What Is the Endpoint Encryption Score?

The Endpoint Encryption Score measures your entity's adherence to Baseline Expectation's requirement that all entity (IdP and SP) service endpoints must be secured with current and trustworthy transport layer encryption.

A score of A or better indicates that the connection endpoints registered within your entity are protected with current and sufficiently strong transport layer encryption. A score of B or worse means there are serious vulnerabilities, and that you need to take action to remediate the defects. 

How does InCommon determine the score?

InCommon employs the SSL Encryption assessment methodology published in the SSL Labs SSL Server Rating Guide. The rating defined in this guide is also used in Qualys' SSL Labs SSL Server Test tool. It offers a convenient way for you to test your servers. 

We perform periodic, scheduled tests of all entities registered in the InCommon Federation. Each endpoint in your entity is measured independently. The score displayed on your entity page reflects the lowest score measured within that entity. For example, if your entity displays a B, that means all endpoints of that entity received a score of B or better.

The score you see above your entity page indicates the result from our most recent test. Because the testing does not happen in real time, the displayed score may not match the result you receive from a more recent test you've conducted.

To facilitate bulk testing,  we use the SSL testing tool (downloadable at https://testssl.sh/).

How do I find out why my server has a score of B (or worse)?

The Qualys' SSL Labs SSL Server Test tool provides detailed explanation of a server's test result. It also provides links to remediation options. We recommend testing your endpoints using that tool to find out more.

What does "N" mean ?

An "N" indicates that we have not been able to successfully complete at least one test of all endpoints in your entity. This may be due to a number of reasons. For example,

  • you added your entity after our most recent scheduled test;
  • we could not connect to your server during testing;
  • your server does not support transport layer encryption;
  • other system errors

What does "Not Available" mean?

"Not Available" means the entity has not been scanned.