A nicely presented online tool from Qualys lets us check the security of SSL configurations used by public websites.
SSL is not exactly the security panacea that is usually implied by online businesses. It can be configured on the servers to negotiate and establish connections using older, weaker algorithms, instead of the more recent, stronger, recommended ones - or not. The Qualys tool presumably connects and tries to persuade the tested site to fall back to one of the deprecated SSL algorithms, marking down the site's score if it succeeds.
This is a simple illustration of the complexity of IT security management today, and the value of routine independent pen testing of corporate websites.
Regards, Gary (Gary@isect.com)
[Thanks to Jim for the heads-up on this.]