NAME

Net::SSLLabs::EndpointDetails - EndpointDetails object

METHODS

new

a new Net::SSLLabs::EndpointDetails object, accepts a JSON object as it's parameter.

hostStartTime

endpoint assessment starting time, in milliseconds since 1970. This field is useful when test results are retrieved in several HTTP invocations. Then, you should check that the hostStartTime value matches the startTime value of the host.

key

returns the connected Net::SSLLabs::Key object

cert

returns the connected Net::SSLLabs::Cert object

chain

returns the connected Net::SSLLabs::Chain object

protocols

returns the list of supported protocols as Net::SSLLabs::Protocol objects

suites

returns the Net::SSLLabs::Suites object

serverSignature

Contents of the HTTP Server response header when known. This field could be absent for one of two reasons: 1) the HTTP request failed (check httpStatusCode) or 2) there was no Server response header returned.

prefixDelegation

true if this endpoint is reachable via a hostname with the www prefix

nonPrefixDelegation

true if this endpoint is reachable via a hostname without the www prefix

vulnBeast

true if the endpoint is vulnerable to the BEAST attack

renegSupport

this is an integer value that describes the endpoint support for renegotiation:

bit 0 (1) - set if insecure client-initiated renegotiation is supported
bit 1 (2) - set if secure renegotiation is supported
bit 2 (4) - set if secure client-initiated renegotiation is supported
bit 3 (8) - set if the server requires secure renegotiation support

stsResponseHeader

the contents of the Strict-Transport-Security (STS) response header, if seen

stsMaxAge

the maxAge parameter extracted from the STS parameters;

undef if STS not seen,
-1 if the specified value is invalid (e.g., not a zero or a positive integer; the maximum value currently supported is 2,147,483,647)

stsSubdomains

true if the includeSubDomains STS parameter is set; undef if STS not seen

pkpResponseHeader

the contents of the Public-Key-Pinning response header, if seen

sessionResumption

this is an integer value that describes endpoint support for session resumption. The possible values are:

0 - session resumption is not enabled and we're seeing empty session IDs
1 - endpoint returns session IDs, but sessions are not resumed
2 - session resumption is enabled

compressionMethods

integer value that describes supported compression methods

bit 0 is set for DEFLATE

supportsNpn

true if the server supports NPN

npnProtocols

space separated list of supported protocols

sessionTickets

indicates support for Session Tickets

bit 0 (1) - set if session tickets are supported
bit 1 (2) - set if the implementation is faulty [not implemented]
bit 2 (4) - set if the server is intolerant to the extension

ocspStapling

true if OCSP stapling is deployed on the server

staplingRevocationStatus

same as Cert.revocationStatus, but for the stapled OCSP response.

staplingRevocationErrorMessage

description of the problem with the stapled OCSP response, if any.

sniRequired

if SNI support is required to access the web site.

httpStatusCode

status code of the final HTTP response seen. When submitting HTTP requests, redirections are followed, but only if they lead to the same hostname. If this field is not available, that means the HTTP request failed.

httpForwarding

available on a server that responded with a redirection to some other hostname.

supportsRc4

true if the server supports at least one RC4 suite.

forwardSecrecy

indicates support for Forward Secrecy

bit 0 (1) - set if at least one browser from our simulations negotiated a Forward Secrecy suite.
bit 1 (2) - set based on Simulator results if FS is achieved with modern clients. For example, the server supports ECDHE suites, but not DHE.
bit 2 (4) - set if all simulated clients achieve FS. In other words, this requires an ECDHE + DHE combination to be supported.

rc4WithModern

true if RC4 is used with modern clients.

sims

instance of Net::SSLLabs::SimDetails.

heartbleed

true if the server is vulnerable to the Heartbleed attack.

heartbeat

true if the server supports the Heartbeat extension.

openSslCcs

results of the CVE-2014-0224 test:

-1 - test failed
0 - unknown
1 - not vulnerable
2 - possibly vulnerable, but not exploitable
3 - vulnerable and exploitable

poodle

true if the endpoint is vulnerable to POODLE; false otherwise

poodleTls

results of the POODLE TLS test:

-1 - test failed
0 - unknown
1 - not vulnerable
2 - vulnerable

fallbackScsv

true if the server supports TLS_FALLBACK_SCSV, false if it doesn't. This field will not be available if the server's support for TLS_FALLBACK_SCSV can't be tested because it supports only one protocol version (e.g., only TLS 1.2).

freak

true of the server is vulnerable to the FREAK attack, meaning it supports 512-bit key exchange.

hasSct

information about the availability of certificate transparency information (embedded SCTs):

bit 0 (1) - SCT in certificate
bit 1 (2) - SCT in the stapled OCSP response
bit 2 (4) - SCT in the TLS extension (ServerHello)

dhPrimes

list of hex-encoded DH primes used by the server

dhUsesKnownPrimes

whether the server uses known DH primes:

0 - no
1 - yes, but they're not weak
2 - yes and they're weak

dhYsReuse

true if the DH ephemeral server value is reused.

logjam

true if the server uses DH parameters weaker than 1024 bits.

To install Net::SSLLabs, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Net::SSLLabs

CPAN shell

perl -MCPAN -e shell
install Net::SSLLabs

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)