SSL/TLS Security, Best Practices and PCI DSS Compliance
For the benefit of cybersecurity community we’ve developed a free SSL Security Test. It can test SSL/TLS security and implementation for compliance with PCI DSS requirements, HIPAA guidance and NIST guidelines.
Differently from SSLLabs for example, it allows testing any port and protocol wrapped into SSL/TLS, such as SMTPS or POP3S. All you need to do is to enter your domain name, or IP, and a port number (443 is used by default for HTTPS):
Moreover, it shows you whether your custom configuration of SSL/TLS is compliant with PCI DSS requirements, HIPPA guidance and NIST guidelines:
For emails servers, SSL Security Test also verifies your SPF, DKIM and DMARC records, making it a sort of Swiss-army knife for email server security hardening:
Very cool thing is a subdomain list for every test showing a holistic picture of your corporate implementations of SSL encryption:
Finally, you get a comprehensive list of industry best practices, from EV certificates and Always-On SSL to HSTS and HPKP:
Conclusion: valuable free security tool to ensure security and compliance of your SSL/TLS encryption.
