SSL Grade Tester
Open a live TLS handshake to any HTTPS host on port 443 and read back the negotiated protocol, cipher, and certificate details, summarized as a quick grade.
How to use this tool
- 1
Type a hostname or full URL into the input box (for example example.com or https://example.com) — the tool extracts the hostname and always connects on port 443.
- 2
Click 'Grade SSL' to make the server open a TLS connection to that host.
- 3
Read the big grade card (A+, A, or F) for the headline result.
- 4
Scan the details table for the negotiated protocol, cipher, issuer, and certificate expiry date, plus any warning notes listed below it.
What does this SSL grade actually measure?
This tool opens a single live TLS handshake to the host you enter on port 443, using the hostname as the SNI server name, and then reports what the server and Node.js agreed on. The grade is a small heuristic, not the multi-dimensional score that Qualys SSL Labs produces. It works on exactly two signals: the negotiated protocol version and the negotiated cipher name. TLS 1.3 earns A+, TLS 1.2 earns A, and any older protocol (TLS 1.1, TLS 1.0, SSL 3.0) drops straight to F. Separately, if the cipher name contains the substring RC4 or DES, the grade is forced to F. There is no B, C, or D in practice. The certificate's expiry is read and shown, and a warning line appears when fewer than 30 days remain, but expiry does not change the letter grade. Crucially, the connection is made with certificate-chain verification disabled, so a self-signed, expired, or hostname-mismatched certificate still connects and still gets graded purely on its protocol and cipher. Treat the result as a fast sanity check on the single handshake your server happened to negotiate, not a full audit.
Common use cases
Confirm a freshly deployed site negotiates TLS 1.3 (A+) rather than silently falling back to TLS 1.2 or older.
Spot-check an internal or staging host that uses a self-signed certificate, since the tool connects even when the chain does not validate.
Quickly see a certificate's issuer and expiry date and whether it falls inside the 30-day warning window.
Catch a server still offering a legacy protocol or an RC4/DES cipher, which immediately scores F.
Sanity-check a vendor or partner endpoint before integrating, to see what protocol and cipher your client would actually get.
Demonstrate to a teammate, in seconds, why 'it has HTTPS' is not the same as 'it has a modern TLS configuration'.
Frequently asked questions
How is this different from Qualys SSL Labs?▼
Why does an expired or self-signed certificate still get a grade?▼
Does the certificate expiry affect the grade?▼
Can I test a host on a port other than 443?▼
Does the check run in my browser?▼
What do A+, A, and F mean here?▼
Why did my test time out or error?▼
Related tools
DNS Lookup
Look up DNS records (A, AAAA, MX, TXT, NS) for any domain.
WHOIS Lookup
Get full WHOIS data for any domain.
SSL Certificate Checker
Check SSL certificate validity, issuer, and expiry.
HTTP Header Analyzer
Inspect HTTP response headers and security signals.
HTTP Status Code Checker
Check status code of any URL — single or bulk.
Redirect Chain Tracer
Follow every hop in a redirect chain.