How's My SSL? provides a simple HTTP JSON API for developers that want to test clients without a browser experience: https://www.howsmyssl.com/a/check.

The API is free to use to test clients under your control. If you would like to use the API to test your users' browsers on your site, subscribe the domain your code will be making requests from at subscriptions.howsmyssl.com. (Non-profit and student programs are available.)

An example response from the API:

    GET https://www.howsmyssl.com/a/check HTTP/1.1

    {
      given_cipher_suites: [
        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
        "TLS_RSA_WITH_AES_256_CBC_SHA",
        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
        "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
        "TLS_RSA_WITH_RC4_128_SHA",
        "TLS_RSA_WITH_RC4_128_MD5",
        "TLS_RSA_WITH_AES_128_CBC_SHA",
        "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
        "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
      ],
      ephemeral_keys_supported: true,
      session_ticket_supported: true,
      tls_compression_supported: false,
      unknown_cipher_suite_supported: false,
      beast_vuln: false,
      able_to_detect_n_minus_one_splitting: false,
      insecure_cipher_suites: {
        "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA": [
          "uses keys smaller than 128 bits in its encryption"
        ]
      },
      tls_version: "TLS 1.2",
      rating: "Bad"
    }
          

The returned JSON hash will have a least these keys, but may include more as howsmyssl evolves. Each of these keys map fairly obviously to the HTML version and it can be helpful to understand their meaning. The source code that gathers the client info may also be helpful. All strings returned may contain HTML escaped text.

Let me be a little more explicit. How's My SSL is Open Source software and can be found on GitHub. There's a README.


Want use the How's My SSL API on your site? Purchase a subscription!

Built by Darkish Green.