Forum Discussion

Rajesh_06_15705's avatar
Rajesh_06_15705
Icon for Nimbostratus rankNimbostratus
Oct 11, 2015

SSLlabs.com test capped to B

I am running 11.4.1 with HF9. My current SSL ciphers options are: !COMPAT:ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:ECDHE+3DES:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:3DES:!MD5:!EXP...
  • Hannes_Rapp_162's avatar
    Oct 12, 2015

    Both A and A+ are possible on 11.4.1. You're losing some score because of 1028 bit key, but also 128bit SSL ciphers reduce your score a little. In regards to key strength, you can't do much unless you're willing to renew the certificate immediately. When the time comes, generate a new CSR based on a 4096 bit private key, and request a new certificate as your current one is coming closer to expiration. This is not urgent and can wait.

     

    More information on SSL labs grading:

     

    https://devcentral.f5.com/articles/security-sidebar-improving-your-ssl-labs-test-grade