> SSLPing needs less than 5 seconds to check your server and tell you what's wrong with your SSL/TLS security.
So I guess it used OpenSSL to figure out what was wrong with people's certificates. Not sure what it used that relied on internals so heavily it was hard to upgrade, or if the public interface just changed a lot.
Even with that, seems there was multiple issues that "prevented" ("made it harder than justifiable" rather) the author from keeping the project up, not just regarding OpenSSL.
My guess: SSLv3 has been dropped from OpenSSL, which means hitting a SSLv3 server just fails to connect quite early in the process, so there would not even be cert reading, plus IIRC the connection error can be very obtuse, which means sslping could not do that:
Actually node.js is using openssl under the hood... SSLPing implemented a partial SSL implementation to quickly test support for SSL versions and cyphers, but used node.js native libs too. Newer node.js versions weren't able to get an SSL certificate out of a SSL v3 only server, for instance. Which didn't allow to test for expiration, etc...
More: Enter a list of (sub-) domains and get informed via email when "SSL things" change (for better or for worst), or your https certificate is about to expire.
Less: No fancy pansy "report"
Personally I prefer https://hardenize.com nowadays, over ssllabs for these kind of queries.
Hardenize's paid plan is intended for larger businesses, where we combine infrastructure discovery with continuous monitoring and many other things. However, ad-hoc assessments are free for everyone and we intend to keep it that way. I hope that we will in time be able to provide plans at lower price points and maybe a free plan at some point.
(Hardenize founder, previously also SSL Labs founder.)
> SSLPing needs less than 5 seconds to check your server and tell you what's wrong with your SSL/TLS security.
So I guess it used OpenSSL to figure out what was wrong with people's certificates. Not sure what it used that relied on internals so heavily it was hard to upgrade, or if the public interface just changed a lot.
Even with that, seems there was multiple issues that "prevented" ("made it harder than justifiable" rather) the author from keeping the project up, not just regarding OpenSSL.