Security Sidebar: Improving Your SSL Labs Test Grade
Published Dec 23, 2014
Version 1.0Was this article helpful?
Here's a profile configuration that received an A+ grade recently:
ltm profile client-ssl {
app-service none
cert-key-chain { default { cert default.crt key default.key } }
ciphers !LOW:!SSLv3:!MD5:!RC4-SHA:!EXPORT:!DHE:ECDHE+AES-GCM:DHE+AES-GCM:ECDHE+AES:ECDHE-RSA-DES-CBC3-SHA:DHE+AES:AES-GCM+RSA:RSA+AES:RSA+3DES:@SPEED
defaults-from clientssl
inherit-certkeychain false
}
ltm policy {
controls { asm forwarding }
requires { http }
rules { default { actions { 0 {
http-header
response
insert
name Strict-Transport-Security
value max-age=15552000
} }
ordinal 0
} }
strategy first-match