Skip to content

SSL Labs Assessment Policy v2017

Jump to bottom
Ivan Ristić edited this page Nov 15, 2016 · 16 revisions

Part 1: New Grading Approach

  • Use the entire A-F range, and A+ for exceptional configuration
  • Reasonably well-configured servers get A+, A, and B.
  • Servers with problems get grades C to F.
  • Severity of a problem strongly influences the grade.
  • Meanings of different grades:
    • A+ - exceptional configuration, security leader
    • A - good configuration
    • B - server supports obsolete crypto, but doesn't use it with modern clients
    • C - server relies on obsolete cryptography
    • D - low-severity problem
    • E - medium-severity problem
    • F - high-severity problem
  • Additional grades:
    • T - for a server that doesn't have a publicly trusted certificate
    • M - for a server that doesn't have a valid certificate

Part 2: Baseline Configuration

Key and certificate:

  • Strong private key (min. 2048-bit RSA or 256-bit ECDSA)
  • Strong signature (SHA2)
  • Valid publicly-trusted certificate
  • Complete certificate chain
  • Revocation information (except for short-lived certificates)

Protocol and configuration:

  • TLS v1.2
  • 128-bit cipher suites
  • AEAD cipher suites
  • Cipher suite preference (best possible suite is negotiated)
  • Forward secrecy
  • Strong key exchange
  • Secure renegotiation
  • Session/ticket longevity

For HTTP:

  • HTTP Strict Transport Security
  • No mixed content
  • Secure session cookies

Part 3: Exceptional Configuration

  • HSTS with long duration (6+ months), included subdomains and preloaded
  • Third-party mixed content is expressly forbidden via CSP
  • Protection against CRIME in place

Candidates:

  • Must-staple
  • HPKP
  • TLS 1.3

Part 4: Problems

  • SSL v2
  • SSL v3 (POODLE)
  • TLS v1.0
  • Insecure renegotiation
  • BEAST
  • CRIME, TIME, BREACH
  • Lucky 13
  • RC4
  • POODLE TLS
  • FREAK
  • Logjam
  • SLOTH
  • DROWN
  • Heartbleed

Appendix: Implementation rules

Component classification:

  • delight:
  • expected: absence of feature makes the configuration obsolete
  • obsolete: should not be used when better options are available
  • weak: stronger should not be used
  • insecure: must not be used

Classification

  • TLS 1.2: expected

  • SSLv3: obsolete

  • SSLv2: insecure

  • RSA key exchange (no forward secrecy): weak

  • KX strength < 2048 bits: obsolete

  • KX strength < 1024 bits: weak

  • KX strength <= 768 bits: insecure

  • Known DH parameters 10248 bits: weak

  • Auth strength < 2048 bits: weak

  • Auth strength < 1024 bits: insecure

  • Cert signature SHA1: weak

  • Cert signature MD5, MD2: insecure

  • Ciphers below 128 bits (excluding 3DES): insecure

  • Ciphers that use 64-bit blocks (e.g., 3DES): weak

  • RC4: insecure

  • Anonymous suites: insecure

  • CBC suites: obsolete

  • Secure renegotiation not supported: obsolete

Clone this wiki locally