We refer to the SSL Labs rating guide to explain how we calculate grades.
https://www.ssllabs.com/projects/rating-guide/index.html
There are a few differences in the way we assign grades:
Certificate hostnames do not match the site hostname (SSL Labs drops the grade to T)
Certificate has been revoked (SSL Labs drops the grade to F)
use of legacy 64-bit block ciphers (Certificate View drops the grade to C)
use of ciphers that theoretically support forward secrecy (CertView does not reward the server for using these ciphers)
use of CBC ciphers with TLS 1.2 or below (Certificate View drops the grade to F due to the GoldenDoodle vulnerability)
SSL Labs caps grades to B and penalizes sites if the server does not support forward secrecy. This assessment is made primarily based on the 60+ browser handshake simulations performed during the SSL Labs assessment.
SSL Labs, however, does not penalize sites that use suites that are not capable of providing forward secrecy as long as they are not negotiated during browser handshake simulations Forward secrecy depends on a lot of information that cannot be detected remotely, such as the server caching policy of session tickets or the reuse of DH/ECDH keys. While Certificate View detects the ciphers that theoretically support forward secrecy, merely having such ciphers configured does not actually guarantee forward secrecy.
You can view the label and color code for the different Cipher suites.
Color | Label |
Green |
Good |
Orange |
Weak |
Red |
Insecure |
Default (Black) |
Neutral |
To view the Cipher Suites go to Certificates > select Certificate > Hosts > Grades Summary > Cipher Suite and click + icon present in front of protocol.