Forum Discussion
NimbostratusUsing SSL Labs new update Feb 2018
Need to get a A This is reporting giving me a B 1. Grading change: Grading changes for ROBOT vulnerability, Forward secrecy and AEAD ciphers
Since SSL Labs has updated in Feb 2018
SSL Labs Changelog Document created by Ivan Ristić on Jul 21, 2016•Last modified by Bhushan Lokhande on Mar 5, 2018Version 32Like • Show 4 Likes4 Comment • 0 View in full screen mode Version 1.31.0 Released to production on 1 March 2018.
New Features 1. Grading change: Grading changes for ROBOT vulnerability, Forward secrecy and AEAD ciphers (blog post) 2. Grading change: Distrust Symantec certificates issued before June 2016 (blog post) 3. Handshake simulations update: Java 8, Googlebot and Edge 15 Added ROBOT chart in SSL Pulse charts Fixes SNI-only site should not be considered vulnerable to POODLE (519) Protocol-relative path redirect misinterpreted (521)
Had a question how to make a grade A. The 1st one is causing us to get a "B"
Stanislas_Piro2Cumulonimbus
Look at last comment from Kai in this thread
Additionally to Stanislas notes
https://support.f5.com/csp/article/K21905460
AEAD ciphers are ciphers that has next DHE/EDHE + AES in GCM mode
SSLlabs does not require to have AEAD ciphers only but at least one of them need to be in the list
Forward secrecy requires DHE/ECDHE ciphers. RSA key exchange need to be disabled. Be aware that RSA_ECDHE are not considered as RSA key exchange.
Mike_62127Edit your cipher suite in SSL profile with the following... guaranteed "A" on SSL labs.
!SSLv2:!RSA:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4
