Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


sslLabs rating of B?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

sslLabs rating of B?

adamMcadamMc Member

Hi,

I work for a company that has an SSL LABS rating of B. I did not configure the cert, but do you think this is problematic? It is a huge company with over 20K employees... do you think I should bring it up to their IT?

-Adam

Comments

  • NekkiNekki Veteran

    No. They’ll already be aware and either do not care or have plans for remediation. A ‘B’ rating is better than a lot of large companies too, I know of plenty of larger organisations with C ratings on certificates.

  • angstromangstrom Moderator
    edited June 2018

    @adamMc said:
    Hi,

    I work for a company that has an SSL LABS rating of B. I did not configure the cert, but do you think this is problematic? It is a huge company with over 20K employees... do you think I should bring it up to their IT?

    -Adam

    A wild guess would be that the server doesn't support Forward Secrecy.

    Anyway, as @Nekki says, a B rating isn't bad at all, and it's not so easy to obtain an A rating -- you really have to know how to configure the server well (and it also depends on the capabilities of the server).

  • WebProjectWebProject Host Rep, Veteran

    its very easy to correct the issues and upgrade from B to A+ rating.

  • No problem there

  • ClouviderClouvider Member, Patron Provider
    edited June 2018

    @WebProject said:
    its very easy to correct the issues and upgrade from B to A+ rating.

    On your average little, simple web server, maybe. Corporate ones might have different, legacy needs.

  • WebProjectWebProject Host Rep, Veteran
    edited June 2018

    @Clouvider said:

    @WebProject said:
    its very easy to correct the issues and upgrade from B to A+ rating.

    On your little, simple web server, maybe.

    we are taking about HTTP server, right? in this case your comment is pointless as no difference if your web server serve 20k or 16b people! No difference what so ever, the drama is over!!!

  • angstromangstrom Moderator

    @Clouvider said:

    @WebProject said:
    its very easy to correct the issues and upgrade from B to A+ rating.

    On your average little, simple web server, maybe. Corporate ones might have different, legacy needs.

    Just to add that in my experience, a default installation of Apache on Ubuntu 18.04 with a LE certificate gives a B rating on ssllabs, so beyond this, you have to know what you're doing.

    And, yes, legacy deployments may have other constraints.

  • WebProject said: we are taking about HTTP server, right? in this case your comment is pointless as no difference if your web server serve 20k or 16b people! No difference what so ever, the drama is over!!!

    No difference to the web server... but consider there's someone who's responsible, a created process in case said person(s) get run over by a bus, a development cycle including more than one person.

    When it's just one person and a web server you don't have to think of these things.

  • WebProjectWebProject Host Rep, Veteran
    edited June 2018

    Clouvider said: Corporate ones might have different, legacy needs.

    you have added the above line, the legacy of having right to edit configuration files and if company is used cheap IT cowboys in past than you are right its different!

    No one stop the stages: develop/update --> test --> implement --> test again --> collect feedback (back to first one).

  • @WebProject said:

    Clouvider said: Corporate ones might have different, legacy needs.

    you have added the above line, the legacy of having right to edit configuration files and if company is used cheap IT cowboys in past than you are right its different!

    No one stop the stages: develop/update --> test --> implement --> test again --> collect feedback (back to first one).

    But I don't think that's the definition of 'easy'

    Thanked by 2angstrom Clouvider
  • jsgjsg Member, Resident Benchmarker

    @WebProject said:

    @Clouvider said:

    @WebProject said:
    its very easy to correct the issues and upgrade from B to A+ rating.

    On your little, simple web server, maybe.

    we are taking about HTTP server, right? in this case your comment is pointless as no difference if your web server serve 20k or 16b people! No difference what so ever, the drama is over!!!

    I think you misunderstood @Clouvider. "legacy" isn't about 20K or 16B people. It's about a few customers that are however important for the company and who for whatever weird reason need old ciphers, SSL2, etc. I have seen cases where e.g. some backwards government still had old regulations in place for some sectors.

    Thanked by 1Clouvider
  • angstromangstrom Moderator
    edited June 2018

    @jetchirag said:

    @WebProject said:

    Clouvider said: Corporate ones might have different, legacy needs.

    you have added the above line, the legacy of having right to edit configuration files and if company is used cheap IT cowboys in past than you are right its different!

    No one stop the stages: develop/update --> test --> implement --> test again --> collect feedback (back to first one).

    But I don't think that's the definition of 'easy'

    Indeed.

    No one is saying that it's so incredibly difficult, but unless the default installation of your web server already gives an A/A+ rating, you'll have to start modifying configuration files, in particular, the accepted ciphers and their precedence, in which case it's good to know what you're doing, not to mention that the stricter your web server becomes in this respect, the more browsers will be ruled out. On a legacy, production system, it may be acceptable to settle for a B or even C rating.

