« SSL Labs end of year 2014 updates | Main | Apache Security: free, ten years later »

SSL Labs APIs now available in Beta

January 22, 2015

In the end-of-year post last month, I mentioned that SSL Labs APIs had been made available for early access. What that meant was that we wanted some people to have a look at our APIs and play with the open source reference client, but otherwise didn't want everyone to come at once. After a period of testing, we're ready to move to the next phase. The APIs (as in the specification, not the implementation) are now considered stable and we're committed to supporting them for a long period of time. We're also happy with more people looking at the APIs and using them. The APIs are still running on our development servers and may lack the power of our production cluster, but are otherwise stable and fully production ready. In the following weeks we'll do some more testing, with the goal of moving the APIs into production by the end of February.

We see three important use cases for our APIs:

  • Testing of your own infrastructure
  • Integration with CAs and large infrastructure providers (e.g., hosting providers, CDNs, etc).
  • Integration with non-commercial open source tools

We will formulate formal terms and conditions soon. We regret to say, but at this time we are not interested in integration of SSL Labs with commercial products, or the use of the APIs to build web sites (e.g., report aggregators) or online testing tools.

All you need to use the APIs is available from our GitHub repository: https://github.com/ssllabs/ssllabs-scan.

I hope you'll find the APIs useful. If you'd like to give us your feedback and/or participate in the further development of the APIs and the reference client, please join us on the ssllabs-devel mailing list: https://sourceforge.net/p/ssllabs/mailman/ssllabs-devel/.

MY BOOK: If you like this blog post, you will love Bulletproof TLS and PKI. For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI and will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. It's available now.