SSL server test
User guide
- Getting Started
Api
Concepts
Configurations
Configuring webhint
Connectors
Development flow integration
Extensions
Formatters
Hints
- Avoid CSS limits
- Avoid HTTP redirects
- axe accessibility check
- Babel configuration hint set
- Compatibility of CSS, HTML and JavaScript features
- Correct `Content-Type` header
- Correct manifest extension
- Correct viewport
- Detect CSS Reflows
- Disallowed HTTP headers
- External links disown opener
- Has web app manifest
- Highest document mode
- HTTP cache
- Leading '.' in `classList.add` or `classList.remove`
- Manifest has name
- Minify JavaScript
- Modern DOCTYPE
- No `createElement` with SVG
- No `P3P` headers
- No broken links
- No byte-order mark
- No Inline CSS Styles
- No protocol-relative URLs
- No small error pages
- No vulnerable libraries
- Nu HTML test
- Optimal compression
- Optimize images
- Performance budget
- Prefixed CSS first
- scoped-svg-styles
- Specify button type
- SSL server test
- TypeScript configuration hints set
- Unneeded HTTP headers
- Use `Strict-Transport-Security` header
- Use `X-Content-Type-Options` header
- Use Apple touch icon
- Use charset `utf-8`
- Use HTTPS
- Use subresource integrity
- Valid `Set-Cookie` header
- Valid `theme-color`
- Valid manifest
- webpack configuration hints set
Parsers
Server configurations
Troubleshoot
- Api
- Concepts
- Configurations
- Configuring webhint
- Connectors
- Development flow integration
- Extensions
- Formatters
- Hints
- Parsers
- Server configurations
- Troubleshoot
SSL server test (ssllabs)
ssllabs does a deep analysis of the site’s SSL configuration using
SSL Labs’ SSL Server Test.
Why is this important?
SSL/TLS is a deceptively simple technology. It is easy to deploy, and it works–except when it does not. The main problem is that encryption is not often easy to deploy correctly. To ensure that TLS provides the necessary security, system administrators and developers must put extra effort into properly configuring their servers and developing their applications.
From SSL Labs’ SSL and TLS Deployment Best Practices
What does the hint check?
This hint uses the SSL Labs API via
node-ssllabs to analyze the SSL configuration of
a server and report a grade.
Please look at SSL Labs’ Methodology Overview if you want to know more about the process.
Notes:
- Only servers on the public internet can be scanned by SSL Labs. Internal domains will fail.
- SSL Labs might have decided not to allow scanning of a domain (if, for example, the owner has requested it).
Can the hint be configured?
By default, the minimum grade is A- but you can configure it to
any valid grade reported by SSL Labs
by setting the grade option for the ssllabs hint in the
.hintrc file.
E.g. The following configuration will change the minimum grade to A+:
{
"connector": {...},
"formatters": [...],
"hints": {
"ssllabs": [ "error", {
"grade": "A+"
}],
...
},
...
} |
SSL Labs’ scanner also allows some configuration. By default, the one used is:
{
"all": "done",
"fromCache": true,
"maxAge": 2
} |
You can override the defaults with the following configuration:
{
"connector": {...},
"formatters": [...],
"hints": {
"ssllabs": [ "error", {
"ssllabs": {
"fromCache": false,
...
}
}],
...
},
...
} |
The list of possible parameters is available in SSL Labs’
documentation with the difference
that on/off parameters are booleans in our case as shown
in node-ssllabs’ advanced usage.
How to use this hint?
This package is installed automatically by webhint:
npm install hint --save-dev |
To use it, activate it via the .hintrc configuration file:
{
"connector": {...},
"formatters": [...],
"hints": {
"ssllabs": "error",
...
},
"parsers": [...],
...
} |
Note: The recommended way of running webhint is as a devDependency of
your project.