« Open letter from UK security researchers | Main | OpenSSL Cookbook v1.1 released »

Introducing the SSL Client Test

October 02, 2013

I am delighted to introduce the most recent addition to the SSL Labs web site, the SSL Client Test. For some reason, even though we released sslhaf, our passive client fingerprinting tool, back in 2009, our attention until now remained on server testing only.

Then, this year, there was a noticeable increase in the interest in computer security and browser capabilities specifically, which led many of our users to ask us to implemented a client test. We already had a page that displayed the capabilities of well known browsers (linked from the Handshake Simulator section); from there, it was really easy to show what your browser can do.

Behind the scenes we rely on sslhaf to extract the entire raw client handshake request and make it available to our application (implemented in Java). From there, we simply disassemble the available information and present it to the user.

With the client test, you are now able to see the SSL/TLS capabilities of your preferred browser simply by visiting the test page. And, because the SSL protocol is designed in such a way that clients always tell servers about their capabilities, the best part is that testing does not take much time. In fact, it's pretty much instantaneous.

MY BOOK: If you like this blog post, you will love Bulletproof TLS and PKI. For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI and will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. It's available now.