Future Grade is not available in the API

[CKnoxy]

Looks like this field has been removed from the API return.?

#454

[bhushan5640]

Yes. Future grade was used only for these changes
https://blog.qualys.com/ssllabs/2017/01/18/ssl-labs-grading-changes-january-2017

For current grade changes, the future grade is not shown on UI as well as API.
https://blog.qualys.com/ssllabs/2018/02/02/forward-secrecy-authenticated-encryption-and-robot-grading-update

If there are many Grade changes at once. We will use the Future grade feature.
We may use it for SSL Labs grading version two
https://community.qualys.com/docs/DOC-6321-ssl-labs-grading-2018

[CKnoxy]

Why wouldn’t you just keep the Field always there and if there is no expected change just have it return the same value. We use this tool extensively and would like to get assurance that if there is a planned change such as the ones coming in 1st March this year we get sight of it via the api.

[bhushan5640]

Yes, we will use this field for further grade changes.

Basically, we have to calculate two grades for returning future grade. (current grade and future grade)
So If there are more changes coming we use future grade. Its not removed.

For fewer changes eg. F grade due to ROBOT vulnerability. It can be checked with the field "bleichenbacher" in the API. If vulnerable, the grade will be reduced to F as per announcement.
https://blog.qualys.com/ssllabs/2018/02/02/forward-secrecy-authenticated-encryption-and-robot-grading-update

Similarly "forwardSecrecy" field for grade downgrade to B grade. For AEAD you have parse ciphers returned in the API.
https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-docs-v3.md

[Paradox924X]

Is there a documentation page on these various flags and configurations that are associated with future grade changes? The API docs you reference above list the flags, but make no mention of what the impact to grade will be for each of these

For example, you mention F grade due to ROBOT vulnerability, and B grade due to forwardSecrecy field or lack of AEAD ciphers, but are those the only three future grade-impacting problems?

Even in the blog post you link above, there is a fourth change regarding treatment of Symantec certificates.

It seems more than a little unnecessary to require API users to parse each blog post and update their checks for future grade impacts on a flag-by-flag basis when SSLLabs is already doing the work to display these warnings in the UI-based scan, not to mention the seemingly ever-changing dates on when these issues will make it to the visible grade. We use SSLLabs as a valuable resource to check our certificate configuration, and protocols & ciphers posture against with a quick scan, and it doesn't make sense to build a variety of custom code to parse the myriad API results ourselves when scans by other parties would simply be done through the UI and show future results that would not be clearly and immediately represented in the API.

If futureGrade is planned to be used again, is there any potential timeline for when it will be reintroduced?