Golang API wrapper for the SSLabs API


I have now completed my API Wrapper series with this new one for the SSLLabs API, currently at v3. It is the perfect complement to the Cryptcheck) API and the Mozilla Observatory one I published earlier.

Welcome to the Golang API wrapper, now at version 0.10.0 (and using Semantic Versioning to ensure compatibility) and available on Github there.


Like many Go libraries and utilities, it is very easy to install:

$ go get github.com/keltia/ssllabs/cmd/...

I use this form because in addition to the library itself, there is a small command included.

The current version of the API wrapper is v0.10.0 (see here)

All calls except for getRootCertsRaw are implemented. The current list is:

Function Arguments Returns API call
Info none struct ssllabs.Info info
Analyze site: string struct ssllabs.Host analyze
GetGrade site: string struct ssllabs.Host analyze
GetEndpointData site: string struct ssllabs.Endpoint getEndpointData
GetStatusCodes none struct ssllabs.StatusCodes getStatusCodes

Currently more than 88% of the code is covered by tests, what is left are some error cases that I find a bit complicated to implement (for now). All the modules are automatically build and tested through Travis CI.


Like the README.md shows, usage is very easy, there are only to main functions, GetGradeand GetDetailedReport. You have to initialize the client first of course:

client := ssllabs.NewClient()
grade, err := client.GetGrade("www.example.com")
endp, err := client.GetEndpointData("www.ssllabs.com")

You can also pass parameters to NewClient() to change defaults:

cnf := ssllabs.Config{Timeout: 5, Log:2}
client := ssllabs.NewClient(cnf)

Changeable parameters include the log level for verbosity (Log can be 0, 1 or 2) and whether you want to force a re-check of the site to avoid getting a cached version. (Refresh: true). See the README.md file.

For convenience, I have also written the ssllabs utility (found in cmd/ssllabsof course) if you just want a nice example and a quick reading:

$ ssllabs www.ssllabs.com
ssllabs Wrapper: 0.2.0 API version 0.10.0

Grade for 'www.ssllabs.com' is A+

You can run ssllabs with the -d option, in which case you will get a JSON dump of the whole report. You can send it over to jq for further processing.

If you like this module, you can “star” on github, fork it, etc. It is under the BSD 2-clause license.


I use the Semantic Versioning numbering scheme for this API to facilitate developers’ usage and maintenance.

It is also vgo-compatible and includes the go.modfile for vgo metadata. See this series of articles for more details. vgo aims to be the future scheme to properly manage module dependencies as proposed by Russ Cox.

Final note

You can find a very detailed example about using the three API wrappers in my erc-checktls utility, which was at the start of all this. I begun to write it to analyse the output of the SSLLabs utility ssllabs-scan and during its evolution, I extracted my code into the modules.