Security Sidebar: Improving Your SSL Labs Test Grade
Encrypt everything. That's what Google Chairman Eric Schmidt recently said. His comments were in response to various surveillance efforts that he considered government overreach and censorship. Hi...
Published Dec 23, 2014
Version 1.0
MegaZone
SIRT
SIRTGeneUWG - Try "DEFAULT:!3DES:!DHE"
DHE keys are 1024 on BIG-IP and that's fixed. And 3DES, while technically 168bit, is only 112bit strength due to well known attacks. Plus now there is Sweet32 which attacks 64bit block ciphers - like DES/3DES.
I also recommend against using '@SPEED'. That sorts based on performance - but weaker ciphers are faster, so guess which are preferred. Right. So don't use it - or use @STRENGTH instead for the strongest cipher first.