SSL Labs Grading Update: Forward Secrecy, Authenticated Encryption and ROBOT
Update March 1, 2018: The completion of these changes is documented under Version 1.31.0 in the SSL Labs Changelog.
We are giving advance notification for following grading criteria changes applying from March 1, 2018: Not using forward secrecy, not using AEAD suites, and vulnerability to ROBOT. Update: This release also includes a grading change for some Symantec certificates.
Penalty for not using forward secrecy (B)Forward secrecy (FS) also known as perfect forward secrecy (PFS), is a property of secure communication protocols in which compromises of long-term keys does not compromise past session keys. Forward secrecy protects past sessions against future compromises of private key. The very popular RSA key exchange doesn't provide forward secrecy. You need to support and prefer ECDHE suites in order to enable forward secrecy with modern web browsers.
SSL Labs will start penalizing servers that don't support forward secrecy; Grade will be capped to B. We will not penalize sites that use suites without forward secrecy provided they are never negotiated with clients that can do better.
Penalty for not using AEAD suites (B)Your site should use secure cipher suites. AEAD is the only encryption approach without any known weaknesses. The alternative, CBC encryption, is susceptible to timing attacks (as implemented in TLS). AEAD suites provide strong authentication, key exchange, forward secrecy, and encryption of at least 128 bits. TLS 1.3 supports only AEAD suites. SSL Labs doesn't currently reward the use of AEAD suites. In this grading criteria update we will start requiring AEAD suites for A.
Grade will be capped to B, if AEAD suites are not supported. As with forward secrecy, we will not penalize sites if they continue to use non-AEAD suites provided AEAD suites are negotiated with clients that support them.
We have talked about these changes in Announcing SSL Labs Grading Changes for 2017.
Penalty for ROBOT vulnerability (F)Return Of Bleichenbacher Oracle Threat, is an attack model based on Daniel Bleichenbacher chosen-ciphertext attack. Bleichenbacher discovered an adaptive-chosen ciphertext attack against protocols using RSA, he demonstrated the ability to perform RSA private-key operations. Researchers have been able to exploit the same vulnerability with small variations to the Bleichenbacher attack.
SSL Labs will start giving F" grade to the servers affected by ROBOT vulnerability from February 28, 2018 March 1, 2018. Note: All changes described in this blog post go live on March 1.
SSL Labs has started giving a warning if the site doesn't support forward secrecy and/or AEAD suites; or if the site is vulnerable to ROBOT.
Penalty for using Symantec Certificates (T)Starting March 1, 2018, SSL Labs will give T" grade for Symantec certificates issued before June 2016.
See details in Google and Mozilla are Deprecating Existing Symantec Certificates.