SSL News Roundup

Robert Dell'Immagine

Here’s a summary of this week’s SSL news, in case you missed any of it:

SSL Labs API Available

Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. These APIs and tool are already being used to consolidate testing of websites, detect changes in results and get notifications when certificates expire. And we continue to see public reports of poor SSL configurations, with the goal of motivating companies to improve their security. Here’s an article from eWeek.

Best Practices

Qualys' Ivan Ristic wrote in CSO Online magazine about the guide at SSL Labs.


The OpenSSL project released updates for four versions of the software, covering 12 security fixes for vulnerabilities reported to them in recent months by several cybersecurity researchers. Fortunately, the issues were not as severe as people thought.

SSL Pulse Updates

From our friends at SSL Pulse come updates to their continuous and global dashboard for monitoring the quality of SSL support across the top one million web sites: new graphs for Protocol Downgrade Defense & OCSP Stapling, plus an updated graph for Key Exchange Strength. For details, see the help pop-ups in the headline of each graph.

Webcast March 26: Detecting & Addressing Unsafe SSL Configurations

SSL and security experts Ivan Ristic (SSL Labs), Wolfgang Kandek (Qualys CTO) and Jonathan Trull (Qualys CISO) discuss the state of SSL encryption, how major problems are being addressed and new features in Qualys SSL Labs.

Thursday, March 26 at 10am Pacific

Share your Comments


Your email address will not be published. Required fields are marked *