Forum Discussion

Nimbostratus

Apr 26, 2014

SSLLabs A+, F5 LTM 11.4

We are testing a configuration to achieve an A+ grade on the SSLLabs.com server test. The "DEFAULT" ciphers is documented in sol13156 and sol13171. DEFAULT = NATIVE:!MD5:!EXPORT:!DES:!DHE:...

Nimbostratus

Apr 26, 2014

In rereading Jason's blog, I see that he was expiring HSTS one day before the certificate expires. I don't think that's really needed, unless you might have second thoughts on HTTPS, and want to remove your 301 redirect, and not buy a new SSL certificate. In that case, only, you'd want your HSTS rule to expire before the certificate. If you do that, SSLLabs won't give you an A+ if your cert is going to expire in less than 181 days. So the static max-age is really "required" to get and keep an A+.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSLLabs A+, F5 LTM 11.4

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Managing iRules configuration

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Problem with sending BotDefense logs to remote server

ASM/AWAF declarative policy

Related Content

SSL Ciphers (SSLLabs) Warning

Just Announced! Attend a lab and receive a Raspberry Pi

F5 Insight for ADSP - A Closer Look

Deploying the F5 AI Security Certified OpenShift Operator: A Validated Playbook

A Guide to Cohesive and Purpose-Built Security

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS