swjo_264656
Aug 23, 2017Cirrostratus
Getting an awesome Qualys SSL-Labs rating
Hi guys
I have to work to get A or A+ grade by test SSL-Labs.
I`ve examine this Article but not clear.
Question 1. by adjusting ciphers
!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4
Win XP / IE8 user would be reject, is there any possible method using 3DES and get over A grade?
Question 2. regarding ECDH public server param reuse : Yes
It seems that there are two solutions. 1) Client SSL profile --> option list --> Single DH use
2) set i-Rule
when HTTP_RESPONSE { HTTP::header insert "Strict-Transport-Security" "max-age=15552000" }
which one is more effective to solve ECDH public server param reuse?
thank you.