AnsweredAssumed Answered

Rating guide - Cypher Strength value

Question asked by Michael Brophy on Aug 7, 2017
Latest reply on Aug 7, 2017 by j-mailor

I have been trying to apply the logic from the rating guide to some results to better understand the logic and have confused myself. I took a result - SSL Server Test: (Powered by Qualys SSL Labs)  - and tried to understand how the values for the criteria were derived.


Protocol Support

The site is awarded 95/100 for protocol support. (100 (for TLS 1.2) + 90 (for TLS 1.0))/2. = 95 


Key Exchange

The site is awarded 90/100. 2048 bit key and not using weak key.

KeyRSA 2048 bits (e 65537)
Weak key (Debian)No


Cipher Strength

The site is awarded 90/100 for cipher strength. The strongest in the list (# TLS 1.2 (suites in server-preferred order)) is 256 and the weakest is 112. So by the rating guide it should be (100 (for 256 bit) + 20 (for 112 bit))/2 = 60. 


Am I misunderstanding how the Cipher Strength is computed? Is the calculation I am using for the protocol support and key exchange correct?