Why does my website show up as “B” in SSL Labs?

When I check my website with SSL Labs, I get the grade “B”. Is that bad? What does it mean?

In short, no, it is not bad: your visitors that use modern web browsers receive the same level of protection as when accessing websites graded “A” or better.

So why does this happen?

The key here is that we care about all your visitors and want to make sure that even those with legacy devices still could access your website. To achieve that, we enabled some legacy security protocols (cipher suites) on our shared hosting servers.

But we did that in a clever way: If you look into the detailed report, you’ll see in the list of cipher suites that the legacy cipher suites have lower priority than the modern ones. When a client establishes a secure connection with your website, their browser tries to use the most secure protocol first—that’s why modern browsers use the modern security protocols when accessing our servers.

If you look further down into the report, you’ll see a list of different browsers along with security protocols that they use when connecting to your website.

But all those insecure browsers are ancient! Nobody uses them! Why do you keep supporting it?

We analyzed access logs across our web servers, and the sad truth is that legacy software is still wildly in use all over the Internet. Yes, that breaks our hearts too, but we chose compatibility over the nice A++ rating, given that those settings do not compromise the security of our clients.

Can you turn off these legacy cipher suites just for my website?

Yes, of course. But for that you must upgrade to a VPS because this is a server-wide setting: unfortunately, on shared hosting plans, we cannot configure it per client.

Contact our support to find the best option for you.