How are Grades Calculated?

We refer to the SSL Labs rating guide to explain how we calculate grades.

https://www.ssllabs.com/projects/rating-guide/index.html

There are a few differences in the way we assign grades:

- Certificate View will not penalize the grade under the following conditions:

- SSL Labs runs browser simulation checks and may not penalize the server for using weaker ciphers if the browser simulations determine that the weaker ciphers are not negotiated when establishing the SSL connections. You may therefore see different grades in Certificate View for the following:

- Certificate View does not test for forward secrecy and will not penalize a server if it doesn't support forward secrecy.

SSL Labs caps grades to B and penalizes sites if the server does not support forward secrecy. This assessment is made primarily based on the 60+ browser handshake simulations performed during the SSL Labs assessment.

SSL Labs, however, does not penalize sites that use suites that are not capable of providing forward secrecy as long as they are not negotiated during browser handshake simulations Forward secrecy depends on a lot of information that cannot be detected remotely, such as the server caching policy of session tickets or the reuse of DH/ECDH keys. While Certificate View detects the ciphers that theoretically support forward secrecy, merely having such ciphers configured does not actually guarantee forward secrecy.

Color Coding and Labels in Cipher Suites

You can view the label and color code for the different Cipher suites.

Color Label

Green

Good

Orange

Weak

Red

Insecure

Default (Black)

Neutral

 

To view the Cipher Suites go to  Certificates > select Certificate > Hosts > Grades Summary > Cipher Suite and click + icon present in front of protocol.

View color code in Cipher Suite