I'm struggling to understand how a website can score A+ although _only_ weak ciphers are available (Example). Would an A+ not create a false view on security in this case?
Why does the marking of CBC ciphers as weak have no impact on the grade? What is the rationale and is there a plan on when this will change?
I appreciate any insights on this.