Encrypt everything.  That's what Google Chairman Eric Schmidt said back in November of last year.  His comments were in response to various surveillance efforts that he considered government overreach and censorship.  His rationale...if you are going to spy on everything I send across the Internet, then I'll simply encrypt it all so you can't read it.  Other companies like Facebook, Twitter, Yahoo, and many others have taken similar steps.  In addition, Mark Nottingham (chairman of the group developing the new HTTP/2 protocol) said, "I believe the best way that we can meet the goal of increasing use of TLS on the Web is to encourage its use by only using HTTP/2 with https:// URIs."

With all this encryption momentum from giants in the industry, the HTTPS path has been paved and everyone who wants to stay relevant will have to get on board.   So, the world is moving to "encrypt everything" and you want to follow suit.  Unfortunately, there are many different options to consider when implementing SSL on your web server.  Wouldn't it be nice to just have a checkbox that said "click here for SSL implementation"?  It's not that simple. 

Fortunately, there are many different web-based tools that allow you to score the effectiveness of your web server's SSL implementation.  Many of these tools provide recommendations on how to improve your web server's security and make it stronger and more efficient.  Some of these include Wormly, SSL Shopper, DigiCert, and GlobalSign to name a few.  Some of these tools just give you basic certificate information while others dig a little deeper into performance and known vulnerability status.  There's no magic formula or mandate that forces any of these tools to look at one thing over another, so they all test things a little bit differently. 

That said, the undisputed industry thought leader in this space is Qualys SSL Labs.  Qualys does a great job of conducting a comprehensive inspection of the SSL implementation on your web server.  Some may question the need for having a good grade on the SSL Labs test, but imagine a customer checking, for example, their bank website and finding a bad grade for SSL implementation.  If my bank had a failing grade on SSL implementation, it would certainly get my attention and it might make me think twice about moving my money and my business elsewhere.  Even though an organization may not totally agree with the way Qualys approaches web server testing, it's still important to understand their testing methodology so as to align SSL implementation practices with their recommendations. 

How does SSL Labs approach web server testing?  They have a fairly short and easy to read SSL Server Rating Guide that outlines the exact methodology they use for testing.  Their approach consists of 4 steps:

  1. Look at a certificate to verify that it's valid and trusted
  2. Inspect server configuration in three categories:
    • Protocol support
    • Key exchange support
    • Cipher support
  3. Combine the category scores into an overall score (a score of zero in any category will push the overall score to zero), then calculate an overall letter grade
  4. Apply a series of rules to handle aspects of server configuration that cannot be expressed via numerical scoring

 

The final letter grade is based on the following overall numerical score:

Numerical Score

Letter Grade

  >= 80

A

  >= 65

B

  >= 50

C

  >= 35

D

  >= 20

E

  < 20

F

 

Who knew you could get an "E" grade?!?  I'm pretty sure I've received every other letter grade on that scale at some point in my life, but never an E.  By the looks of where it fits on the scale, I don't want to start now.  Anyway, let's quickly look at each of the 4 areas they test.

 

Certificate Inspection

Three certificate types are currently in use:  domain-validated, organization-validated, and extended-validation (EV) certificates.  SSL Labs only requires that a certificate be correct and does not go beyond that basic requirement.  They do recommend EV certificates for higher-value web sites but they have no way of knowing the purpose of each web site so they simply check to make sure the site's certificate is valid and trusted.  However, they do note some certificate issues that will immediately result in a zero score:

  • Domain name mismatch
  • Certificate not yet valid
  • Certificate expired
  • Use of a self-signed certificate
  • Use of a certificate that is not trusted (unknown CA or some other validation error)
  • Use of a revoked certificate
  • Insecure certificate signature (MD2 or MD5)
  • Insecure key

 

Server Configuration

The three criteria used for server configuration are protocol support (30% of grade), key exchange (30% of grade), and cipher strength (40% of grade). 

Protocol support is graded against the following criteria:

Protocol

Score

  SSL 2.0

0%

  SSL 3.0

80%

  TLS 1.0

90%

  TLS 1.1

95%

  TLS 1.2

100%

 

They start with the score of the best protocol used on your web server and then add the score of the worst protocol and then divide the total by 2.  This doesn't account for any protocols in between the best and worst on your site, but that's why it's important to understand how they calculate all this stuff.  For example, if your site supports SSL 3.0, TLS 1.1, and TLS 1.2, your score would be (100 + 80) / 2 = 90.  How would you increase that score?  Well, if you continued support for TLS 1.1 and TLS 1.2 and dropped support for SSL 3.0, your score would move up to (100 + 95) / 2 = 97.5

Key exchange is graded against the following criteria:

Key Exchange

Score

  Weak key (Debian OpenSSL flaw)

