Forum Discussion
Surgeon
Mar 12, 2018Ret. Employee
Additionally to Stanislas notes
https://support.f5.com/csp/article/K21905460
AEAD ciphers are ciphers that has next DHE/EDHE + AES in GCM mode
SSLlabs does not require to have AEAD ciphers only but at least one of them need to be in the list
Forward secrecy requires DHE/ECDHE ciphers. RSA key exchange need to be disabled. Be aware that RSA_ECDHE are not considered as RSA key exchange.