  • angstromangstrom Moderator

    @angstrom said:

    @jetchirag said:

    @WebProject said:

    Clouvider said: Corporate ones might have different, legacy needs.

    you have added the above line, the legacy of having right to edit configuration files and if company is used cheap IT cowboys in past than you are right its different!

    No one stop the stages: develop/update --> test --> implement --> test again --> collect feedback (back to first one).

    But I don't think that's the definition of 'easy'

    Indeed.

    No one is saying that it's so incredibly difficult, but unless the default installation of your web server already gives an A/A+ rating, you'll have to start modifying configuration files, in particular, the accepted ciphers and their precedence, in which it's good to know what you're doing, not to mention that the stricter your web server becomes in this respect, the more browsers will be ruled out. On a legacy, production system, it may be acceptable to settle for a B or even C rating.

    Just to keep things in perspective:

    • apple.com gets an A- rating
    • google.com gets an A rating (not A+)
    • microsoft.com gets a B rating
  • @angstrom

    MS knows that Internet Explorer is always waiting to haunt them, so to keep the beast calm it must enable legacy SSL options gasp

  • doghouchdoghouch Member
    edited June 2018

    @WebProject said:

    @Clouvider said:

    @WebProject said:
    its very easy to correct the issues and upgrade from B to A+ rating.

    On your little, simple web server, maybe.

    we are taking about HTTP server, right? in this case your comment is pointless as no difference if your web server serve 20k or 16b people! No difference what so ever, the drama is over!!!

    Your level of intelligence has decreased exponentially.

  • angstromangstrom Moderator

    @FlamesRunner said:
    @angstrom

    MS knows that Internet Explorer is always waiting to haunt them, so to keep the beast calm it must enable legacy SSL options gasp

    All things considered, MS is pretty good about backwards compatibility. :-)

    Thanked by 1FlamesRunner
  • saibalsaibal Member

    Thanked by 1MasonR
  • MasonRMasonR Community Contributor

    @saibal said:

    Not A+? Scam. I want my money back!

  • deankdeank Member, Troll

    LET should have F, not A. A is higher end.

  • angstromangstrom Moderator

    @MasonR said:

    @saibal said:

    Not A+? Scam. I want my money back!

    I had also checked the rating for lowendtalk.com and was (pleasantly) surprised that it got an A. :-) (I had expected around a B.)

  • ClouviderClouvider Member, Patron Provider

    @angstrom said:

    @MasonR said:

    @saibal said:

    Not A+? Scam. I want my money back!

    I had also checked the rating for lowendtalk.com and was (pleasantly) surprised that it got an A. :-) (I had expected around a B.)

    Yeah, but it’s not LETs rating. It’s Cloudflare’s. One would need to run it against the origin, as Cloudflare is MITM here and you run a session with CF not with the actual server.

    Thanked by 1angstrom
  • angstromangstrom Moderator

    @Clouvider said:

    @angstrom said:

    @MasonR said:

    @saibal said:

    Not A+? Scam. I want my money back!

    I had also checked the rating for lowendtalk.com and was (pleasantly) surprised that it got an A. :-) (I had expected around a B.)

    Yeah, but it’s not LETs rating. It’s Cloudflare’s. One would need to run it against the origin, as Cloudflare is MITM here and you run a session with CF not with the actual server.

    Ah, of course, I had forgotten about Cloudfare!

    So it's anyone's guess how the actual server for lowendtalk.com is rated.

  • raindog308raindog308 Administrator, Veteran

    jsg said: I think you misunderstood @Clouvider. "legacy" isn't about 20K or 16B people. It's about a few customers that are however important for the company and who for whatever weird reason need old ciphers, SSL2, etc.

    This. My employer works with every Global 500 (except our competitors) and a lot of business IT relationships are like a drowning swimmer's death embrace. You know how if you jump in after someone drowning they can take you down with them? Same thing on enterprise upgrades. You create these cool systems and customers integrate with them and build all these extensions on their side. You're happy because they're locked in hard to your systems. But then when you want to upgrade...you find you're locked into the same systems because customers have no incentive to want to change.

    I still manage crap that isn't Y2K-compliant. There's systems out there that integrate over telnet or rsh. It was not that many years ago that we finally got rid of 9-track tape because some governments still use it...

    In the consumer space, it's easier to get upgrades. Deep integrations between large organizations might as well be carved on tablets.

  • edited June 2018

    That test has some pretty strict stuff to get an A as I recall. Probably not necessary for most people. I wouldn't get too hung up on getting that gold star.

  • jackbjackb Member, Host Rep
    edited June 2018

    @WebProject said:

    @Clouvider said:

    @WebProject said:
    its very easy to correct the issues and upgrade from B to A+ rating.

    On your little, simple web server, maybe.

    we are taking about HTTP server, right? in this case your comment is pointless as no difference if your web server serve 20k or 16b people! No difference what so ever, the drama is over!!!

    Oh sweet summer host. Enterprise is old and full of terrors.

    Thanked by 1Aidan
Sign In or Register to comment.