GrapheneOS [Unofficial]

SSL Labs (https://www.ssllabs.com/ssltest) from Qualys used to be a useful HTTPS testing tool. However, it hasn't received significant updates since 2019 and is now holding back HTTPS security. The biggest issue is that many of the tests don't support TLSv1.3 so it penalizes disabling legacy TLSv1.2.

It was supposed to be increasing grading requirements over time. It only requires HSTS for A+, doesn't require HSTS preloading, doesn't require CAA, is completely unaware of CAA account/method binding + DNSSEC to secure issuance. It still has obsolete HPKP but is unaware of DANE.

t's also unaware of (hybrid) post-quantum cryptography, which probably shouldn't be part of grading yet but it should be able to detect it.

Sites need to start disabling TLSv1.2 to push many tools and crawlers to update to TLSv1.3 and penalizing it holds back that happening.

It's unaware of Encrypted ClientHello which shouldn't be part of grading but simply detected.

It should also be able to detect an 'HTTPS' record which should be required as part of grading, along with the other DNS-based features of CAA, CAA account/method binding and DNSSEC.