SSL Basics
Certificate & config check
🌐 172.70.80.41
🔥 5 left
ℹ️ testssl.sh Security Scan
Analyzes SSL/TLS certificates, encryption protocols, and known vulnerabilities. Typical scan time: 5–10 minutes.
Analyzes SSL/TLS certificates, encryption protocols, and known vulnerabilities. Typical scan time: 5–10 minutes.
What is the SSL Basic Test?
testssl.sh is an open‑source utility that comprehensively inspects SSL/TLS configurations and precisely analyzes your website’s HTTPS security settings.
🔧 What is testssl.sh?
- Open‑source SSL/TLS tester: industry‑standard tool with 10k+ GitHub stars.
- Comprehensive coverage: similar to SSL Labs with deeper technical details.
- Live analysis: connects directly to your server to validate actual settings.
- Vulnerability detection: scans for Heartbleed, POODLE, BEAST, and more.
📋 Key checks
🔐 SSL/TLS Protocols
- Supported protocol versions (SSL 2.0/3.0, TLS 1.0–1.3)
- Detect vulnerable legacy protocols
- Check TLS 1.3 support
📜 SSL Certificates
- Certificate validity/expiry
- Certificate chain integrity
- Subject Alternative Names (SAN)
- OCSP stapling support
🔒 Cipher Suites
- Supported encryption algorithms
- Perfect Forward Secrecy (PFS)
- Weak cipher suite detection
🛡️ Security vulnerabilities
- Heartbleed, POODLE, BEAST
- CRIME, BREACH, FREAK
- DROWN, LOGJAM, SWEET32
- HTTP security headers (HSTS, etc.)
🎯 Why is SSL/TLS testing important?
- Data protection: ensures encryption quality for all data in transit.
- Trust: delivers HTTPS without browser warnings.
- Compliance: meets standards like GDPR and PCI‑DSS.
- SEO: HTTPS is favored by search engines.
- Prevention: guards against known SSL/TLS vulnerabilities.
| Grade | Score | Security criteria |
|---|---|---|
| A+ | 90–100 | Only latest TLS used, no vulnerabilities Strong cipher suites Certificate and chain fully valid HSTS and related settings strong |
| A | 80–89 | TLS 1.2/1.3 supported; legacy blocked No major vulnerabilities Possible minor weak ciphers or misconfigs Generally safe |
| B | 70–79 | Mostly secure protocols Some weak ciphers present Many testssl.sh WEAK warnings Needs improvement |
| C | 60–69 | Some legacy TLS enabled High use of weak crypto Certificate near expiry/simple DV Few vulnerabilities found |
| D | 50–59 | SSLv3/TLS 1.0 permitted Many weak ciphers enabled Certificate chain errors/near expiry Multiple vulnerabilities present |
| F | 0–49 | SSL/TLS configuration fundamental flaws Vulnerable protocols broadly allowed Certificate expired/self‑signed Many testssl.sh FAIL/VULNERABLE |
📋 Certificate issuance requirements:
• Grade B or higher
• No major security vulnerabilities
• Valid SSL certificate present
• Sign‑in required
⏰ Typical duration: ~5–10 minutes (varies by server response)
🔄 Recommended cadence: monthly checks (certificate expiry, new CVEs)
• Grade B or higher
• No major security vulnerabilities
• Valid SSL certificate present
• Sign‑in required
⏰ Typical duration: ~5–10 minutes (varies by server response)
🔄 Recommended cadence: monthly checks (certificate expiry, new CVEs)
No results yet
Run a test to view your SSL/TLS security assessment.
No results yet
Run a test to view the raw testssl.sh output.
Sign in to view test history.
Sign in to manage domains.