Our Assessment Activities
SSL Labs (this web site) is a non-commercial research effort, run by Qualys, to better understand how SSL, TLS, and PKI technologies are used in practice. Since 2009, we have been working on tools and documentation to assist system owners assess, troubleshoot, and improve their usage of SSL. We have also worked very hard to promote the importance of properly configured SSL servers for security.
Our scanning activities fall into 2 groups:
- Hostname assessments initiated by our web site visitors. We provide a free SSL assessment tool that can be used to scan any public SSL web site.
- Regular monthy assessments of the most popular web sites, according to Alexa. This activity is part of SSL Pulse, which is a continuous dashboard for monitoring the quality of SSL support across the top one million public web sites. SSL Pulse is a project of Trustworthy Internet Movement.
Our assessments are slow, non-intrusive, and do not consume significant resources. They are focused solely on the effective SSL configuration of public servers. The security of the web servers themselves is not investigated. We do not send any malicious or even malformed traffic. We never test for exploits.
We apologise for any inconvenience that our scans may be causing for you. If you have a problem with how we're scanning, please get in touch. We will be happy to adjust our scanning so that it does not bother you. If, on the other hand, you object to your public web servers being scanned, we will add you to our black list (consisting of IP addresses and/or domain names) and you will not be scanned again.