Follow

SSL Grade for On Premise

SSL Grade for on-premise installations is a grade given by NormShield to any monitored URL type asset with SSL support. The grade is in the range of A-F. A being the best grade and means secure and F being the worst grade and mean the most insecure. The grade is calculated through the existence of various SSL weaknesses;

  • Hostname mismatch with the CN on the signature - %16
  • The use of SHA-1 insecure signature - %3
  • The existence of compression (resulting in CRIME SSL attack) - %7
  • Famous (or infamous) Heartbleed weakness - %30
  • Support of SSL Renegotiation which may result in Denial of Service attacks - %6
  • ID based based unsupported session resumption which may result in performance problems - %6
  • Support of weak SSLv2 - %10
  • Support of now considered weak SSLv3 - %6
  • Support of insecure key sizes, such as export RSA key sizes - %4
  • Support of anonymous algorithms - %4
  • Support of exported algorithms - %4
  • Support of null algorithms - %4

Note that most of the weaknesses listed above have the different weights but non-existence of weaknesses adds up to 100 and a grade is given according to the Table 1.

SSL Grade

Detail

A

If the total score is bigger than 90

B

If the total score is bigger than 80

C

If the total score is bigger than 70

D

If the total score is bigger than 60

E

If the total score is bigger than 50

F

If the total score is bigger than 0

Table 1 - SSL grading table

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk