Grades Calculation Process
We refer to the SSL Labs rating guide to explain how we calculate grades.
https://www.ssllabs.com/projects/rating-guide/index.html
There are a few differences in the way we assign grades:
- Certificate View will not penalize the grade under the following conditions:
-
Certificate hostnames do not match the site hostname (SSL Labs drops the grade to T)
-
Certificate has been revoked (SSL Labs drops the grade to F)
-
- SSL Labs runs browser simulation checks and may not penalize the server for using weaker ciphers if the browser simulations determine that the weaker ciphers are not negotiated when establishing the SSL connections. You may therefore see different grades in Certificate View for the following:
-
use of legacy 64-bit block ciphers (Certificate View drops the grade to C)
-
use of ciphers that theoretically support forward secrecy (CertView does not reward the server for using these ciphers)
-
use of CBC ciphers with TLS 1.2 or below (Certificate View drops the grade to F due to the GoldenDoodle vulnerability)
-
- Certificate View does not test for forward secrecy and will not penalize a server if it doesn't support forward secrecy.
SSL Labs caps grades to B and penalizes sites if the server does not support forward secrecy. This assessment is made primarily based on the 60+ browser handshake simulations performed during the SSL Labs assessment.
SSL Labs, however, does not penalize sites that use suites that are not capable of providing forward secrecy as long as they are not negotiated during browser handshake simulations Forward secrecy depends on a lot of information that cannot be detected remotely, such as the server caching policy of session tickets or the reuse of DH/ECDH keys. While Certificate View detects the ciphers that theoretically support forward secrecy, merely having such ciphers configured does not actually guarantee forward secrecy.
Color Coding and Labels in Cipher Suites
You can view the label and color code for the different Cipher suites.
| Color | Label |
|
Green |
Good |
|
Orange |
Weak |
|
Red |
Insecure |
|
Default (Black) |
Neutral |
To view the Cipher Suites go to Certificates > select Certificate > Hosts > Grades Summary > Cipher Suite and click + icon present in front of protocol.
