Security Sidebar: Improving Your SSL Labs Test Grade

Encrypt everything.  That's what Google Chairman Eric Schmidt recently said.  His comments were in response to various surveillance efforts that he considered government overreach and censorship.  Hi...
Published Dec 23, 2014
Version 1.0
LTM
qualys
security
security sidebar
series-security-sidebar
ssl
GeneUWG_150657's avatar
GeneUWG_150657
Icon for Nimbostratus rankNimbostratus
Mar 08, 2016
I am using the DEFAULT cipher suite on v12.0.0 HF1 yet get the following from SSL Labs, any suggestions? This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. These two notes were highlighted in the protocol details section: Forward SecrecyWeak key exchange WEAK DH public server param (Ys) reuse Yes And these were highlighted in the Cipher Suite section: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits FS WEAK128 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits FS WEAK256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 1024 bits FS WEAK128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits FS WEAK128 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 1024 bits FS WEAK112