Yesterday evening I was trying to get my A+ score even better. Currently I was having this score:
And offcourse, nerds as we are, I wanted to get the perfect score. With perfect I mean that all bars are 100% green. On my Technical Fellows whatsapp group we where challenging each other to get this working.
There are a couple of posts on the web showing how to score an A+, Citrix has this blog post covering that: https://www.citrix.com/blogs/2016/06/09/scoring-an-a-at-ssllabs-com-with-citrix-netscaler-2016-update/
But how to get the perfect score?
There are a couple of things you need to tweak:
1: Get yourself a 4K certificate; (100% Key Exchange)
2: Remove all 128bits ciphers; (100% Cipher Strength)
3: Remove DH key (DH Key is maxxed at 2048 bits); (100% Key Exchange)
4: Remove the ECC Curves 256 and lower;. (100% Key Exchange)
5: Uncheck all SSL protocols except TLS1.2. (100% Protocol Support)
This will give you this perfect score:
I even added a CAA dns record so I have CAA support. 🙂
Thanks Erik Bakker, Henry Heres and Ruud Huud.
