SSL Labs: New Grades for Trust (T) and Mismatch (M) Issues

Ivan Ristic

In the 1.10.x code branch of SSL Labs, which was deployed to production last week, we made a change in how we handle assessments with trust issues. Previously, all certificates that we couldn’t validate (largely because they were self-signed or issued from a private CA root) were given an F grade. In this latest version, we introduced two new grades:

  • Trust issues (T); If we don’t trust a certificate (and there aren’t any other security issues), we assign it a T grade (for "trust)". This grade is thus used when the server is otherwise well-configured. Just below the T grade, we note the grade the server would get if the trust issues were resolved.
  • Name mismatch issues (M); In some cases, trust issues come from name mismatches and usually when a server doesn’t actually use encryption. Such sites now get an M grade (for "mismatch").

I expect the introduction of these new grades is going to help our users better understand what’s really going on.

Show Comments (2)

Comments

Your email address will not be published. Required fields are marked *

  1. Hi,

    How do we resolve the issues with those with T grades? Do you have any advice? We have already deleted IP but we are wondering where we get the T grade.

    Any help will be appreciated. Thanks