since new grading this month, there are two new cases which cause a downgrade to B:
A) This server does not support Forward Secrecy with the reference browsers. Grade capped to B
B) This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B
I wonder what will happen when server have such Kind of cipher set:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (or other FS RSA variant) as priorized cipher
and TLS_RSA_WITH_AES_128_GCM_SHA256 (or other static AEAD variant)
I assume it would get an A cause ref browser would use non-AEAD but FS cipher and otherwise server also "Supports" an AEAD cipher.
But in fact only ONE of these ciphers is used (FS-nonAEAD or AEAD-nonFS) at same time.
Which would be quite absurd (imho) if it get an "A" than, isn't it ?