AnsweredAssumed Answered

How can I improve my SSL Labs security score?

Question asked by Thomas Browder on Aug 5, 2012
Latest reply on Sep 8, 2012 by Lloyd_Day

I am trying to improve my SSL Labs security score but can't beat 85.  I am running Apache 2.2.14 (from Ubuntu's package).

I get the following scores:


  Certificate              100

  Protocol support       85

  Key exchange          80

  Cipher exchange      90


The test report shows:


  This server is vulnerable to the BEAST attack.

  Certificate Key RSA/4096 bits

  Cipher Suites (sorted by strength; server has no preference)


I have the following in my server block:


  # for more security (as recommended by SSL Labs)

  SSLProtocol all -SSLv2

  SSLHonorCipherOrder On

  # Use only strong authentication and ciphers; prioritise RC4 to mitigate BEAST

  SSLCipherSuite RC4-SHA:HIGH:!ADH


Accoring to the scoring guide, I should be getting a 90 for the key exchange with 4096 bits.  Also, it looks like the cipher order directive is not being detected for some reason.  And the Beast non-mitigation statement seems to be invalid given the cipher string which follows the SSL Labs recommendation.


So, what am I doing wrong?




Best regards,