 |
Experts on Demand
How can the implementation of an HTTP client capable of SSL/TLS be tested or proved after its implementation? Is there any fixed server that can be used to prove that HTTP client implementation of SSL/TLS is correct or not?
QUESTION POSED ON: 13 OCT 2005
QUESTION ANSWERED BY: Bob Konigsberg
Do a Google search for "SSL Test Sites" (without the quotes) and you'll get both sponsored and general search returns for several of them to verify protocol functionality, proper certificate handling mixed secure and non-secure items on the same page and the like. There are both free and paid-for test sites. I'd recommend trying the free ones first just to see if anything obvious breaks. If this is for your internal use, then do whatever it takes to meet your requirements. If this is part of a product for sale, I'd strongly recommend a couple of passes with a commercial testing organization, since they should have a full suite of tests that explore both common and obscure running conditions. Also check out OpenSSL.org for tools and guidelines.
|
|
|
|
|
|
|
|
| TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of . |
|
| |
All Rights Reserved, , TechTarget |
|
|
|
|
|
