SSL Grade for Cloud is an asset based security grade given by NormShield to any monitored URL type asset with SSL support. The grade is based on the popular academic grading.

A+ being the best grade and means secure and F being the worst grade and mean the most insecure. The grade is calculated through the existence of various weighted SSL/TLS implementation/standard weaknesses;

- Certificate And Hostname Mismatch
**25** - SHA-1 Certificate Signature Algorithm
**3** - SSL/TLS Compression (CRIME SSL attack)
**10** - SSL Heartbleed Vulnerability
**15** - SSL Insecure Renegotiation
**5** - SSL Session Resumption With Session IDs
**3** - SSL Insecure SSLv2
**15** - SSL Insecure SSLv3 (Poodle Attack)
**15** - SSL TLS Fallback SCSV
**5** - SSL CCS Injection Vulnerability
**8** - SSL Insecure Key Size
**12** - SSL Insecure Anonymous Algorithms
**10** - SSL FREAK Vulnerability
**10** - SSL Insecure NULL Algorithms
**10** - SSL Session Resumption With TLS Tickets
**3** - SSL/TLS use of weak RC4 cipher
**6** - SSL TLSV1_2 Support
**8** - SSL Weak Cipher Suite (DES)
**5** - SSL Logjam Vulnerability (Weak DH Exchange)
**5** - SSL Drown Attack
**15** - SSL Beast Attack
**10** - SSL Breach Vulnerability
**8** - SSL Forward Secrecy
**5**

There are additional informational and warning level items that have no weights, therefore, not listed here. Also, note that most of the weaknesses listed above have different weights of which the sum is subtracted from 100, which gives the total score that is used to map the final grade according to the Table 1.

SSL Grade |
Detail |

A+ |
If the total score is equal to or bigger than 100 |

A |
If the total score is between 93 and 99 [inclusive] |

A- |
If the total score is between 90 and 92 [inclusive] |

B+ |
If the total score is between 87 and 89 [inclusive] |

B |
If the total score is between 83 and 86 [inclusive] |

B- |
If the total score is between 80 and 82 [inclusive] |

C+ |
If the total score is between 77 and 79 [inclusive] |

C |
If the total score is between 73 and 76 [inclusive] |

C- |
If the total score is between 70 and 72 [inclusive] |

D+ |
If the total score is between 67 and 69 [inclusive] |

D |
If the total score is between 63 and 66 [inclusive] |

D- |
If the total score is between 60 and 62 [inclusive] |

F |
If the total score is between 0 and 59 [inclusive] |

Table 1 - SSL grading table

## 0 Comments