ssllabs A+ rating

Alex Samad alex at
Fri Nov 4 22:57:43 UTC 2016


Agree on the blindly following. But its good to know how to get there
I also try this


tls/ssl compression is it worth it ? I have gzip setup, but I am guess
tls/ssl compression is over the top.

and know I have to read up about hsts and weather we need it or not :)

So at current $job we still need tls1.0 because our clients need it...

On 5 November 2016 at 08:28, Robert Paprocki
<rpaprocki at> wrote:
> is a pretty
> decent write-up.
> IME, you need to present an HSTS header, otherwise an A+ is never awarded
> even with the strictest cipher suite and largest keys and DH primes.
> To be frank though, achieving an A+ is not a very very worthwhile goal; yes,
> setting up strong crypto is _very_ important, but what's more important is
> understanding what you're configuring and why, not just reading a guidebook.
> May I also offer another tool for checking TLS configs:
>, if only to have another source for
> verifying TLS configs (IMO, relying exclusively on one single opinion, e.g.
> Qualsys, as THE authoritative source of truth for a 'proper' secure config
> is dangerous).
> On Fri, Nov 4, 2016 at 2:20 PM, Alex Samad <alex at> wrote:
>> Hi
>> Any one got a write up on how to get a A+ from this site.
>> I can get a A and I have to support tls1.0 which might be dragging me down
>> !
>> _______________________________________________
>> nginx mailing list
>> nginx at
> _______________________________________________
> nginx mailing list
> nginx at

More information about the nginx mailing list