Closed Tuinslak closed 9 years ago
I don't think HTTPS Watch should try to duplicate SSL Labs' efforts.
However, highlighting existing SSL Labs scores sounds like a good idea. HTTPS Watch is basically a thin opinionated wrapper on SSL Labs (which tests if SSL works properly), which also takes HSTS and default redirection into account (which tells you if users are actually being protected).
If the webpage is still effected by heartbleed and RC4.... they've got more to worry about than us shaming them
Fixed as of 811b0b0943dd4f6d637611958e2b12e1d7242f27 ?
Good point.
For example www.ing.be: it gets a good rating via httpswatch, but ssllabs rates it F (mostly due to poodle vuln).
SHA1, RC4 and Forward Secrecy are other parameters ssllabs adds a lot of focus to.