I am trying to get my SSLLabs score to 100% :-). I am now working on the key exchange score. The problem is that I cannot get it to 100%. I've read the PDF which tells my that my key lengths and DH parameters are smaller than 4096 bytes.
My results can be viewed here:
I am not quite an expert on encryption and I am just learning it on my root server, but what I read is that my private/public key is already 4096 bytes long.
Additionally, I have generated a new DH parameters file using
openssl dhparam -out /etc/ssl/private/dhparams_4096.pem 4096
and added the following line to my virtual host config file (Apache 2.4.18):
SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams_4096.pem"
What I also see is that some other certificates in the chain are 2048 bytes in size. What does that mean? There is some additional certificates listed and the path shows twice 2048 and 4096.
What am I doing wrong? :-)
Thanks for your support!