ssllabs.endpointdetails¶
-
class
ssllabs.endpointdetails.
CompressionMethods
(data)[source]¶ Bases:
object
supported compression methods, from
EndpointDetails.compressionMethods()
-
deflate
¶ set for DEFLATE
-
-
class
ssllabs.endpointdetails.
EndpointDetails
(data)[source]¶ Bases:
ssllabs.object.Object
Detailed information about an endpoint, accessed from
ssllabs.endpoint.Endpoint.details()
-
cert
¶ certificate information as a
ssllabs.cert.Cert
-
chaCha20Preference
¶ true if the server takes into account client preferences when deciding if to use ChaCha20 suites.
-
chain
¶ chain information, as a
ssllabs.chain.Chain
-
compressionMethods
¶ integer value that describes supported compression methods, as a
CompressionMethods
-
dhPrimes
¶ list of DH primes used by the server (as raw binary bytes objects). Not present if the server doesn’t support the DH key exchange.
-
dhUsesKnownPrimes
¶ whether the server uses known DH primes. Not present if the server doesn’t support the DH key exchange. Possible values: 0 - no 1 - yes, but they’re not weak 2 - yes and they’re weak
-
dhYsReuse
¶ true if the DH ephemeral server value is reused. Not present if the server doesn’t support the DH key exchange.
-
drownErrors
¶ true if error occurred in drown test.
-
drownHosts
¶ list of drown hosts as
ssllabs.drownhost.DrownHost
. Experimental.
-
drownVulnerable
¶ true if server vulnerable to drown attack.
-
fallbackScsv
¶ true if the server supports TLS_FALLBACK_SCSV, false if it doesn’t. This field will not be available if the server’s support for TLS_FALLBACK_SCSV can’t be tested because it supports only one protocol version (e.g., only TLS 1.2).
-
forwardSecrecy
¶ indicates support for Forward Secrecy, as a
ForwardSecrecy
object
-
freak
¶ true of the server is vulnerable to the FREAK attack, meaning it supports 512-bit key exchange.
-
hasSct
¶ information about the availability of certificate transparency information (embedded SCTs) as
HasSct
-
heartbeat
¶ true if the server supports the Heartbeat extension.
-
heartbleed
¶ true if the server is vulnerable to the Heartbleed attack.
-
hostStartTime
¶ endpoint assessment starting time, in milliseconds since 1970. This field is useful when test results are retrieved in several HTTP invocations. Then, you should check that the hostStartTime value matches the startTime value of the host.
-
hpkpPolicy
¶ server’s HPKP policy as a
ssllabs.hpkppolicy.HpkpPolicy
. Experimental.
-
hpkpRoPolicy
¶ server’s HPKP RO (Report Only) policy as a
ssllabs.hpkppolicy.HpkpPolicy
. Experimental.
-
hstsPolicy
¶ server’s HSTS policy as a
ssllabs.hstspolicy.HstsPolicy
. Experimental.
-
hstsPreloads
¶ information about preloaded HSTS policies as a list of
ssllabs.hstspreload.HstsPreload
-
httpForwarding
¶ available on a server that responded with a redirection to some other hostname.
-
httpStatusCode
¶ status code of the final HTTP response seen. When submitting HTTP requests, redirections are followed, but only if they lead to the same hostname. If this field is not available, that means the HTTP request failed.
-
key
¶ key information, as a
ssllabs.key.Key
-
logjam
¶ true if the server uses DH parameters weaker than 1024 bits.
-
miscIntolerance
¶ indicates various other types of intolerance as
MiscIntolerance
-
nonPrefixDelegation
¶ true if this endpoint is reachable via a hostname without the www prefix
-
npnProtocols
¶ list of supported protocols
-
ocspStapling
¶ true if OCSP stapling is deployed on the server
-
openSSLLuckyMinus20
¶ results of the CVE-2016-2107 test: -1 - test failed 0 - unknown 1 - not vulnerable 2 - vulnerable and insecure
-
openSslCcs
¶ results of the CVE-2014-0224 test: -1 - test failed 0 - unknown 1 - not vulnerable 2 - possibly vulnerable, but not exploitable 3 - vulnerable and exploitable
-
poodle
¶ true if the endpoint is vulnerable to POODLE; false otherwise
-
poodleTls
¶ results of the POODLE TLS test: -3 - timeout -2 - TLS not supported -1 - test failed 0 - unknown 1 - not vulnerable 2 - vulnerable
-
prefixDelegation
¶ true if this endpoint is reachable via a hostname with the www prefix
-
protocolIntolerance
¶ indicates protocol version intolerance issues as
ProtocolIntolerance
-
protocols
¶ supported protocols, as a list of
ssllabs.protocol.Protocol
-
rc4Only
¶ true if only RC4 suites are supported.
