Hi, Getting the highest score is not doable in the real life. It would need to : - disable all but TLS 1.2 (and forget more or less all current browsers) - use a >=4096 bits key (and thanks to your CPU power and bandwidth) etc...
The score is explained here : https://www.ssllabs.com/projects/rating-guide/index.html You cannot be top-score and real life compliant at the same time, you have to make some choices. Regards Le jeudi 20 juin 2013 18:20:02 shouldbe q931 a écrit : > Hi All, > > I had an itch, the itch was that I could get a better "score" on the > SSL LABS test with IIS 7.5 than I could with HAProxy terminating SSL > > With > ciphers RC4:HIGH:!aNULL:!MD5 > I would get > Certificate 100 > Protocol Support 90 > Key Exchange 80 > Cipher Strength 90 > > With IIS I could get > Certificate 100 > Protocol Support 90 > Key Exchange 90 > Cipher Strength 90 > > After much use of Google I have now changed to > ciphers RC4-SHA:AES128-SHA:AES256-SHA > and get > Certificate 100 > Protocol Support 90 > Key Exchange 90 > Cipher Strength 90 > > However I wonder if anyone else can either improve on the score, or > keep the same score while improving the number of Cipher Suites. > > Cheers > > Arne -- Guillaume Castagnino [email protected] / [email protected]
