ssllabs A+ rating

Robert Paprocki rpaprocki at fearnothingproductions.net
Fri Nov 4 21:28:13 UTC 2016


https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html is a
pretty decent write-up.

IME, you need to present an HSTS header, otherwise an A+ is never awarded
even with the strictest cipher suite and largest keys and DH primes.

To be frank though, achieving an A+ is not a very very worthwhile goal;
yes, setting up strong crypto is _very_ important, but what's more
important is understanding what you're configuring and why, not just
reading a guidebook.

May I also offer another tool for checking TLS configs:
https://github.com/rbsec/sslscan, if only to have another source for
verifying TLS configs (IMO, relying exclusively on one single opinion, e.g.
Qualsys, as THE authoritative source of truth for a 'proper' secure config
is dangerous).

On Fri, Nov 4, 2016 at 2:20 PM, Alex Samad <alex at samad.com.au> wrote:

> Hi
>
> Any one got a write up on how to get a A+ from this site.
>
> I can get a A and I have to support tls1.0 which might be dragging me down
> !
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20161104/006ebc6e/attachment.html>


More information about the nginx mailing list