Verify your SSL, TLS & Ciphers implementation

Contributor - 24 November 2017 - 12 Mins
Contributor - 24 November 2017 - 12 Mins
Secure Sockets Layer(SSL) verification helps us to identify any issue with certification and cipher suites. This verification must be performed on a regular basis. There are multiple ways to check SSL certificate. However, testing through online tools provides you with useful information. The main advantage is that it helps you test the SSL for issues in the initial stages itself.
NOTE: An incorrectly configured SSL/TLS can make your website vulnerable.
This blog details SSL server test by using the online tool SSL Labs by Qualys.
SSL Labs by Qualys is one of the most popular SSL testing tools used to check all the latest vulnerability & incorrect configuration like the following:
You can check your websites SSL security at https://www.ssllabs.com/ssltest/ and https://filippo.io/CVE-2016-2107/.
You can check OpenSSL vulnerabilities news at https://www.openssl.org/news/vulnerabilities.html
Other SSL/TLS tests:
After running a test, its bad news if you see something like the following images:
SSL is relatively easy to use, but it does have its traps. Here we show you a straightforward assessment methodology, allowing administrators to assess SSL server configuration confidently without the need to become SSL experts.
The SSL labs approach consists of four steps:
Numerical Score | Grade |
score >= 80 | A |
score >= 65 | B |
score >= 50 | C |
score >= 35 | D |
score >= 20 | E |
score < 20 | F |
If you have any of the following certificate issues, the result will be in a zero:
Category | Score |
Protocol support | 30% |
Key exchange | 30% |
Cipher strength | 40% |
Protocol | Score |
SSL 2.0 | 0% |
SSL 3.0 | 80% |
TLS 1.0 | 90% |
TLS 1.1 | 95% |
TLS 1.2 | 100% |
Key exchange aspect | Score |
Weak key (Debian OpenSSL flaw) | 0% |
Anonymous key exchange (no authentication) | 0% |
DH parameter strength or Key < 512 bits | 20% |
Exportable key exchange (limited to 512 bits) | 40% |
DH parameter strength or Key < 1024 bits (e.g., 512) | 40% |
DH parameter strength or Key < 2048 bits (e.g., 1024) | 80% |
DH parameter strength or Key < 4096 bits (e.g., 2048) | 90% |
DH parameter strength or Key >= 4096 bits (e.g., 4096) | 100% |
Cipher strength | Score |
0 bits (no encryption) | 0% |
< 128 bits (e.g., 40, 56) | 20% |
< 256 bits (e.g., 128, 168) | 80% |
>= 256 bits (e.g., 256) | 100% |
We have taken the reference from the OpenSSL website.
Leave a Reply