polarathene
commented
3 years ago TLS_RSA will be considered weak since it's not able to support Forward Secrecy, which is an issue if the private key is stolen as any past recorded encrypted traffic could be decrypted.
CBC cipher suites would get marked as weak due to history various padding oracle vulnerabilities, they may not be exploitable, but due to that history, they're generally discouraged.
Despite that, for certain clients especially older ones, they might only support RSA key exchange or AES CBC for encryption. If that's not a concern (monitoring connections would help know that), which it usually is not for majority of your audience at least with modern web browsers, then you could disable those just to be safe. If you use server ordering/preference, neither should be a major concern (although a MitM attacker can workaround that AFAIK).
Legitimate client examples could be old devices like printers/scanners that would try to establish a secure connection to transfer documents. Some API clients with outdated Java versions (6/7 IIRC). Old Android clients (although they might not even support TLS 1.2 in that case, it's rare but apparently still a small percentage of Android 4.x are still active in 2020). Stuff like that.
Presumably the score is indicating that you're solid, there is no known practical vulnerabilities that can be exploited. The cipher suites themselves have their weaknesses as mentioned, but the likelihood of being targeted for them may be low if you're low value to an attacker to not warrant the interest/effort. Since there can be legitimate reasons for these, the score is not being decreased, you're just being warned that they're considered WEAK, not VULNERABLE.
As for the scoring itself, you can get insights into it from here. Which should explain why you're not receiving a score based on the above concern.
- Protocol: TLS 1.2 minimum, 100% for this metric.
- Key Exchange: You use a key(or DH params) less than 4096-bits (like the standard LetsEncrypt 2048-bit RSA cert), so you get capped at 90% for this metric.
- Cipher strength: You support cipher suites that don't have a cipher strength of 256-bit minimum (the 128-bit ones, which are absolutely fine tbh), 80% cap for this metric.
Thus with the given score breakdown, we get (30 * 1.0) + (30 * 0.9) + (40 * 0.8) = 89, which maps to grade A (there's no mention of what an A+ is, perhaps the certificate score is bundled into this and you get a bump to 90-something?)
After that score, there is a bunch of checks that will cap your grade, rather than reduce it by a certain amount of points/percent. They actually do detail in 2014 the A- and A+ grade additions:
New grade A- is introduced for servers with generally good configuration that have one or more warnings.
New grade A+ is introduced for servers with exceptional configurations. At the moment, this grade is awarded to servers with good configuration, no warnings, and HTTP Strict Transport Security support with a max-age of at least 6 months.
So technically, your expectations is that you're graded A-?
After scanning a site I did not have a good TLS negociation, I tested it and the result came back with the mark "A+", only using TLS1.2, but with weak cipher suites (Picture attached).
How can a site have a perfect score of "A+" while not using the best ciphers ?