I am trying to improve my SSL Labs security score but can't beat 85. I am running Apache 2.2.14 (from Ubuntu's package).
I get the following scores:
Protocol support 85
Key exchange 80
Cipher exchange 90
The test report shows:
This server is vulnerable to the BEAST attack.
Certificate Key RSA/4096 bits
Cipher Suites (sorted by strength; server has no preference)
I have the following in my server block:
# for more security (as recommended by SSL Labs)
SSLProtocol all -SSLv2
# Use only strong authentication and ciphers; prioritise RC4 to mitigate BEAST
Accoring to the scoring guide, I should be getting a 90 for the key exchange with 4096 bits. Also, it looks like the cipher order directive is not being detected for some reason. And the Beast non-mitigation statement seems to be invalid given the cipher string which follows the SSL Labs recommendation.
So, what am I doing wrong?