How's my SSL?

And for testing your servers: <a href="https://www.ssllabs.com/ssltest/analyze.html" rel="nofollow">https:&#x2F;&#x2F;www.ssllabs.com&#x2F;ssltest&#x2F;analyze.html</a>

Some info on how to correct this on common browsers where it can be corrected (I use FF 26; marked bad, and comments in this thread say that some of the problems can be fixed) would be a great improvement.

Excellent!<p>(I mean the site. Not so crazy that FF 26 under OSX 10.9.1 is listed as BAD, but I understand and accept the reasoning.)<p>Hopefully this will spur the various vendors to abandon old, broken protocols and ciphers.

Site doesn&#x27;t load on IE 6. I wonder if you&#x27;ve configured the SSL certs with SNI? Would have been nice to see the page turn red, but I guess I know the answer without having to run it...<p>Edit: It&#x27;s not an SNI issue, IE 8 on XP can load the site.

Looks like they miss a step where they provide or link to instructions on how to improve, rather than just detect and explain why your client is bad.

Very useful Site - Thanks!<p>Reminded me of an old favorite &quot;Shields Up&quot; <a href="https://www.grc.com/shieldsup" rel="nofollow">https:&#x2F;&#x2F;www.grc.com&#x2F;shieldsup</a> - Great way to quickly test your Router

Unfortunately &quot;Bad&quot; results for cURL:<p>$ curl <a href="https://www.howsmyssl.com/a/check" rel="nofollow">https:&#x2F;&#x2F;www.howsmyssl.com&#x2F;a&#x2F;check</a> | python -mjson.tool

Does anyone know how to disable TLS 1.0 in Firefox 26.0 (on Linux)? I found this article:<p><a href="http://www.spotht.com/2010/06/how-to-enabledisable-ssl-30-and-tls-10.html" rel="nofollow">http:&#x2F;&#x2F;www.spotht.com&#x2F;2010&#x2F;06&#x2F;how-to-enabledisable-ssl-30-an...</a><p>However, the Options in my browser do not include a tab called &quot;Encryption&quot;, as the article discusses.

On the built in browser in CyanogenMod 10.1.3:<p>&gt; Bad: Your client is using TLS 1.0, which is very old, possibly susceptible to the BEAST attack, and doesn&#x27;t have the best cipher suites available either.<p>Interestingly I get &quot;Probably good&quot; using the Chrome browser on the same phone.

Will it make my client more unique (so identifiable) for a third-party passive advisory (who can sniff traffic) if I fine-tune my browser&#x27;s settings for example to support only TLS 1.2 and by removing all the RC4 encryption methods?

Thumbs up on everything here.<p>&gt; Google Chrome 32.0.1700.72 (Official Build 243157) m &gt; OS Windows

Safari 6.1.1 is BAD because it allows TLS 1.0 and there seems to be no way to fix it..

Nice site, I&#x27;ve been looking for something simple like that (It sure beat <a href="https://cc.dcsec.uni-hannover.de/" rel="nofollow">https:&#x2F;&#x2F;cc.dcsec.uni-hannover.de&#x2F;</a> in niceness, the website I&#x27;ve used before to &quot;check&quot; my browser).<p>Anyway I&#x27;m getting a nice &quot;Probably Okay&quot; using the latest Firefox Nightly.

Do you have some stats? I&#x27;m interested in the &quot;TLS Compression&quot; part (e.g. can I remove the breach-mitigation-rails gem from my project)

Bottom of about page is broken in IE8 <a href="http://i.imgur.com/7Mfrw3n.png" rel="nofollow">http:&#x2F;&#x2F;i.imgur.com&#x2F;7Mfrw3n.png</a> FY.

How exactly does this work? Is it sniffing the user-agent and comparing it against known values, or does it actually inspect the connection?

wget, w3m, lynx, and links are all rated “bad” here… :( Is there any way to improve this?

OK I got all good for chrome, and half bad for firefox, what should I do...

RC4 and MD5 are secure now?!

Awesome! Thanks for putting this together. The clearer the better.

Opera seems to be good across the board on Win8.1 and OSx 10.8.5