NAME

WebService::SSLLabs::EndpointDetails - EndpointDetails object

VERSION

Version 0.28

SUBROUTINES/METHODS

new

a new WebService::SSLLabs::EndpointDetails object, accepts a hash ref as it's parameter.

host_start_time

endpoint assessment starting time, in milliseconds since 1970. This field is useful when test results are retrieved in several HTTP invocations. Then, you should check that the hostStartTime value matches the startTime value of the host.

key

returns the connected Key object

cert

returns the connected Cert object

chain

returns the connected Chain object

protocols

returns the list of supported protocols as Protocol objects

suites

returns the Suites object

server_signature

Contents of the HTTP Server response header when known. This field could be absent for one of two reasons: 1) the HTTP request failed (check httpStatusCode) or 2) there was no Server response header returned.

prefix_delegation

true if this endpoint is reachable via a hostname with the www prefix

non_prefix_delegation

true if this endpoint is reachable via a hostname without the www prefix

vuln_beast

true if the endpoint is vulnerable to the BEAST attack

reneg_support

this is an integer value that describes the endpoint support for renegotiation:

bit 0 (1) - set if insecure client-initiated renegotiation is supported
bit 1 (2) - set if secure renegotiation is supported
bit 2 (4) - set if secure client-initiated renegotiation is supported
bit 3 (8) - set if the server requires secure renegotiation support

sts_response_header

the contents of the Strict-Transport-Security (STS) response header, if seen

sts_max_age

the maxAge parameter extracted from the STS parameters;

undef if STS not seen,
-1 if the specified value is invalid (e.g., not a zero or a positive integer; the maximum value currently supported is 2,147,483,647)

sts_subdomains

true if the includeSubDomains STS parameter is set; undef if STS not seen

pkp_response_header

the contents of the Public-Key-Pinning response header, if seen

session_resumption

this is an integer value that describes endpoint support for session resumption. The possible values are:

0 - session resumption is not enabled and we're seeing empty session IDs
1 - endpoint returns session IDs, but sessions are not resumed
2 - session resumption is enabled

compression_methods

integer value that describes supported compression methods

bit 0 is set for DEFLATE

supports_npn

true if the server supports NPN

npn_protocols

space separated list of supported protocols

session_tickets

indicates support for Session Tickets

bit 0 (1) - set if session tickets are supported
bit 1 (2) - set if the implementation is faulty [not implemented]
bit 2 (4) - set if the server is intolerant to the extension

ocsp_stapling

true if OCSP stapling is deployed on the server

stapling_revocation_status

same as Cert.revocationStatus, but for the stapled OCSP response.

stapling_revocation_error_message

description of the problem with the stapled OCSP response, if any.

sni_required

if SNI support is required to access the web site.

http_status_code

status code of the final HTTP response seen. When submitting HTTP requests, redirections are followed, but only if they lead to the same hostname. If this field is not available, that means the HTTP request failed.

http_forwarding

available on a server that responded with a redirection to some other hostname.

supports_rc4

true if the server supports at least one RC4 suite.

rc4_only

true if only RC4 suites are supported.

forward_secrecy

indicates support for Forward Secrecy

bit 0 (1) - set if at least one browser from our simulations negotiated a Forward Secrecy suite.
bit 1 (2) - set based on Simulator results if FS is achieved with modern clients. For example, the server supports ECDHE suites, but not DHE.
bit 2 (4) - set if all simulated clients achieve FS. In other words, this requires an ECDHE + DHE combination to be supported.

rc4_with_modern

true if RC4 is used with modern clients.

sims

instance of SimDetails.

heartbleed

true if the server is vulnerable to the Heartbleed attack.

heartbeat

true if the server supports the Heartbeat extension.

open_ssl_ccs

results of the CVE-2014-0224 test:

-1 - test failed
0 - unknown
1 - not vulnerable
2 - possibly vulnerable, but not exploitable
3 - vulnerable and exploitable

openssl_lucky_minus_20

-1 - test failed
0 - unknown
1 - not vulnerable
2 - vulnerable and insecure

poodle

true if the endpoint is vulnerable to POODLE; false otherwise

poodle_tls

results of the POODLE TLS test:

-3 - timeout
-2 - TLS not supported
-1 - test failed
0 - unknown
1 - not vulnerable
2 - vulnerable

fallback_scsv

true if the server supports TLS_FALLBACK_SCSV, false if it doesn't. This field will not be available if the server's support for TLS_FALLBACK_SCSV can't be tested because it supports only one protocol version (e.g., only TLS 1.2).

