Comprehensive analysis of SSL/TLS web server configuration.
Enter a domain name (e.g., google.com) into the input field and click "Analyze". The tool will perform a series of tests against the server and generate a detailed security report. The report is divided into sections, each focusing on a different aspect of the server's configuration.
Report Summary: Provides an at-a-glance overview of the server's grade and lists the most critical issues found during the test.
Certificate Details: Checks the SSL certificate itself. We verify it's not expired, is issued by a trusted authority, and matches the domain name. We also check for modern features like OCSP Stapling (for performance) and Certificate Transparency (for security).
Server Configuration: Analyzes the server's support for different TLS protocols and cipher suites. A secure server should only enable modern, strong protocols (TLS 1.2, 1.3) and ciphers, and support Forward Secrecy.
HTTP Security Headers: Tests for the presence of important security headers that instruct browsers to enable security features. These headers help prevent common attacks like clickjacking and cross-site scripting (XSS).
Known Vulnerabilities: Tests for common historical vulnerabilities like Heartbleed, POODLE, and Logjam. A vulnerable result here indicates a critical misconfiguration that must be fixed.
What does the overall grade mean?
The grade is a summary of your server's security posture. 'A+' is excellent, 'B' is adequate but could be improved, and 'C' or below indicates significant issues. 'F' means there is a critical vulnerability or misconfiguration.
Why did my grade drop?
Grades can drop if new vulnerabilities are discovered, best practices change (e.g., an old protocol is deprecated), or if your certificate expires. It's good practice to re-scan your servers periodically.
How do I fix the issues found in the report?
The advice provided in each section gives you a starting point. Most fixes involve editing your web server's configuration file (e.g., for Nginx or Apache) to disable old protocols, update cipher suites, and add security headers.
What is the difference between TLS 1.2 and 1.3?
TLS 1.3 is the latest version. It's faster and more secure than TLS 1.2, removing obsolete features and improving the speed of the handshake process. Supporting both is the current best practice.