Testing HTTPS/TLS sites

Internet

Two of the best tools for testing your HTTPS/TLS connection settings are the Qualys SSL Server Test, and the Mozilla Observatory I only learned of yesterday.

They both test somewhat different metrics, so Rubenerd got an A+ from Qualys, but only a B+ from Mozilla. The great thing is they each offer suggestions, so I was able to get to an A+ with just a few changes.

My only caveat was this listed failure on the Mozilla Observatory:

Blocks inline styles by not allowing ‘unsafe-inline’ inside style-src

I can see how removing inline styles would offer security benefits, but we’ve had it drummed into us for years that HTML width and height attributes are depracated in favour of CSS. It’s infeasible for most sites to store sizes for every single image in a remote CSS file.

Author bio and support

Me!

Ruben Schade is a technical writer and infrastructure architect in Sydney, Australia who refers to himself in the third person. Hi!

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite bespoke cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or send a comment. Thanks ☺️.