Dear Qualys team,
We are using your API for SSL Server Test and would like to make use of the graph breakdown (Certificate, Protocol Support, Key Exchange and Cipher Strength) displayed in the summary section alongside with the Overall Rating.
We managed to get lots of useful data thanks to your API endpoints (/getEndpointData and /analyze):
Note: The host youtube.com has been used only for testing purposes!
How this json data retrieved through /getEndpointData is being related and calculated as shown in the Protocol Support section of the graph?
Not very clear how Key Exchange and Cipher Strength are being calculated. Also what about the Certificate section?
Should we make use of the SSL Server Rating Guide? And how much we can rely on these formulas presented for Protocol Support, Key Exchange and Cipher Strength? What would happen when a server uses TLS 1.3? Isn't that formula going to create a wrong Protocol Support score?
Please could you explain how to calculate the Certificate section of the graph as this is not available in the SSL Server Rating Guide?
Finally, is there an easy way to retrieve the graph data out of the box using your API? (A different API endpoint maybe?)