Do you want to test how well your application supports TLS over HTTP? If so, you can now head over to:
and run your application through a whole series of self-tests.
As he explains in a blog post announcing TLS-O-MATIC, Olle Johansson launched the site as a public service with 15 tests for the HTTPS protocol.
I’ve known Olle for many years through his work seeking to add security to various voice-over-IP (VoIP) services and protocols – and in recent years he has been focused around the idea of getting more encryption deployed. He typically uses the “#MoreCrypto” hashtag on Twitter and other services – and we wrote about his #MoreCrypto 2.0 slide deck he released back in December 2014.
Some of the tests included in TLS-O-MATIC are:
- Bad hostname
- One cert, multiple names
- Wildcard certificate
- Not yet valid certificate
- Expired certificate
- Unknown CA
- Client certificate
- Weak certificate
- Intermediate certificate
- Chain of trust
- A huge certificate
- A strong key
- Wrong usage bits
- Server Name Indication
- International DNS
We applaud Olle for making this test site available and hope it will be helpful to application developers to test if their applications fully support TLS. If you are an application developer, please do visit the site and give Olle any feedback you may have as you use it.
Sites like this can help make encryption available everywhere and bring about a stronger and more secure Internet!