I have been using https://www.ssllabs.com/ssltest/analyze.html and today I found a script to give me report the same ssllabs.com does.
The bash script based is really good. Very helpful giving me the report I need.
https://testssl.sh/ -- You can download the script from their github.
Here's the sample report: (I can display this because its an A+ verdict)enlarge
Nowadays its very important that you configure your Server's SSL right. So one thing to test your configuration is enter your website at Qualys SSL Server Test and get your score. So far, I can score A+ for this unlike the security headers, I only get "A". Its very simple to achieve this, just edit /etc/apache2/conf-available/ssl.conf and change following:
SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder onThen save your changes and restart your Apache. That's it! You should get an A+ for that. Note: It was just recently that you have to turn on that SSLHonorCipherOrder or "Apache for Forward Secrecy" to ON. Reference: https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm enlarge
The first time I saw POLi payments was in Qantas Airlines New Zealand. The moment I saw asking for my Bank Credentials, I click back button right away. Why? Because POLi is asking your Access Code/Username and Password of your bank, your BANK CREDENTIALS! Imagine your hosts file has been altered by malware or any virus or your network has been hacked or exploited or your ISP has been hacked or whatever above your internet line has been altered pointing POLi payment gateway's DNS to different server, you will be giving your bank access to the hackers. And POLi is a direct access to your bank account (your entire assets in your bank) and initiate the transaction right away. Unlike credit cards, if your card has been exposed, then the risk is JUST your card, not your whole account in the bank then you still have time to call the bank the close it right away. So my advise never use POLi payments. I'm not against the company or the people who created it but I am just against how the implementation or how it works.enlarge
- Apple Stuff