points
Server is vulnerable to Zombie POODLE
-60 points
Server is vulnerable to Sleeping POODLE
-60 points
Server is vulnerable to 0-Length OpenSSL
-60 points
Server accepts client-initiated insecure renegotiation
-60 points
Server is vulnerable to ROBOT (Return Of Bleichenbacher's Oracle Threat)
-60 points
Server is vulnerable to Heartbleed
-70 points
* including mismatch of the certificate’s CN and SAN unless the test is for an IP and IP’s PTR matches domain from CN and SAN
Free SSL Security Monitoring
ImmuniWeb® Community Edition provides a free SSL/TLS security and compliance monitoring with this SSL Security Test. You can add up to 3 hosts for free that will be automatically tested with the SSL Security Test every 7 days. You will be notified by email about new vulnerabilities or misconfigurations. You can change or remove the hosts at any time.
Interactive SSL/TLS Security Live World Map
Hostname
Grade
Date/Time ()
Compliant with
Server location
Click to view full test results
View in fullscreen
Current time:
Latest update:
Recent HTTPS:
Recent non-HTTPS:
Recent Web Servers SSL Security Tests
Recent Email Servers SSL Security Tests
SSL Security Statistics and Trends
Global SSL/TLS Grade Distribution
A
B
C
F
Web Servers
A
B
C
F
Email Servers
A
B
C
F
Other Servers
SSL/TLS Configurations Compliant with PCI DSS Requirements
Web Servers
Email Servers
Other Servers
Security Hardening of SSL/TLS Email Servers
SPF
DKIM
DMARC
Summary of SSL Security TestSummary
Compliance:
PCI DSS HIPAA NIST
Date/Time:
Source IP/Port:
Type:
Your final score
Get a comprehensive visibility of your attack surface, web and network security with ImmuniWeb Discovery.
Secure Sockets Layer (SSL) is a family of network protocols aimed to encrypt data transmission over other, higher level, protocols that transport web content, email or other types of information. Today SSL is considered obsolete and insecure, and is now replaced with a newer TLS (Transport Layer Security) family of protocols. Many people, however, still use the SSL acronym interchangeably with TLS. Billions of people unwittingly use SSL/TLS in a daily manner, for example, when they visit an HTTPS website, they are relying on TLS encryption when sending and receiving the data from the web server where the website is hosted.
Q
How does SSL work?
A
Secure Sockets Layer (SSL) is now replaced by a more secure TLS (Transport Layer Security) family of data encryption protocols. They serve to wrap digitally transmitted data (e.g. emails or HTTP requests sent to a website) sent over a network to prevent data interception and falsification. You may consider SSL encryption to be a sealed and unbreakable envelope to protect content of your letter sent by a public postal service.
Q
What is SSL certificate?
A
From a technical standpoint, SSL certificate is a file stored on the server. From a practical standpoint, SSL certificate is a key to encrypt and decrypt information sent or received by a web, email or other servers with SSL/TLS encryption enabled. Furthermore, some SSL certificates may also confirm identity of the website owner, ensuring its visitors that they deal with the genuine website they can trust.
Q
How to check SSL certificate?
A
You may inspect and check SSL certificate of a website just by clicking on the green (grey or blue) lock icon on the left side of your browser’s address bar. Your web browser will display all available information about the SSL certificate. You may also check validity and correct configuration of your SSL certificate by running a free SSL security test operated by ImmuniWeb Community Edition.
Q
Why SSL certificate is required for website?
A
SSL certificate is required to allow data encryption between your website and its visitors by using HTTPS encryption. Google, Mozilla and many other companies may warn about insecurity of a website without HTTPS encryption or even block access to such website.
An EV (Extended Validation) SSL certificate also provides a certain degree of trust to your website visitors by ensuring that your organization is a valid and existing business. Recently, however, many organizations and web browsers announced a gradual discontinuity of EV SSL certificates support stating lack of efficiency and exorbitant prices for EV certificates among the main causes of their decision.
Q
Can SSL be decrypted?
A
Some of the inherent cryptographic vulnerabilities (e.g. BEAST or POODLE) or SSL/TLS implementational vulnerabilities (Heartbleed) of SSL/TLS allow decrypting SSL/TLS traffic under some circumstances, usually involving social engineering, vulnerable or misconfigured software on the client or server side. Some variations of MITM (Man-in-the-Middle) attacks also permit intercepting and forging encrypted content under similar set of circumstances.
Q
What is the SSL test and how do I perform it?
A
SSL test aims to illuminate the wide spectrum of configurational, implementational and cryptographical problems inherent to SSL/TLS protocols and underlying software. ImmuniWeb Community Edition provides a free SSL test to detect all known security and cryptographic issues in your SSL/TLS-enabled services (e.g. HTTPS or SMTPS servers) and also test whether PCI DSS, NIST and HIPAA requirements related to SSL are properly implemented.
Q
What is SSL/TLS security testing used for?
A
SSSL/TLS security testing may be used to ensure that regulatory requirements and compliance, including different requirements of PCI DSS, GDPR or NIST, are properly implemented. Furthermore, SSL/TLS security testing ensures that your clients and other websites visitors (in the case of HTTPS encryption) are well protected from MITM attacks and other vectors of data interception. Finally, proper SSL/TLS configuration ensures that modern web and mobile browsers won’t block access to your website considering its insecure. You can test your SSL/TLS security by a free online test provided as a part of ImmuniWeb Community Edition.
This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.
PCI DSS 
