Initially, when tested with ssllabs, overall rating was given A+. Under Cipher suites it showed all the ciphers with CBC and TLS_RSA as weak. I know that these are considered weak.
# TLS 1.2 (suites in server-preferred order)
But when the below cipher suites are removed, the Grade is capped down to B.
The reason mentioned was "This server does not support Forward Secrecy with the reference browsers. Grade capped to B"
Why is it so?
When there are two suites (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (
0xc02f) ECDH secp256r1 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (
0xc030) ECDH secp256r1) which have Forward Secrecy has been implemented, why SSL Labs is stating that the server does not support forward secrecy?
Why the grade is capped down when weak ciphers (as mention by SSL labs) are removed?
Kindly let me know the reasons