SSL Labs in 2016 and Beyond

Ivan Ristic

Last updated on: October 21, 2021

In early 2009, SSL Labs was just this idea I had, born out of frustration with having to deal with a very complex subject without good documentation and tools. I wanted something that worked for me, and didn’t really anticipate that it could become as popular as it is today. The first version launched in the summer of that same year.

I joined Qualys in 2010, not knowing that I’d stay for 6 happy and productive years. In that time, SSL Labs went from a lovely but little known site, to the popular SSL/TLS destination it is today. It’s now a de-facto standard for secure server assessment. More important, it became a place that helps you deploy your systems securely. Over the years I watched with quiet joy tens of thousands of sites improve their configuration, a process that accelerated with the rise of popularity of SSL Labs. The last time I looked at the statistics, hundreds of thousands of people were on the site monthly, usually several times.

Qualys have been fantastically supportive of my work. Even though I didn’t originally join to work on SSL Labs, the site became my primary job at the point when that was most needed. To their credit, the web site remained free and there was never any attempt or even idea to compromise on the service in any way. In fact, almost the only mention of Qualys is the logo at the top of the web site. It’s so rare to give unreservedly, without asking for anything in return.

My journey was long, but exciting. Over the years, in a quest to understand it all, I immersed myself in the ecosystem. Somewhere along the line I couldn’t resist the temptation to write another book, and Bulletproof SSL and TLS was born.

After 7 years with SSL Labs, it’s time for me to move on and pursue other projects, but my journey doesn’t end here. In fact, even though I left Qualys as an employee, I am staying on as an advisor to help SSL Labs continue to improve. After all, SSL Labs is a big part of me and I can’t leave it behind just like that.

Looking from outside, there probably won’t be many changes. I will be less active on the forums and mailing lists, but I’ll still be there. Qualys are committed as ever to continue making SSL Labs better. In fact, over the last two months I’ve been helping my colleagues Yash and Bhushan take over the development; we’re now planning the next steps together.

Qualys, thank you for a wonderful opportunity to work on what I love. It was a pleasure working with you all. Also thanks to everyone who used SSL Labs over the years and especially those who wrote in, reported problems, and asked for improvements. You helped shape SSL Labs into what it is today.

Now onto the new adventures that await in the future! I’ll see you on the net.

Show Comments (16)

Leave a Reply to Dominic Cancel reply

Your email address will not be published. Required fields are marked *

  1. Ivan,

    Thank you for SSL Labs and all you have done with and for Qualys and the Community as well. Your work is much appreciated. Here is looking toward the future.

    Cheers,

    Frank

  2. Thanks for all the work you put in over the years. Your blogs & book have helped make sense to a very difficult subject. Much luck in any and all journeys ahead.
    Ray

  3. Just got done reading your book. Your contributions to the field of security education along with those of your colleges and Qualys are invaluable! Good luck with your future endeavors!

  4. Thanks for SSL Labs, I guess it is self evident by the no of sites being tested on how popular it is amongst the security community.

    Wish you all the best! looking forward for more awesome tools/apps.

  5. As the haproxy project maintainer I also want to thank you for SSL Labs. It helped us a lot to improve our SSL stack, and your advices were invaluable as well. I wish you good luck with your future projects whatever they are!

  6. Thanks, Ivan, for all you have done. I’m not a server admin, just an ordinary user of e-commerce concerned about privacy, security and fraud. I run the tool for every “secure” site I use. The worst case was a public-sector pension site, graded F (SSL2, SSL3, Poodle TLS, RC4, no TLS1.2). Your help has brought about improved security for tens of thousands of public-sector employees and pensioners. But they don’t know it! Good luck in your new ventures.

  7. Thanks for all of the work you have done on behalf of the TLS community. It is much appreciated and heavily used.

    Again thanks,

    Craig Hoeferkamp

  8. Thank you Ivan, for all the work on the SSL Labs, the books and making the TLS more secure. The journey of SSL Labs is also inspirational. Good luck in your future projects!