Our Assessment Activities
SSL Labs (this web site) is a non-commercial research effort, run by Qualys, to better understand how SSL, TLS, and PKI technologies are used in practice. Since 2009, we have been working on tools and documentation to assist system owners assess, troubleshoot, and improve their usage of SSL. We have also worked very hard to promote the importance of properly configured SSL servers for security.
Our scanning activities fall into 2 groups:
- Hostname assessments initiated by our web site visitors. We provide a free SSL assessment tool that can be used to scan any public SSL web site.
- Regular monthy assessments of the most popular web sites, according to Alexa. This activity is part of SSL Pulse, which is a continuous dashboard for monitoring the quality of SSL support across the top one million public web sites. SSL Pulse is a project of Trustworthy Internet Movement.
Our assessments are slow, non-intrusive, and do not consume significant resources. They are focused solely on the effective SSL configuration of public servers. The security of the web servers themselves is not investigated. We do not send any malicious or even malformed traffic. We never test for exploits.
We apologise for any inconvenience that our scans may be causing for you. If you have a problem with how we're scanning, please get in touch. We will be happy to adjust our scanning so that it does not bother you. If, on the other hand, you object to your public web servers being scanned, we will add you to our black list (consisting of IP addresses and/or domain names) and you will not be scanned again.
Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions delivered as a service. Qualys's Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures. The QualysGuard® service is used today by more than 3,500 organizations in 85 countries, including 40 of the Fortune Global 100 and performs more than 200 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company. Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, SecureWorks, Symantec, Tata Communications, TELUS and VeriSign.
For more information, visit the Qualys web site.