Excuse me if I'm not a crypto expert. I am trying to get this right and I am beating my head over this for the past week.
We have an OpenSSL-based web server (Wildcat!) and with all my cipher research, I tried a variety of ciphers, including the ones recommended by Qualys. I am getting B ratings with reported weak ciphers, naming the AES* needed for Chrome.. If I remove it, I get an A rating with the DH 2048 bits set at the server with forward secrecy, but Chrome no longer connects. Can't have that.
I have a customer with Wildcat! who is also using IIS server and it uses P521, P384, , P256 curves. He is satisfy with this IIS server getting B rating with no weakness and forward secrecy and 100% support for all browsers.
How can I match this with an OpenSSL-based web server? Can I resolve the issue with the Qualys recommended ciphers, even if its a B rating but with no weak ciphers and Chrome support?
Thank you for any guidance or tips you can provide.