httpswatch icon indicating copy to clipboard operation
httpswatch copied to clipboard

Published 20 hours ago verified publisher icon benjaminp

Score design

Open cybershambles opened this issue 10 years ago • 2 comments

Obviously, the score should be rolling - you need to pass all of the lower checks to move forward.

Bad: No SSL/TLS Mediocre: No default/no HSTS Good: HTTPS redirected/HSTS enabled. No beast/poodle/heart-bleed. Best: No bad ciphers/MD5/RC2. TLS-only. Perfect: Forward Secrecy Only + New 4096-SHA265 key.

cybershambles avatar Jan 21 '15 05:01 cybershambles

What would that list look like...

Mediocre [] A verified TLS connection can be established. [] A page can be successfully fetched over HTTPS.

Good [] Strict-Transport-Security header is set but the max-age is less than 30 days. [] HTTP site redirects to HTTPS. [] BEAST/POODLE/Heartbleed safe

Best [] No bad ciphers/Hashes - No RC4/MD5 [] TLS only

Perfect [] Forward Secrecy only [] Cert is 4096 bit key/SHA254 hash

cybershambles avatar Jan 21 '15 05:01 cybershambles

Actually... I just figured we shouldn't flood with information... when people are failing to reach the lowest bar.. the rest is a bonus

So let's keep the three stages and bonus points the rest..

Just give Gold stars for the following.... for sites that go above and beyond [] No bad ciphers/Hashes - No RC4/MD5 [] TLS only [] Cert is 4096 bit key/SHA254 hash

cybershambles avatar Jan 21 '15 07:01 cybershambles