GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
Security::TLSCheck::Checks::Web(3) User Contributed Perl Documentation Security::TLSCheck::Checks::Web(3)

Security::TLSCheck::Checks::Web - (Basic) HTTP and HTTPS Checks

...

This module checks some (basic) HTTP key figures:

  * HTTP / HTTPS for domain or www domain active; status OK?
  * HTTP redirects to HTTPS?
  * redirections
  * simple HTTPS Certificate Verification (via LWP with help from Mozilla::CA)

For simplification of the results, this check first tries to use http://www.domain.tld/ and only if this does gives an result only http://domain.tld/

So we don't have to count two results per domain, only one.

Checks, if there is something on port 80/443 ...

Fails when Status is 500 and there is a "Client-Warning" header with "Internal response"

   * https_active is true, if there is HTTPS, certificate verify failed, but there is https.
   * https_all_verified is only true, if certificate verification is OK and host matches.
   * https_host_verified is true, if the SSL host matches, but cert is not checked
   * https_cert_verified is true, if there is a valid certificate (Mozilla::CA), hostname not checked
   * https_cert_ok_host_not is true, if there is a valid certificate, but hostname does NOT match

Returns true if HTTP request was sucessful and no error (status Code 2xx)

Returns true, all HTTP Requests (on the start page) are redirected to HTTPS

Returns true, if HTTPS Requests (on the startpage) are redirected to HTTP

Checked for all HTTPS conections, including invalid Certs.

Returns the max-age value of the Strict-Transport-Security header.

Checked for all certs (also when invalid).

Returns undef, if there is none.

RFC says: The max-age directive value can optionally be quoted:

  Strict-Transport-Security: max-age="31536000"

Does the site resets HTTP Strict Transport Security?

This is the case, when the max_age is set to 0.

Extracts the used cipher_suite from the HTTP-Headers (Client-SSL-Cipher)

Checked for all HTTPS connections, also checked when invalid certificate

Extracts certifivate issuer from the HTTP-Headers (Client-SSL-Cert-Issuer)

ONLY FOR VALID CERTS!

Checks, if the cert is signed by Let's Encrypt

Checks, if the cert is selfsigned

Checks, if the cert is selfsigned AND the hostname matches

Extracts server string from Server header.

Server name, without other informations (Version, modules, ...)

Server name and major version, without other informations (patchlevel, modules, ...)

Supports HTTP Public Key pinning (Public-Key-Pins Header).

Checked for all HTTPS conections, including invalid Certs.

Supports HTTP Public Key pinning, report only (Public-Key-Pins-Report-Only Header).

Checked for all HTTPS conections, including invalid Certs.

2022-04-08 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.