[darklajid]

While I liked the opportunity to tweak my configuration:

A tool that doesn't support SNI (at least it complains about getting the wrong certificate for one of my domains, something that doesn't happen in any browser I tested) is - restricted.

[ivanr]

[Note: I am the author of the tool.]

Yes, it's somewhat restricted without SNI support. I wrote the tool back in 2009 when having SNI was not very useful (because there was virtually no support for it). Sadly, the situation has not improved much since. Had you tested with Internet Explorer running on Windows XP (which is what a huge chunk of the Internet population still runs), you will have found that SNI simply does not work there. That fact alone rules out SNI for web sites that have general audience as target.

Anyhow, a big update is planned for later this year. The Rating Guide, which determines the score, will be revised, the tool itself will be tweaked to become more actionable and include more documentation, and a number of very useful advanced features will be added. I expect we will also start showing historical information, as well as start tracking all public SSL sites.

Also, in two weeks' time we will be releasing an SSL/TLS Deployment Best Practices guide to help people configure their web sites correctly.

[mike-cardwell]

I just wanted to take an opportunity to thank you for building this brilliant tool. I have used it many times and recommend it to people all the time. It's a brilliant way of demonstrating to non-techies that there is an actual problem with their server configuration.

[jackalope]

What kind of error do you get? It's probably related to the certificate that gets served when it makes a request to the bare IP address without a Host: header. In most cases, that's only going to match one or two of the domains you enter, unless you're using a wildcard certificate or one that includes all the DNS alternative names. Did it affect your score much?