Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Security::TLSCheck::ChUser:Contributed Perl Security::TLSCheck::Checks::Web(3)

NAME
       Security::TLSCheck::Checks::Web - (Basic) HTTP and HTTPS	Checks

SYNOPSIS
       ...

DESCRIPTION
       This module checks some (basic) HTTP key	figures:

	 * HTTP	/ HTTPS	for domain or www domain active; status	OK?
	 * HTTP	redirects to HTTPS?
	 * redirections
	 * simple HTTPS	Certificate Verification (via LWP with help from Mozilla::CA)

       For simplification of the results, this check first tries to use
       http://www.domain.tld/ and only if this does gives an result only
       http://domain.tld/

       So we don't have	to count two results per domain, only one.

METHODS
   http_active,	https_active, https_all_verified, https_host_verified,
       https_cert_verified, https_cert_ok_host_not
       Checks, if there	is something on	port 80/443 ...

       Fails when Status is 500	and there is a "Client-Warning"	header with
       "Internal response"

	  * https_active is true, if there is HTTPS, certificate verify	failed,	but there is https.
	  * https_all_verified is only true, if	certificate verification is OK and host	matches.
	  * https_host_verified	is true, if the	SSL host matches, but cert is not checked
	  * https_cert_verified	is true, if there is a valid certificate (Mozilla::CA),	hostname not checked
	  * https_cert_ok_host_not is true, if there is	a valid	certificate, but hostname does NOT match

   http_ok, https_ok, https_all_ok
       Returns true if HTTP request was	sucessful and no error (status Code
       2xx)

   redirects_to_https
       Returns true, all HTTP Requests (on the start page) are redirected to
       HTTPS

   redirects_to_http
       Returns true, if	HTTPS Requests (on the startpage) are redirected to
       HTTP

       Checked for all HTTPS conections, including invalid Certs.

   hsts_max_age
       Returns the max-age value of the	Strict-Transport-Security header.

       Checked for all certs (also when	invalid).

       Returns undef, if there is none.

       RFC says: The max-age directive value can optionally be quoted:

	 Strict-Transport-Security: max-age="31536000"

   disables_hsts
       Does the	site resets HTTP Strict	Transport Security?

       This is the case, when the max_age is set to 0.

   cipher_suite
       Extracts	the used cipher_suite from the HTTP-Headers (Client-SSL-
       Cipher)

       Checked for all HTTPS connections, also checked when invalid
       certificate

   cert_issuer
       Extracts	certifivate issuer from	the HTTP-Headers (Client-SSL-Cert-
       Issuer)

       ONLY FOR	VALID CERTS!

   ->cert_letsencrypt
       Checks, if the cert is signed by	Let's Encrypt

   ->cert_selfsigned
       Checks, if the cert is selfsigned

   ->cert_selfsigned_hostok
       Checks, if the cert is selfsigned AND the hostname matches

   server
       Extracts	server string from Server header.

   server_name
       Server name, without other informations (Version, modules, ...)

   server_major_version
       Server name and major version, without other informations (patchlevel,
       modules,	...)

   has_hpkp
       Supports	HTTP Public Key	pinning	(Public-Key-Pins Header).

       Checked for all HTTPS conections, including invalid Certs.

   has_hpkp_report
       Supports	HTTP Public Key	pinning, report	only (Public-Key-Pins-Report-
       Only Header).

       Checked for all HTTPS conections, including invalid Certs.

perl v5.32.0			  2020-08-24Security::TLSCheck::Checks::Web(3)

NAME | SYNOPSIS | DESCRIPTION | METHODS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Security::TLSCheck::Checks::Web&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help