I have been trying to apply the logic from the rating guide to some results to better understand the logic and have confused myself. I took a result - SSL Server Test: techno-pedia.com (Powered by Qualys SSL Labs) - and tried to understand how the values for the criteria were derived.
The site is awarded 95/100 for protocol support. (100 (for TLS 1.2) + 90 (for TLS 1.0))/2. = 95
The site is awarded 90/100. 2048 bit key and not using weak key.
|Key||RSA 2048 bits (e 65537)|
|Weak key (Debian)||No|
The site is awarded 90/100 for cipher strength. The strongest in the list (# TLS 1.2 (suites in server-preferred order)) is 256 and the weakest is 112. So by the rating guide it should be (100 (for 256 bit) + 20 (for 112 bit))/2 = 60.
Am I misunderstanding how the Cipher Strength is computed? Is the calculation I am using for the protocol support and key exchange correct?