{ "meta": { "title": "ismycodesafe vs SSL Labs: TLS Scanner Benchmark", "description": "Side-by-side comparison of SSLyze (ismycodesafe TLS engine) vs SSL Labs API on 8 test domains", "methodology_url": "https://ismycodesafe.com/compare/ssl-labs/methodology", "scan_date": "2026-05-11", "scanner_versions": { "ismycodesafe_tls_engine": "SSLyze 6.3.1", "ssl_labs_engine": "SSL Labs v2.4.2 (API v3)" }, "test_domains": [ { "host": "badssl.com", "note": "Reference site (good TLS)", "category": "good" }, { "host": "expired.badssl.com", "note": "Expired certificate", "category": "bad" }, { "host": "self-signed.badssl.com", "note": "Self-signed certificate", "category": "bad" }, { "host": "tls-v1-0.badssl.com", "note": "TLS 1.0 only (deprecated)", "category": "bad" }, { "host": "rc4.badssl.com", "note": "RC4 cipher (broken)", "category": "bad" }, { "host": "github.com", "note": "Well-configured real site", "category": "good" }, { "host": "wikipedia.org", "note": "Well-configured real site", "category": "good" }, { "host": "ismycodesafe.com", "note": "Our own site (self-scan)", "category": "good" } ], "license": "CC BY 4.0", "source": "https://ismycodesafe.com" }, "summary": { "domains_scanned": 8, "sslyze_avg_scan_time_s": 21.6, "ssl_labs_avg_scan_time_s": 109.9, "sslyze_total_tls_issues": 8, "ssl_labs_total_tls_issues": 15, "agreement_rate_pct": 62, "total_comparable_domains": 8, "ismycodesafe_non_tls_checks": 179, "note": "TLS issue counts are comparable. ismycodesafe adds 179 non-TLS checks not run by SSL Labs." }, "domain_results": [ { "host": "badssl.com", "note": "Reference site (good TLS)", "category": "good", "sslyze": { "scan_time_s": 31.1, "checks_run": 9, "issues_found": 1, "issues": [ { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported (recommended for forward secrecy + performance)" } ], "protocols": { "ssl_2_0": null, "ssl_3_0": null, "tls_1_0": null, "tls_1_1": null, "tls_1_2": null, "tls_1_3": null }, "cert_info": { "parse_error": "'AllScanCommandsAttempts' object has no attribute 'get'" } }, "ssl_labs": { "scan_time_s": 138.4, "grade": "B", "checks_run": 40, "issues_found": 3, "issues": [ { "check": "deprecated_TLS1.0", "severity": "high", "description": "TLS 1.0 supported but deprecated" }, { "check": "deprecated_TLS1.1", "severity": "high", "description": "TLS 1.1 supported but deprecated" }, { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported" } ], "protocols": [ "TLS1.0", "TLS1.1", "TLS1.2" ] } }, { "host": "expired.badssl.com", "note": "Expired certificate", "category": "bad", "sslyze": { "scan_time_s": 31.0, "checks_run": 9, "issues_found": 1, "issues": [ { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported (recommended for forward secrecy + performance)" } ], "protocols": { "ssl_2_0": null, "ssl_3_0": null, "tls_1_0": null, "tls_1_1": null, "tls_1_2": null, "tls_1_3": null }, "cert_info": { "parse_error": "'AllScanCommandsAttempts' object has no attribute 'get'" } }, "ssl_labs": { "scan_time_s": 137.6, "grade": "T", "checks_run": 40, "issues_found": 3, "issues": [ { "check": "deprecated_TLS1.0", "severity": "high", "description": "TLS 1.0 supported but deprecated" }, { "check": "deprecated_TLS1.1", "severity": "high", "description": "TLS 1.1 supported but deprecated" }, { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported" } ], "protocols": [ "TLS1.0", "TLS1.1", "TLS1.2" ] } }, { "host": "self-signed.badssl.com", "note": "Self-signed certificate", "category": "bad", "sslyze": { "scan_time_s": 31.1, "checks_run": 9, "issues_found": 1, "issues": [ { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported (recommended for forward secrecy + performance)" } ], "protocols": { "ssl_2_0": null, "ssl_3_0": null, "tls_1_0": null, "tls_1_1": null, "tls_1_2": null, "tls_1_3": null }, "cert_info": { "parse_error": "'AllScanCommandsAttempts' object has no attribute 'get'" } }, "ssl_labs": { "scan_time_s": 137.2, "grade": "T", "checks_run": 40, "issues_found": 3, "issues": [ { "check": "deprecated_TLS1.0", "severity": "high", "description": "TLS 1.0 supported but deprecated" }, { "check": "deprecated_TLS1.1", "severity": "high", "description": "TLS 1.1 supported but deprecated" }, { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported" } ], "protocols": [ "TLS1.0", "TLS1.1", "TLS1.2" ] } }, { "host": "tls-v1-0.badssl.com", "note": "TLS 1.0 only (deprecated)", "category": "bad", "sslyze": { "scan_time_s": 31.0, "checks_run": 9, "issues_found": 1, "issues": [ { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported (recommended for forward secrecy + performance)" } ], "protocols": { "ssl_2_0": null, "ssl_3_0": null, "tls_1_0": null, "tls_1_1": null, "tls_1_2": null, "tls_1_3": null }, "cert_info": { "parse_error": "'AllScanCommandsAttempts' object has no attribute 'get'" } }, "ssl_labs": { "scan_time_s": 137.4, "grade": "B", "checks_run": 40, "issues_found": 3, "issues": [ { "check": "deprecated_TLS1.0", "severity": "high", "description": "TLS 