search

ssllabs / ssllabs-scan

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.
https://www.ssllabs.com/projects/ssllabs-apis/
Apache License 2.0
1.71k stars 243 forks source link

Apache-2.4.37.1 + OpenSSL-1.1.1.2 + TLSv1.3 - Cipher Strength caps at 90% #664

Open davidfavor opened 6 years ago

davidfavor commented 6 years ago

If I set SSLCipherSuite TLSv1.3 I do see only TLSv1.3 ciphers supported with Chrome 70 as only client which connect, which seems correct.

What seems incorrect, is...

1) Score caps at A+, rather than A++.

2) Cipher Strength caps at 90%, rather than 100%.

Let me know if this is correct (A+ with max 90% Cipher Strength) or...

my config is broken...

or the SSL Labs tester is broken.

Thanks.

ArchangeGabriel commented 6 years ago
  1. I don’t think there is an A++ grade.
  2. If you have any 128 bit cipher, then that is expected. Whether that should be the case or not is discussed in #636.