SSLBoard - Frequently Asked Questions

SSLBoard is an on-demand TLS audit tool. Enter a domain, and we scan every public endpoint to produce a detailed report on your certificates, TLS versions, cipher suites, forward secrecy, key strength, HSTS, and post-quantum readiness. No account, no subscription — just a report when you need one.

No. You can run a scan and view the unpaid summary report without any account. To unlock the hostname and IP:port tables in the full report, you pay a one-time fee via Stripe. No signup, no recurring charges.

Every scan includes the unpaid summary report: score, strengths, findings, and issue lists across the assessment. If the scan discovers 10 TLS endpoints or fewer, the hostname and IP:port tables are included too.

For larger scans, pricing is based on the higher of:
- Unique hostnames discovered during the scan
- Discovered TLS endpoints (hostname + IP:port combinations)

That billable count is priced progressively:
- First 100: $0.50 each
- 101–1,000: $0.11 each
- 1,001+: $0.06 each
- Minimum report price: $25

You see the exact price before you pay. There are no hidden fees, subscriptions, or recurring charges.

The unpaid summary report includes the score, strengths, findings, and issue lists across all sections. The paid full report adds the detailed tables behind those sections: affected hostnames, IP:port combinations, certificate inventory, per-endpoint TLS version breakdowns, weak cipher details, forward secrecy gaps, key strength analysis, RSA-only hosts, HSTS/redirect status, connection errors, post-quantum readiness scores, adjacent domain discovery, and export functionality.

A full SSLBoard report includes nine sections:
1. Certificates — Expiration dates, issuer distribution, and CAA policy verification
2. TLS Versions — Which protocol versions each endpoint supports, with deprecated version warnings
3. Weak Cipher Suites — Insecure ciphers in use (3DES, RC4, NULL, EXPORT, CBC) with CVE references
4. Forward Secrecy — PFS support across all endpoints
5. Key Analysis — RSA key sizes, ECC curves, and RSA-only hosts
6. Web Hardening — HTTPS redirect and HSTS policy status
7. Connection Errors — DNS failures, timeouts, and certificate validation issues
8. Post-Quantum Readiness — Hybrid key exchange (MLKEM) support per endpoint
9. Adjacent Domains — Other domains covered by your certificates (SAN analysis)

SSLBoard retrieves your certificates from Certificate Transparency logs, then actively connects to every discovered endpoint to test real TLS handshakes — checking protocol versions, cipher suites, key exchanges, certificate deployment, HSTS headers, and HTTP redirects. It scans every IP address and port combination for each hostname. The entire process takes just a few minutes.

No. SSLBoard is fully agentless. We scan your public endpoints from the outside, the same way an attacker or auditor would. There is nothing to install, no firewall rules to change, and no credentials to share.

Most scans complete within a few minutes, depending on the number of endpoints discovered. Domains with thousands of hosts will take longer, but results are streamed progressively so you can see progress in real time.

Yes. The report provides evidence of your SSL/TLS inventory, deployed certificate verification, weak cipher identification, deprecated TLS version usage, and revocation status — all of which are relevant to PCI DSS requirements around strong cryptography. You can export the data and share the report link directly with your QSA or auditor.

Each report produces a weighted TLS score on a 0–100 scale (graded as Poor, Fair, Good, or Excellent). The score reflects the overall health of your TLS configuration across all endpoints, factoring in protocol versions, cipher strength, forward secrecy, key sizes, HSTS, and certificate validity. It gives you a single number to track improvement over time.

Yes. Since reports are on-demand with no subscription, you can run a new scan whenever you want — after a remediation cycle, before a quarterly review, or on an ad-hoc basis. Each scan produces a fresh, independent report.

SSLBoard uses only publicly available data: Certificate Transparency logs and standard TCP/TLS connections to your public endpoints. We do not collect sensitive data, install anything on your infrastructure, or profile you or your organization.

Yes. Reports are designed to be readable by both security experts and non-technical stakeholders. Every finding includes plain-language explanations. You can share the report link or export the data for internal distribution.

Free SSL checkers typically test a single hostname and show basic certificate info. SSLBoard discovers all endpoints across your entire domain — every IP, every port — and produces a structured, scored report covering nine categories of TLS health. It is closer to a professional penetration test report than a quick certificate lookup.

Post-quantum readiness measures whether your endpoints negotiate hybrid key exchanges (like X25519+MLKEM768) that are resistant to future quantum computer attacks. SSLBoard tells you exactly which endpoints are PQC-ready and which still need work, giving you a starting point for your migration plan.