freak

true of the server is vulnerable to the FREAK attack, meaning it supports 512-bit key exchange.

has_sct

information about the availability of certificate transparency information (embedded SCTs):

bit 0 (1) - SCT in certificate
bit 1 (2) - SCT in the stapled OCSP response
bit 2 (4) - SCT in the TLS extension (ServerHello)

dh_primes

list of hex-encoded DH primes used by the server

dh_uses_known_primes

whether the server uses known DH primes:

0 - no
1 - yes, but they're not weak
2 - yes and they're weak

dh_ys_reuse

true if the DH ephemeral server value is reused.

logjam

true if the server uses DH parameters weaker than 1024 bits.

chacha20_preference

true if the server takes into account client preferences when deciding if to use ChaCha20 suites

hsts_policy

returns server's HSTS policy as a HASH. Experimental.

hpkp_policy

returns server's HPKP policy as a HASH. Experimental.

hpkp_ro_policy

returns server's HPKP Report Only policy as a HASH. Experimental.

drown_hosts

list of DrownHost objects. Experimental.

drown_errors

true if error occurred in drown test.

drown_vulnerable

true if server vulnerable to drown attack.

protocol_intolerance

indicates protocol version intolerance issues

bit 0 (1) - TLS 1.0
bit 1 (2) - TLS 1.1
bit 2 (4) - TLS 1.2
bit 3 (8) - TLS 1.3
bit 4 (16) - TLS 1.152
bit 5 (32) - TLS 2.152

misc_intolerance

indicates protocol version intolerance issues

bit 0 (1) - extension intolerance
bit 1 (2) - long handshake intolerance
bit 2 (4) - long handshake intolerance workaround success

DIAGNOSTICS

None

CONFIGURATION AND ENVIRONMENT

WebService::SSLLabs::EndpointDetails requires no configuration files or environment variables.

DEPENDENCIES

WebService::SSLLabs::EndpointDetails requires no non-core modules

INCOMPATIBILITIES

None reported

BUGS AND LIMITATIONS

Please report any bugs or feature requests to bug-net-ssllabs at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=WebService-SSLLabs. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

AUTHOR

David Dick, <ddick at cpan.org>

SUPPORT

You can find documentation for this module with the perldoc command.

    perldoc WebService::SSLLabs::EndpointDetails

You can also look for information at:

RT: CPAN's request tracker (report bugs here)

http://rt.cpan.org/NoAuth/Bugs.html?Dist=WebService-SSLLabs
AnnoCPAN: Annotated CPAN documentation

http://annocpan.org/dist/WebService-SSLLabs
CPAN Ratings

http://cpanratings.perl.org/d/WebService-SSLLabs
Search CPAN

http://search.cpan.org/dist/WebService-SSLLabs/

ACKNOWLEDGEMENTS

Thanks to Ivan Ristic and the team at https://www.qualys.com for providing the service at https://www.ssllabs.com

POD was extracted from the API help at https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md

LICENSE AND COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See http://dev.perl.org/licenses/ for more information.

To install WebService::SSLLabs, copy and paste the appropriate command in to your terminal.

cpanm

cpanm WebService::SSLLabs

CPAN shell

perl -MCPAN -e shell
install WebService::SSLLabs

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

VERSION

SUBROUTINES/METHODS

new

host_start_time

key

cert

chain

protocols

suites

server_signature

prefix_delegation

non_prefix_delegation

vuln_beast

reneg_support

sts_response_header

sts_max_age

sts_subdomains

pkp_response_header

session_resumption

compression_methods

supports_npn

npn_protocols

session_tickets

ocsp_stapling

stapling_revocation_status

stapling_revocation_error_message

sni_required

http_status_code

http_forwarding

supports_rc4

rc4_only

forward_secrecy

rc4_with_modern

sims

heartbleed

heartbeat

open_ssl_ccs

openssl_lucky_minus_20

poodle

poodle_tls

fallback_scsv

freak

has_sct

dh_primes

dh_uses_known_primes

dh_ys_reuse

logjam

chacha20_preference

hsts_policy

hpkp_policy

hpkp_ro_policy

drown_hosts

drown_errors

drown_vulnerable

protocol_intolerance

misc_intolerance

DIAGNOSTICS

CONFIGURATION AND ENVIRONMENT

DEPENDENCIES

INCOMPATIBILITIES

BUGS AND LIMITATIONS

AUTHOR

SUPPORT

ACKNOWLEDGEMENTS

LICENSE AND COPYRIGHT

Module Install Instructions