With the new nginx version came the support for HTTP/2, and as an experiment, I tried reaching 100/100/100/100 on the test on a dev server. I was able to do so with the following:
ssl_protocols TLSv1.2; ssl_ciphers ECDH+AESGCM256:DH+AESGCM256:ECDH+AES256:SH+AES256:RSA+AESGCM256:RSA+AES256:!aNULL:!MD5:!kEDH;
The only issue seems to be, that all ciphers that reach 100 on the test are rejected by Chrome with the error "ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY" when the next negotiated protocol is HTTP/2. Further research revealed that the HTTP/2 specification has a list of blacklisted ciphers: Hypertext Transfer Protocol Version 2 (HTTP/2)
While I don't have any issues running the recommended cipher list for nginx with HTTP/2, that only gets a score of 90 for the cipher strength.
For the sake of the experiment, is there a cipher that's not on the HTTP/2 blacklist and scores 100?
Thanks in advance.