Forum Discussion

Roy_Jee's avatar
Icon for Nimbostratus rankNimbostratus
Aug 27, 2019

Get A Grade on SSL LAB for VIP

HI ,

I am looking for Cipher string to get A grade on SSL lab for my VIP .Currently these are the ratings.Thanks in advance .



4 Replies

  • JG's avatar
    Icon for Cumulonimbus rankCumulonimbus

    Try this one:



  • Try this one which I found in a thread on the old devcentral:


    I also have the following options enabled in the SSL client profile: no SSLV3, no TLSv1, and no TLSv1.1.

    Here's how it comes out on SSL labs:

    I find that I can get similar results locally using nmap's nse script to enum-ssl-ciphers like so:

    PS C:\Users\user\nmap-7.70> .\nmap.exe -sV --script ssl-enum-ciphers -p 443
    Starting Nmap 7.70 ( ) at 2019-08-27 12:33 Eastern Daylight Time
    Nmap scan report for
    Host is up (0.00s latency).
    443/tcp open  ssl/http httpd
    | ssl-enum-ciphers:
    |   TLSv1.2:
    |     ciphers:
    |       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
    |       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
    |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
    |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
    |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
    |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
    |       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |     compressors:
    |       NULL
    |     cipher preference: server
    |_  least strength: A
    Service Info: OS: OS; CPE: cpe:/o:cpe
    Service detection performed. Please report any incorrect results at .
    Nmap done: 1 IP address (1 host up) scanned in 27.81 seconds

    It's nice to not be dependent on an external resource for a quick, repeatable check and also not forget to hide the results.

    Good luck!

    • Roy_Jee's avatar
      Icon for Nimbostratus rankNimbostratus

      Can u please suggest a cipher string for V 13.0 as grade has been changed but Weak Cipher s issue still persists .

      Here is the string :


      • Mark_Gallagher's avatar
        Icon for Altocumulus rankAltocumulus

        This works but I think you'll definitely see downlevel client failures: