SSL Labs To Encourage Modern Crypto Adoption With 2017 Grading Changes

SSL Labs, a security grading website that’s well known among developers and operators of websites that use HTTPS encryption, announced new plans to tighten up its grading rules for 2017. The group behind it hopes this will encourage more websites to adopt more modern encryption.

SSL Labs gives websites that use HTTPS encryption grades based on the encryption protocols and algorithms they use. For instance, if they use 15-year-old deprecated protocols, small encryption key sizes, or protocols that can be hacked, they may receive an "F", whereas if they adopt the latest, strongest encryption and protocols, they may get an A or A+.

This sort of grading is making it a little easier for website developers to analyze at a glance just how strong their website’s encryption is. At the same time, it encourages them to strive for better grades, which leads to better security for their websites and for their users.

New Changes For 2017

With TLS 1.3 around the corner, and with all the recent weaknesses found in TLS protocols, Qualys, the cloud security company behind the SSL Labs, is planning to implement new changes for its grading to better represent the new environment. That means sites that want to get an A or A+ in 2017 will have to adopt more modern protocols if they want to maintain their existing high grades.

For starters, sites that still use the two-decade-old 3DES protocol with the TLS 1.1 protocol or higher will be limited to grade C. However, if they keep the 3DES cipher suite at the end of their cipher suite list, which should minimize the times it’s used, the websites will not be penalized.

Forward Secrecy Required For A

Those who hope to get an A will have to use forward secrecy, or key rotation, for their site’s encryption. This security feature was quickly adopted post-Snowden revelations, because it’s a relatively effective way to reduce the damage done by sophisticated attackers who want to employ mass surveillance. Instead of having to steal a service’s encryption key every two years, they may have to steal it every two weeks, or even more often than that, depending on how websites configure their forward security.

AEAD Suites Required For A+

AEAD (Authenticated Encryption with Associated Data) cipher suites will be required for the A+ grade. Currently, SSL Labs doesn’t grade the use of AEAD suites in any way, but it wishes to correct this. This change also matches the arrival of TLS 1.3, which uses nothing but AEAD suites such as ChaCha20-Poly1305 and AES-GCM. Qualys also noted that AEAD suites will eventually be required for grade A, as well.

Protocol Downgrade Defenses

Over the past couple of years, we saw several downgrade attacks that took advantage of protocols once mandated by the U.S. government under export controls, or simply outdated protocols that were still in use for no good reason.

A new defense that protects against downgrade attacks and was introduced last year is called “TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks.” Since then, over 66% of servers already support it.

The SSL Labs test will now require its support if websites want to get A+. Qualys called out Microsoft’s IIS server software for not yet supporting this protection feature. As TLS 1.3, which is more protected against downgrade attacks, becomes more adopted, Qualys believes it would eventually eliminate the requirement to support this TLS_FALLBACK_SCSV feature.

All websites that use sub-128-bit ciphers will be given grade F. Servers that continue to use the RC4 cipher will be capped at C. As most web browsers have already promised, the use of the SHA1 hashing function will no longer be seen as secure starting in 2017, and SSL Labs will reflect this industry agreement, as well.

Future Changes

Qualy is already looking forward to a few more changes that would arrive in the “mid-term.” These include:

HSTS preloading required for A+AEAD suites required for AHSTS required for ASites with 3DES capped at B or CHarsher penalty for sites that continue to support RC4TLS 1.3 required for A+ (and for A, later, when the time is right)OCSP stapling (and, possibly, must-staple at some point) required for A+

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.