SSL Cipher tweaking
Hi, To be honest i do not completely understand how the cipher string is constructed, but I normally use this one, that used to give me grade A on ssllabs: !LOW:!SSLv2:!SSLv3:!MD5:!RC4+SHA:!EXPORT:!DHE:ECDHE+AES:AES+SHA+RSA:@STRENGTH grade on ssllabs is quite important for me - not only I treat it as a good benchmark, but my client is freaking out when he sees anything else that juicy green. Today, I've noticed two things, that worried me a bit. One - my VSses are vulnerable to ROBOT (https://robotattack.org/) Two - This server does not support Authenticated encryption (AEAD) cipher suites I kinda work around number one, by adding "!RSA:" at the beginning of my cipher string (which I guess is not the most elegant solution...). Not sure what to do with the other. Any suggestions how should I construct my cipher, or perhaps utilize other solution to mitigate ROBOT (upgrade is out of the question, at least for now, so I guess getting rid of RSA key exchange needs to do the trick) and support AEAD? EDIT: I'm using 12.0