Saturday, February 01, 2020

Re: Fwd: NEW security/ssllabs-scan

On 2/1/20 2:54 PM, Stuart Henderson wrote:
> On 2020/02/01 12:39, George Rosamond wrote:
>> ping
>>
>>
>> -------- Forwarded Message --------
>> Subject: NEW security/ssllabs-scan
>> Date: Wed, 22 Jan 2020 23:16:43 -0500
>>
>> Attached is the port for SSLLabs.com API written in golang. From pkg/DESCR:
>>
>> This tool is a command-line client for the SSL Labs APIs, designed
>> for automated and/or bulk testing.
>>
>> SSL Labs API expose the complete SSL/TLS server testing functionality
>> in a programmatic fashion, allowing for scheduled and bulk assessment.
>> They are making their API available to encourage site operators to
>> regularly test servers configurations.
>>
>> /quote
>>
>> While the license is Apache2
>> (https://github.com/ssllabs/ssllabs-scan/blob/master/LICENSE), the terms
>> of use (https://www.ssllabs.com/about/terms.html) contains some
>> restrictions under the API section that I'm not sure if it's legit for
>> inclusion in OpenBSD's ports (https://www.ssllabs.com/about/terms.html).
>>
>> Thanks
>>
>> g
>>
>
>
> ---snip------------------------
> You are allowed to:
>
> (i) use the API only to inspect only sites and servers whose owners have
> given you permission to do so;
> ---snip------------------------
>
>
> ---snip------------------------
> You are not allowed, without our express permission, to:
>
> (i) use the API for commercial purposes;
>
> (ii) use the API on a public web site;
>
> (iii) publish any information received from us via the APIs without the
> owner's express permission;
>
> (iv) distribute, proxy, or otherwise make the API available for access
> or use by any person or entity other than your authorized employees,
> including but not limited to acting as a service bureau or developing a
> competing product or service offering.
> ---snip------------------------
>
>
> If it goes in, it will need some strong warnings. But I'm not sure it's
> worth it.
>

Thanks sthen. Understood.

In support of importing it, it does bark each time you run the command:

$ ssllabs-scan
2020/02/01 15:25:45 [INFO] SSL Labs v2.1.0 (criteria version 2009q)
2020/02/01 15:25:45 [NOTICE] Server message: This assessment service is
provided free of charge by Qualys SSL Labs, subject to our terms and
conditions: https://www.ssllabs.com/about/terms.html

g

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)