« SSL Pulse: 49% vulnerable to CVE-2014-0224, 14% exploitable | Main | Bulletproof SSL and TLS June Update: Cryptography, Protocol, and PKI »

SSL Labs: New grades for trust (T) and mismatch (M) issues

June 17, 2014

In the 1.10.x code branch of SSL Labs, which was deployed to production last week, we made a change in how we handle assessments with trust issues. Previously, all certificates that we couldn't validate (largely because they were self-signed or issued from a private CA root) were given an F grade. In this latest version, we introduced two new grades:

  • Trust issues (T); If we don't trust a certificate (and there aren't any other security issues), we assign it a T grade (for "trust)". This grade is thus used when the server is otherwise well-configured. Just below the T grade, we note the grade the server would get if the trust issues were resolved.
  • Name mismatch issues (M); In some cases, trust issues come from name mismatches and usually when a server doesn't actually use encryption. Such sites now get an M grade (for "mismatch").

I expect the introduction of these new grades is going to help our users better understand what's really going on.

MY BOOK: If you like this blog post, you will love Bulletproof SSL and TLS. For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI and will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. It's available now.