Example sites with broken security certs [closed]

security https ssl

Revisiting this. Here's a great online tool recently built: https://www.ssllabs.com/ssldb/analyze.html

e.g. Paypal: https://www.ssllabs.com/ssldb/analyze.html?d=https://paypal.com

There are more details when you drill into a specific server.

When this question was asked I remember I was looking for resources I could use to build a tool that would automatically check if ssl was configured "properly" for a given site; at least that a given site was not going to display various ssl errors in various browsers. There are however many types of ssl/tls "misconfiguration" and many browsers handle the cases differently. Anticipating 100% if a browser is going to display any messaging at all or any given messaging about encryption is quite challenging as it turns out.

But this is a good manual tool. What would be great is an open source command line tool that has this level of summary, for plugging into deploy tests or monitoring.


For those interested to know more about ssl under the covers, this page is very well worth a read http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html

Related

Testing NativeScript app with Appium
Capture "done" button click in iPhone's virtual keyboard with JavaScript
How to upload an attachment to GitHub wiki? [closed]
Efficient floating-point division with constant integer divisors
What's the correct way to implement key-value pair in Spinner in android
Why is calling vector.reserve(required + 1) faster than vector.reserve(required)?
Android alphabetical fast scrollview in RecyclerView with Collapsing toolbar
What is unicode character 2028 (LS / Line Separator) used for?
What pagination schemes can handle rapidly-changing content lists?
What is the use of "https://dc.services.visualstudio.com/v2/track"
Viewing Scaladoc in Eclipse
Tools to optimize (remove redundancy and merge) CSS? [closed]