ssllabs A+ rating

Robert Paprocki rpaprocki at
Fri Nov 4 21:28:13 UTC 2016 is a
pretty decent write-up.

IME, you need to present an HSTS header, otherwise an A+ is never awarded
even with the strictest cipher suite and largest keys and DH primes.

To be frank though, achieving an A+ is not a very very worthwhile goal;
yes, setting up strong crypto is _very_ important, but what's more
important is understanding what you're configuring and why, not just
reading a guidebook.

May I also offer another tool for checking TLS configs:, if only to have another source for
verifying TLS configs (IMO, relying exclusively on one single opinion, e.g.
Qualsys, as THE authoritative source of truth for a 'proper' secure config
is dangerous).

On Fri, Nov 4, 2016 at 2:20 PM, Alex Samad <alex at> wrote:

> Hi
> Any one got a write up on how to get a A+ from this site.
> I can get a A and I have to support tls1.0 which might be dragging me down
> !
> _______________________________________________
> nginx mailing list
> nginx at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list