« Tuning ModSecurity Console on Windows | Main | Two bugs in mod_sslhaf fixed »

SSL Labs: a batch of small improvements

September 03, 2009

I love when a project enters the phase where you're mainly concerned with improving upon what already works! I had some time yesterday and today to spend on SSL Labs so I used the opportunity to tweak the software a bit. The changes are as follows:

  • Successful assessments are now cached for 24 hours.
  • Unsuccessful assessments are now cached for 15 minutes.
  • Display complete certificate chains, and make clear which certificates are trusted.
  • Do more to detect SSLv2 error responses (a polite way for a site to say that it does not support SSLv2).
  • Use colours and tags ("weak", "insecure", "confusing") to point to the bits in a configuration that are bad or can be improved.

I also fixed a bug or two, but that's not very important.