SSL Labs: New grades for trust (T) and mismatch (M) issues

In the 1.10.x code branch of SSL
Labs
, which was deployed to production last week, we
made a change in how we handle assessments with trust issues. Previously,
all certificates that we couldn’t validate (largely because they were
self-signed or issued from a private CA root) were given an F grade. In this
latest version, we introduced two new grades:

  • Trust issues (T); If we don’t trust a certificate (and there
    aren’t any other security issues), we assign it a T grade (for „trust)“.
    This grade is thus used when the server is otherwise well-configured. Just
    below the T grade, we note the grade the server would get if the trust
    issues were resolved.

  • Name mismatch issues (M); In some cases, trust issues come from
    name mismatches and usually when a server doesn’t actually use encryption.
    Such sites now get an M grade (for „mismatch“).

I expect the introduction of these new grades is going to help our users
better understand what’s really going on.