Here’s a summary of this week’s SSL news, in case you missed any of it:
SSL Labs API Available
Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. These APIs and tool are already being used to consolidate testing of websites, detect changes in results and get notifications when certificates expire. And we continue to see public reports of poor SSL configurations, with the goal of motivating companies to improve their security. Here’s an article from eWeek.
Qualys' Ivan Ristic wrote in CSO Online magazine about theguide at SSL Labs.
The OpenSSL project released updates for four versions of the software, covering 12 security fixes for vulnerabilities reported to them in recent months by several cybersecurity researchers. Fortunately, the issues were not as severe as people thought.
SSL Pulse Updates
From our friends at SSL Pulse come updates to their continuous and global dashboard for monitoring the quality of SSL support across the top one million web sites: new graphs for Protocol Downgrade Defense & OCSP Stapling, plus an updated graph for Key Exchange Strength. For details, see the help pop-ups in the headline of each graph.
Webcast March 26: Detecting & Addressing Unsafe SSL Configurations
SSL and security experts Ivan Ristic (SSL Labs), Wolfgang Kandek (Qualys CTO) and Jonathan Trull (Qualys CISO) discuss the state of SSL encryption, how major problems are being addressed and new features in Qualys SSL Labs.
Thursday, March 26 at 10am Pacific