-
rc4WithModern
¶ true if RC4 is used with modern clients.
-
renegSupport
¶ this is
RenegSupport
object that describes the endpoint support for renegotiation
-
serverSignature
¶ Contents of the HTTP Server response header when known. This field could be absent for one of two reasons: 1) the HTTP request failed (check httpStatusCode) or 2) there was no Server response header returned.
-
sessionResumption
¶ this is an integer value that describes endpoint support for session resumption. The possible values are: 0 - session resumption is not enabled and we’re seeing empty session IDs 1 - endpoint returns session IDs, but sessions are not resumed 2 - session resumption is enabled
-
sessionTickets
¶ indicates support for Session Tickets, as a
SessionTickets
object
-
sims
¶ instance of SimDetails.
-
sniRequired
¶ if SNI support is required to access the web site.
-
staplingRevocationErrorMessage
¶ description of the problem with the stapled OCSP response, if any.
-
staplingRevocationStatus
¶ same as
ssllabs.cert.Cert.revocationStatus()
, but for the stapled OCSP response.
-
suites
¶ supported cipher suites, as a
ssllabs.suites.Suites
-
supportsNpn
¶ true if the server supports NPN
-
supportsRc4
¶ true if the server supports at least one RC4 suite.
-
vulnBeast
¶ true if the endpoint is vulnerable to the BEAST attack
-
-
class
ssllabs.endpointdetails.
ForwardSecrecy
(data)[source]¶ Bases:
object
indicates support for Forward Secrecy, from
EndpointDetails.forwardSecrecy()
-
allacheived
¶ set if all simulated clients achieve FS. In other words, this requires an ECDHE + DHE combination to be supported
-
modernacheived
¶ set based on Simulator results if FS is achieved with modern clients. For example, the server supports ECDHE suites, but not DHE
-
negotiated
¶ set if at least one browser from our simulations negotiated a Forward Secrecy suite
-
-
class
ssllabs.endpointdetails.
HasSct
(data)[source]¶ Bases:
object
information about the availability of certificate transparency information (embedded SCTs), from
EndpointDetails.hasSct()
-
sctincertificate
¶ SCT in certificate
-
sctinstapledocsp
¶ SCT in the stapled OCSP response
-
sctintlsextension
¶ SCT in the TLS extension (ServerHello)
-
-
class
ssllabs.endpointdetails.
MiscIntolerance
(data)[source]¶ Bases:
object
indicates various other types of intolerance, from
EndpointDetails.miscIntolerance()
-
extensionintolerance
¶ extension intolerance
-
longhandshakeintolerance
¶ long handshake intolerance
-
longhandshakeworkaround
¶ long handshake intolerance workaround success
-
-
class
ssllabs.endpointdetails.
ProtocolIntolerance
(data)[source]¶ Bases:
object
indicates protocol version intolerance issues, from
EndpointDetails.protocolIntolerance()
-
TLS_1_0
¶ TLS 1.0
-
TLS_1_1
¶ TLS 1.1
-
TLS_1_152
¶ TLS 1.152
-
TLS_1_2
¶ TLS 1.2
-
TLS_1_3
¶ TLS 1.3
-
TLS_2_152
¶ TLS 2.152
-
-
class
ssllabs.endpointdetails.
RenegSupport
(data)[source]¶ Bases:
object
support for renegotiation, from
EndpointDetails.renegSupport()
-
clientinitiated
¶ set if insecure client-initiated renegotiation is supported
-
secure
¶ set if secure renegotiation is supported
-
secureclientinitiated
¶ set if secure client-initiated renegotiation is supported
-
serverrequiressecure
¶ set if the server requires secure renegotiation support
-
-
class
ssllabs.endpointdetails.
SessionTickets
(data)[source]¶ Bases:
object
support for session tickets, from
EndpointDetails.sessionTickets()
-
faulty
¶ set if the implementation is faulty [not implemented]
-
intolerant
¶ set if the server is intolerant to the extension
-
supported
¶ set if session tickets are supported
-