SSL Labs Grading
SSL Labs first launched in 2009, its main goal being to provide thorough diagnostics of SSL/TLS and PKI configuration concerns. However, the project also provided a way to measure and compare configuration quality, primarily using the A-F letter grades. This grading approach proved very popular and helped many businesses improve their security stance.
Below is a set of easy and understandable grading criteria. The grades are between A+ to F and will allow you to have an idea of the state of your SSL/TSL and PKI configuration results. It provides a way to measure and compare configuration quality by using the grading criteria. What the grades mean:
- A+ - exceptional configuration
- A - strong commercial security
- B - sufficient security with modern clients, with older and potentially obsolescent crypto used with older clients, potentially smaller configuration problems
- C - outdated configuration, uses obsolete crypto with modern clients, potentially bigger configuration problems
- D - configuration with security problems that are normally difficult or unlikely to be exploited, but can and should be tackled
- E - unused
- F - vulnerable and/or patchable problems, misconfigured server, insecure protocols, etc
- T (trust) – if we do not trust the certificate however, there are no other trust issues, we assign it a T. It is otherwise used when the server is well configured.
- M (mismatch) – trust issues come from name mismatches and typically when a server does not essentially use encryption
- N/A – no rating applies
A+ is the most desirable grade, with A and B are still good with satisfactory security. The B grade may be applied to configurations intended to support very wide audiences, many of whom use very old-fashioned programs to connect. The C grade is commonly used for configurations that do not follow best procedures. Grades C, D and F are used for servers with critical configuration and security concerns.
For more information on our Qualys scans, please look at our MyVAS solutions with variable frequencies, segmentation of assets by entity, comprehensive support, and tailored reports.