Recently we have received a warning from CERT that our web server is not fully secured as per the report at www.ssllabs.com/ssltest. In spite of doing all necessary things the results still shows a rating of B. I'm getting frustrated at this as I've tried various recommended settings like updating the registry, updating the ciphers etc.
The result provided by Qualys test is as below:
Our Webserver environment is as follows:
Microsoft Windows 2012 R2 with IIS which is behind a Fortigate firewall and Fortiweb WAF.
Changes made on Fortiweb WAF as it controls the server communicatioins.
Please advise or suggest how to get A rating.