FreeBSD Manual Pages
Security::TLSCheck::ChUser:Contributed Perl Security::TLSCheck::Checks::Web(3) NAME Security::TLSCheck::Checks::Web - (Basic) HTTP and HTTPS Checks SYNOPSIS ... DESCRIPTION This module checks some (basic) HTTP key figures: * HTTP / HTTPS for domain or www domain active; status OK? * HTTP redirects to HTTPS? * redirections * simple HTTPS Certificate Verification (via LWP with help from Mozilla::CA) For simplification of the results, this check first tries to use http://www.domain.tld/ and only if this does gives an result only http://domain.tld/ So we don't have to count two results per domain, only one. METHODS http_active, https_active, https_all_verified, https_host_verified, https_cert_verified, https_cert_ok_host_not Checks, if there is something on port 80/443 ... Fails when Status is 500 and there is a "Client-Warning" header with "Internal response" * https_active is true, if there is HTTPS, certificate verify failed, but there is https. * https_all_verified is only true, if certificate verification is OK and host matches. * https_host_verified is true, if the SSL host matches, but cert is not checked * https_cert_verified is true, if there is a valid certificate (Mozilla::CA), hostname not checked * https_cert_ok_host_not is true, if there is a valid certificate, but hostname does NOT match http_ok, https_ok, https_all_ok Returns true if HTTP request was sucessful and no error (status Code 2xx) redirects_to_https Returns true, all HTTP Requests (on the start page) are redirected to HTTPS redirects_to_http Returns true, if HTTPS Requests (on the startpage) are redirected to HTTP Checked for all HTTPS conections, including invalid Certs. hsts_max_age Returns the max-age value of the Strict-Transport-Security header. Checked for all certs (also when invalid). Returns undef, if there is none. RFC says: The max-age directive value can optionally be quoted: Strict-Transport-Security: max-age="31536000" disables_hsts Does the site resets HTTP Strict Transport Security? This is the case, when the max_age is set to 0. cipher_suite Extracts the used cipher_suite from the HTTP-Headers (Client-SSL- Cipher) Checked for all HTTPS connections, also checked when invalid certificate cert_issuer Extracts certifivate issuer from the HTTP-Headers (Client-SSL-Cert- Issuer) ONLY FOR VALID CERTS! ->cert_letsencrypt Checks, if the cert is signed by Let's Encrypt ->cert_selfsigned Checks, if the cert is selfsigned ->cert_selfsigned_hostok Checks, if the cert is selfsigned AND the hostname matches server Extracts server string from Server header. server_name Server name, without other informations (Version, modules, ...) server_major_version Server name and major version, without other informations (patchlevel, modules, ...) has_hpkp Supports HTTP Public Key pinning (Public-Key-Pins Header). Checked for all HTTPS conections, including invalid Certs. has_hpkp_report Supports HTTP Public Key pinning, report only (Public-Key-Pins-Report- Only Header). Checked for all HTTPS conections, including invalid Certs. perl v5.32.0 2020-08-24Security::TLSCheck::Checks::Web(3)
NAME | SYNOPSIS | DESCRIPTION | METHODS
Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Security::TLSCheck::Checks::Web&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>