The kind folks over at Qualys are running a site which will “grade” an SSL server based on its security configuration. The site below will generate a report card of a site’s SSL configuration based on factors such as the certificate chain, cipher suites, and protocols allowed.
According to this H article, Google is beginning to beta a new feature of providing SSL for their standard web search service. As one commenter noted, Google is still collecting the same information from your searches but this will limit 3rd parties from eavesdropping on your search queries. Remember SSL doesn’t guarantee absolute privacy as there’s Moxie Marlinspike’s work, chance of CA intermediaries, and your employer loading their own trusted CA’s into your corporate devices.
There’s a nice tool that will perform SSL man in the middle attacks. In layman’s terms this means when this tool is run on a gateway it will create a clear text HTTP stream on the network (that you can sniff) when someone creates a HTTPS session. i.e. Someone logs into Gmail via HTTPS and there will be an HTTP clear text mirror of that session which you can sniff via Wireshark.
Check it out here: www.thoughtcrime.org/software/sslstrip/