1.0 supported but deprecated" }, { "check": "deprecated_TLS1.1", "severity": "high", "description": "TLS 1.1 supported but deprecated" }, { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported" } ], "protocols": [ "TLS1.0", "TLS1.1", "TLS1.2" ] } }, { "host": "rc4.badssl.com", "note": "RC4 cipher (broken)", "category": "bad", "sslyze": { "scan_time_s": 29.3, "checks_run": 9, "issues_found": 1, "issues": [ { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported (recommended for forward secrecy + performance)" } ], "protocols": { "ssl_2_0": null, "ssl_3_0": null, "tls_1_0": null, "tls_1_1": null, "tls_1_2": null, "tls_1_3": null }, "cert_info": { "parse_error": "'AllScanCommandsAttempts' object has no attribute 'get'" } }, "ssl_labs": { "scan_time_s": 84.7, "grade": "F", "checks_run": 40, "issues_found": 3, "issues": [ { "check": "deprecated_TLS1.0", "severity": "high", "description": "TLS 1.0 supported but deprecated" }, { "check": "deprecated_TLS1.1", "severity": "high", "description": "TLS 1.1 supported but deprecated" }, { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported" } ], "protocols": [ "TLS1.0", "TLS1.1", "TLS1.2" ] } }, { "host": "github.com", "note": "Well-configured real site", "category": "good", "sslyze": { "scan_time_s": 7.6, "checks_run": 9, "issues_found": 1, "issues": [ { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported (recommended for forward secrecy + performance)" } ], "protocols": { "ssl_2_0": null, "ssl_3_0": null, "tls_1_0": null, "tls_1_1": null, "tls_1_2": null, "tls_1_3": null }, "cert_info": { "parse_error": "'AllScanCommandsAttempts' object has no attribute 'get'" } }, "ssl_labs": { "scan_time_s": 105.6, "grade": "A+", "checks_run": 40, "issues_found": 0, "issues": [], "protocols": [ "TLS1.2", "TLS1.3" ] } }, { "host": "wikipedia.org", "note": "Well-configured real site", "category": "good", "sslyze": { "scan_time_s": 6.8, "checks_run": 9, "issues_found": 1, "issues": [ { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported (recommended for forward secrecy + performance)" } ], "protocols": { "ssl_2_0": null, "ssl_3_0": null, "tls_1_0": null, "tls_1_1": null, "tls_1_2": null, "tls_1_3": null }, "cert_info": { "parse_error": "'AllScanCommandsAttempts' object has no attribute 'get'" } }, "ssl_labs": { "scan_time_s": 105.8, "grade": "A+", "checks_run": 40, "issues_found": 0, "issues": [], "protocols": [ "TLS1.2", "TLS1.3" ] } }, { "host": "ismycodesafe.com", "note": "Our own site (self-scan)", "category": "good", "sslyze": { "scan_time_s": 5.2, "checks_run": 9, "issues_found": 1, "issues": [ { "check": "no_tls_1_3", "severity": "medium", "description": "TLS 1.3 not supported (recommended for forward secrecy + performance)" } ], "protocols": { "ssl_2_0": null, "ssl_3_0": null, "tls_1_0": null, "tls_1_1": null, "tls_1_2": null, "tls_1_3": null }, "cert_info": { "parse_error": "'AllScanCommandsAttempts' object has no attribute 'get'" } }, "ssl_labs": { "scan_time_s": 32.3, "grade": "N/A", "checks_run": 40, "issues_found": 0, "issues": [], "protocols": [ "TLS1.2", "TLS1.3" ] } } ], "coverage_comparison": { "ssl_labs": { "tls_checks": 40, "non_tls_checks": 0, "total_checks": 40, "scan_scope": "TLS/SSL only" }, "ismycodesafe": { "tls_checks_via_sslyze": 9, "non_tls_checks": 179, "total_checks": 188, "scan_scope": "Full security audit" } }, "extra_checks": { "category": "Non-TLS checks (ismycodesafe only)", "checks": [ { "name": "HTTP security headers", "count": 8, "description": "CSP, HSTS, X-Frame-Options, XCTO, Referrer-Policy, Permissions-Policy, COOP, X-XSS-Protection" }, { "name": "Sensitive file exposure", "count": 53, "description": "/.env, /.git/config, /wp-config.php.bak, /phpMyAdmin, /adminer.php, and 48 more" }, { "name": "Open port scan", "count": 10, "description": "MySQL 3306, Redis 6379, MongoDB 27017, PostgreSQL 5432, FTP 21, SSH 22, etc." }, { "name": "Tech stack + CVE detection", "count": 30, "description": "CMS fingerprinting, JS library versions, NVD CVE lookup" }, { "name": "JavaScript library CVEs", "count": 20, "description": "jQuery, Lodash, Bootstrap, Angular, React, Vue known vulnerabilities" }, { "name": "CORS misconfiguration", "count": 5, "description": "Wildcard origins, null origin, credentials with wildcard" }, { "name": "DNS security", "count": 12, "description": "SPF, DKIM, DMARC, DNSSEC, CAA records, zone transfer" }, { "name": "Threat intelligence", "count": 6, "description": "VirusTotal, URLhaus, Shodan, urlscan.io, PhishTank, AlienVault OTX" }, { "name": "Certificate Transparency", "count": 5, "description": "Subdomain discovery via crt.sh, unauthorized cert detection" }, { "name": "Authentication surface", "count": 20, "description": "Login page detection, rate limiting, MFA hints, credential exposure signals" }, { "name": "OWASP Top 10 mapping", "count": 10, "description": "Maps findings to OWASP A01-A10:2025" } ], "total_non_tls_checks": 179 } }