Forum Discussion

Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Feb 07, 2017

HowTo: Getting an awesome Qualys SSL-Labs rating... (Feb 2017 Update)

Hi Folks, I've posted in August 2016 a Client SSL Profile configuration to achive a top notch Qualys SSL-Labs rating. HowTo: Getting an awesome Qualys SSL-Labs rating... https://devcentral.f5.c...
devops
LTM
security
Carlos_Alperin's avatar
Carlos_Alperin
Icon for Nimbostratus rankNimbostratus
Aug 28, 2019

The use Single DH didn't work for me still have "ECDH public server param reuse YES"

 

my crypto is

 

ECDHE-RSA-AES256-GCM-SHA384:!ECDHE+AES:!ECDHE+3DES:!RSA+3DES:!TLSv1_1:!TLSv1:!SSLv2:!SSLv3:!MD5:!EXPORT:!RC4

 

I have all 100% but key exchange

mshoaib's avatar
mshoaib
Icon for Cirrus rankCirrus
Jun 28, 2020

I have added the above Cipher string ( LTM 13.1.3.3 ) and got A on SSLLabs. But tmm --clientciphers shows only 1 Cipher :

[mshoaib@ca01lb11v:Active:In Sync] ~ # tmm --clientciphers 'ECDHE-RSA-AES256-GCM-SHA384:!ECDHE+AES:!ECDHE+3DES:!RSA+3DES:!TLSv1_1:!TLSv1:!SSLv2:!SSLv3:!MD5:!EXPORT:!RC4'
       ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX
 0: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM   SHA384  ECDHE_RSA

Isn't it too restrictive or I am not checking it correctly ?