Vanta has multiple tests that scan your websites TLS implementation to ensure that it is secure. These tests include:
Checking that your site's certificate has not expired
- This test will fail as soon as the certificates expiration has been reached.
Checking for valid TLS configuration
- This would include checking for valid certificates, valid certificate chains, and ensuring proper TLS versions are in use. You can validate TLS implementation by downloading openssl and running the following command:
openssl s_client -connect example.com:443
Checking the all queries to your page redirect to HTTPS
- This test checks that when a query is made to your company's website explicitly using port 80 (http://yourdomain.com), a 301 redirect is received and automatically redirects clients to use https on 443. You can confirm this by running the following command on your machine using cURL:
curl -i http://yourdomain.com
See this example of a valid setup using google.com:
If this command returns 200 OK, this means that your website can be accessed insecurely via http directly.
Checking that there are no weak ciphers available for use
- This includes ciphers with known vulnerabilities, as well as ciphers that do not match or exceed the strength of the certificate key.
Troubleshooting
If Vanta states that there was trouble getting data for any or all of these tests, please update your business URL on the settings page in Vanta. We recommend using the format "https://yourbusinesswebsite.com":
This is the URL that Vanta uses to check for TLS configuration.
If you are looking for more information regarding why a certain TLS test may be failing, please use the SSL Labs test here, as it will provide much more detailed information on configuration issues in your environment. For example: