Shields: SSLLabs (SSL/TLS rating)

Created on 30 Mar 2020  路  2Comments  路  Source: badges/shields

:clipboard: Description

Similar to https://github.com/badges/shields/issues/2912, just a badge for the SSL/TLS rating shown by https://www.ssllabs.com/ would be nice.

:link: Data

https://www.ssllabs.com/

needs-upstream-help service-badge
Source
picture rugk
👍2

Most helpful comment

Hello @rugk, thanks for the suggestion!

I've read the terms and conditions of the API, and if my understanding is correct, they are really restrictive. Unfortunately, Shields would probably not qualify.

In particular, here are some sections of interest:

  • use the API only to inspect only sites and servers whose owners have given you permission to do so.
  • not allowed to use the API on a public web site.
  • not allowed to publish any information received from us via the APIs without the owner鈥檚 express permission.
  • not allowed to distribute, proxy, or otherwise make the API available for access or use by any person or entity other than your authorized employees, including but not limited to acting as a service bureau or developing a competing product or service offering.

We could contact Qualys SSL Labs to enquire about a relaxed set of terms for us, but I'm quite pessimistic this would succeed.

There's a section about "server tools" which could arguably cover self-hosted users who deploy their own Shields distribution privately. However, it contains a number of additional conditions, for example imposing constraints on the server startup. Even for self-hosted users I wouldn't feel comfortable in supporting such a service.

picture PyvesB on 2 Apr 2020
😕2 👍2

All 2 comments

Hello @rugk, thanks for the suggestion!

I've read the terms and conditions of the API, and if my understanding is correct, they are really restrictive. Unfortunately, Shields would probably not qualify.

In particular, here are some sections of interest:

  • use the API only to inspect only sites and servers whose owners have given you permission to do so.
  • not allowed to use the API on a public web site.
  • not allowed to publish any information received from us via the APIs without the owner鈥檚 express permission.
  • not allowed to distribute, proxy, or otherwise make the API available for access or use by any person or entity other than your authorized employees, including but not limited to acting as a service bureau or developing a competing product or service offering.

We could contact Qualys SSL Labs to enquire about a relaxed set of terms for us, but I'm quite pessimistic this would succeed.

There's a section about "server tools" which could arguably cover self-hosted users who deploy their own Shields distribution privately. However, it contains a number of additional conditions, for example imposing constraints on the server startup. Even for self-hosted users I wouldn't feel comfortable in supporting such a service.

PyvesB picture PyvesB on 2 Apr 2020
😕2 👍2

Feel free to comment on this issue or reopen if there's any new information from the service provider.

paulmelnikow picture paulmelnikow on 19 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

PyvesB picture PyvesB  路  3Comments
paulmelnikow picture paulmelnikow  路  3Comments
Fazendaaa picture Fazendaaa  路  3Comments
calebcartwright picture calebcartwright  路  3Comments
salaros picture salaros  路  3Comments