I have been using the Qualys SSL Labs SSL Server Test <https://www.ssllabs.com/ssltest/index.html> to test my SSL implementation. It scores an SSL server using the criteria located in the SSL Server Rating Guide <https://www.ssllabs.com/projects/rating-guide/index.html>. I'm trying to make the SSL as secure as possible. I have a 4096 bit certificate. My server currently gets an A+ rating because I have enabled HTTP Strict Transport Security (HSTS) with long duration. (More info on correctly configuring SSL can be found here <https://www.ssllabs.com/projects/documentation/index.html>.)
What I am trying to do is get the *Key Exchange* and *Cipher Strength* scores to be 100 percent. I already have a 100 percent grade for the *Certificate* and* Protocol Support* scores. I have no idea how to fix the *Key Exchange* score, so I need help with that. I have been trying to change the *Cipher Strength* score by playing with different variations of *SSLCipherSuite*. This is my current setting for *SSLCipherSuite*: SSLCipherSuite ECHD:!aNULL:!NULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4 It says in the Apache manual under *SSLCipherSuite* that MEDIUM is "all ciphers with 128 bit encryption." However, when I have set !MEDIUM (as shown above) it does not remove the 128bit ciphers as they are still listed in the test results. I have tried various settings but cannot seem to remove the 128 bit ciphers.I also tried -MEDIUM but that did not work either. Thanks in advance for any help you can give, Tea
