Skip to content

SSL/TLS Analysis

The SSL/TLS Analysis feature examines your website’s secure connection implementation, providing detailed insights into certificate configuration, protocol support, and potential security vulnerabilities.

SiteOne Crawler’s SSL/TLS Analysis offers:

  1. Certificate Validation: Checks certificate validity, expiration dates, and trust chain
  2. Protocol Support: Identifies supported SSL/TLS protocol versions
  3. Cipher Security: Evaluates the security of supported cipher suites
  4. Security Features: Checks for modern security features like OCSP stapling and HTTP Strict Transport
  5. Configuration Best Practices: Validates against current SSL/TLS best practices

The analyzer generates a detailed certificate information table:

SSL/TLS Property Value
------------------------------------
Protocol Version TLS 1.3
Certificate Issuer Let's Encrypt Authority X3
Certificate Expiry 2024-06-15 (Valid: 82 days)
Certificate SANs example.com, www.example.com
OCSP Stapling Enabled
HTTP Strict Transport Enabled (max-age=31536000)
TLS Cipher Suite ECDHE-RSA-AES256-GCM-SHA384

The analysis provides a comprehensive assessment of SSL/TLS security:

  • Validity Period: Confirmation that certificate is current and not expired
  • Subject Alternative Names (SANs): Verification of all domains covered by the certificate
  • Certificate Authority: Information about the issuing certificate authority
  • Certification Path: Validation of the complete certificate chain
  • Supported Protocols: Identification of supported SSL/TLS versions (TLS 1.2, TLS 1.3, etc.)
  • Insecure Protocols: Detection of deprecated protocols (SSL 3.0, TLS 1.0, TLS 1.1)
  • Forward Secrecy: Verification of support for Perfect Forward Secrecy
  • Cipher Suites: Analysis of supported cipher suites and their security levels
  • OCSP Stapling: Verification of OCSP stapling implementation
  • HSTS: Validation of HTTP Strict Transport Security configuration
  • Certificate Transparency: Check for Certificate Transparency compliance
  • Key Type and Size: Assessment of key type (RSA, ECDSA) and key size

Based on the analysis, the crawler provides actionable SSL/TLS recommendations:

  • Protocol Updates: Suggestions to disable outdated protocols
  • Cipher Prioritization: Recommendations for secure cipher suite configuration
  • Certificate Improvements: Advice on certificate implementation and renewal
  • Security Header Configuration: Guidance on related security headers

The SSL/TLS Analyzer works by:

  1. Establishing a secure connection to the website
  2. Retrieving and parsing certificate information
  3. Analyzing protocol and cipher support
  4. Checking for modern security features
  5. Validating against current best practices

The SSL/TLS Analysis provides several practical benefits:

  • Security Validation: Ensure your SSL/TLS implementation meets current security standards
  • Expiration Monitoring: Get advance notice of certificate expiration dates
  • Vulnerability Detection: Identify potentially insecure configurations
  • Compliance Verification: Validate against security requirements and best practices
  • Trust Indicators: Ensure your site meets the requirements for browser security indicators

Future enhancements to the SSL/TLS Analysis could include:

  • Protocol Negotiation Analysis: Deeper inspection of protocol negotiation behavior
  • Client Simulation: Testing with different client capabilities
  • Certificate Revocation Checking: More comprehensive revocation status validation
  • CAA Records: Verification of Certificate Authority Authorization DNS records
  • CT Log Monitoring: Integration with Certificate Transparency log monitoring
  • Scoring System: Standardized security score based on SSL/TLS implementation