0%

  Anonymous key exchange (no authentication)

0%

  Key or DH parameter strength < 512 bits

20%

  Exportable key exchange (limited to 512 bits)

40%

  Key or DH parameter strength < 1024 bits (e.g., 512)

40%

  Key or DH parameter strength < 2048 bits (e.g., 1024)

80%

  Key or DH parameter strength < 4096 bits (e.g., 2048)

90%

  Key or DH parameter strength >= 4096 bits (e.g., 4096)

100%

 

Cipher strength is the final piece of the server configuration equation.  Servers can support varying strengths of ciphers, so SSL Labs scores the cipher strength the same way they do the protocol strength...take the score of the strongest cipher, add the score of the weakest cipher, and divide by 2.  The scores for each cipher are as follows:

Cipher Strength

Score

  0 bits (no encryption)

0%

  < 128 bits (e.g., 40, 56)

20%

  < 256 bits (e.g., 128, 168)

80%

  >= 256 bits (e.g., 256)

100%

 

 

Sample Web Server

Let's say your web server has the following configuration:

  • Valid and trusted certificate
  • Protocol support for TLS 1.0 and TLS 1.1
  • RSA key with 2048 bit strength
  • Cipher algorithm is AES/CBC with 256 bit strength

In this case, you would score a 92.5 for protocol support, a 90 for key exchange, and a 100 for cipher strength.  Protocol support accounts for 30% of the overall grade, so you multiply 92.5 by 30%.  Key exchange is also 30% of the overall grade, and cipher strength is 40% of the overall grade.  Using these values, you would score a (92.5 * 30%) + (90 * 30%) + (100 * 40%) = 94.75.  Converting this numerical score to a Letter Grade would yield an overall "A" score.  Congratulations!

 

Important Things to Consider...

SSL Labs periodically changes their grading criteria and methodology based on changes in technology.  Here are some recent changes that they have published:

  • SSL 2.0 is not allowed (results in an automatic "F")
  • Insecure renegotiation is not allowed (results in an automatic "F")
  • Vulnerability to the BEAST attack caps the grade at B
  • Vulnerability to the CRIME attack caps the grade at C (previously capped at "B" but changed in the May 2015 test version)
  • The test results no longer show the numerical score (0-100) because they realized that the letter grade (A-F) is more useful (they still calculate the numerical score...they just don't show it to you)
  • No longer require server-side mitigation for the BEAST attack
  • Support for TLS 1.2 is now required to get an A grade. Without it, the grade is capped at a B
  • Keys below 2048 bits (e.g., 1024) are now considered weak, and the grade is capped at a B
  • Keys under 1024 bits are now considered insecure (results in an automatic "F")
  • Grade A- is introduced for servers with generally good configuration that have one ore more warnings
  • Grade A+ is introduced for servers with exceptional configurations. At the moment, this grade is awarded to servers with good configuration, no warnings, and HTTP Strict Transport Security support with a max-age of at least 6 months
  • MD5 certificate signatures are now considered insecure (results in an automatic "F")
  • Clarified that insecure certificate signatures affect the certificate score. This has always been the case for MD2
  • Clarified that the strength of DHE and ECDHE parameters affects key exchange scoring. This has always been the case, but previous revisions of the text were not clear about it
  • An A+ score is not awarded to servers that use SHA1 certificates
  • Overall grade is capped at C if vulnerable to POODLE attack
  • An A+ score is not awarded to servers that don’t support TLS_FALLBACK_SCSV
  • Overall grade is capped at B if SSL 3 is supported
  • Overall grade is capped at B if RC4 is supported
  • Overall grade is capped at B if the chain is incomplete
  • Servers that have SSL 3.0 as their best protocol automatically fail
  • Cap grade at "B" if using weak DH parameters (less than 2048 bits)
  • If vulnerable to CRIME attack, best grade is capped at "C" (was "B" prior to May 2015 test version)
  • Cap grade at "C" if RC4 is used with TLS 1.1+
  • Cap grade at "C" if not supporting TLS 1.2
  • Fail servers that support only RC4 suites

 

Hopefully you can start to see how your overall grade can change based on different options and configurations.  As SSL Labs changes their grading criteria and testing methodology (i.e. will support for HTTP 2.0 be needed for an "A" grade in the future?) you should stay aware of what they are doing and how your web site is affected by their changes.  It's important to check back periodically to see how your grade looks...your customers are certainly checking on you!  After all, if you're gonna "encrypt everything" you might as well encrypt it correctly.


 

Knowing all this, you can more easily configure your web server to go from this grade...

SSL Labs - F Grade

 

To this grade...

SSL Labs - A Grade

 

Here's to great web site configurations, effective security, and A+ grades!