AnsweredAssumed Answered

How can I improve my SSL Labs security score?

Question asked by Thomas Browder on Aug 5, 2012
Latest reply on Sep 8, 2012 by Lloyd_Day

I am trying to improve my SSL Labs security score but can't beat 85.  I am running Apache 2.2.14 (from Ubuntu's package).


I get the following scores:

 

  Certificate              100

  Protocol support       85

  Key exchange          80

  Cipher exchange      90

 

The test report shows:

 

  This server is vulnerable to the BEAST attack.

  Certificate Key RSA/4096 bits

  Cipher Suites (sorted by strength; server has no preference)

 

I have the following in my server block:

 

  # for more security (as recommended by SSL Labs)

  SSLProtocol all -SSLv2

  SSLHonorCipherOrder On

  # Use only strong authentication and ciphers; prioritise RC4 to mitigate BEAST

  SSLCipherSuite RC4-SHA:HIGH:!ADH

 

Accoring to the scoring guide, I should be getting a 90 for the key exchange with 4096 bits.  Also, it looks like the cipher order directive is not being detected for some reason.  And the Beast non-mitigation statement seems to be invalid given the cipher string which follows the SSL Labs recommendation.

 

So, what am I doing wrong?

 

Thanks.

 

Best regards,

 

-Tom

Outcomes