Security Sidebar: Improving Your SSL Labs Test Grade
Encrypt everything. That's what Google Chairman Eric Schmidt recently said. His comments were in response to various surveillance efforts that he considered government overreach and censorship. Hi...
Published Dec 23, 2014
Version 1.0
Here's a profile configuration that received an A+ grade recently:
ltm profile client-ssl {
app-service none
cert-key-chain { default { cert default.crt key default.key } }
ciphers !LOW:!SSLv3:!MD5:!RC4-SHA:!EXPORT:!DHE:ECDHE+AES-GCM:DHE+AES-GCM:ECDHE+AES:ECDHE-RSA-DES-CBC3-SHA:DHE+AES:AES-GCM+RSA:RSA+AES:RSA+3DES:@SPEED
defaults-from clientssl
inherit-certkeychain false
}
ltm policy {
controls { asm forwarding }
requires { http }
rules { default { actions { 0 {
http-header
response
insert
name Strict-Transport-Security
value max-age=15552000
} }
ordinal 0
} }
strategy first-match