Am Freitag, 21. August 2015, 10:34:46 schrieb Martin Owens:
On Fri, 2015-08-21 at 16:12 +0200, Tobias Ellinghaus wrote:
The SSL Labs report you link to gives an A grade and only A+ is
better
(usually requires HSTS and extra features for top score). The report clearly state that suitable connections can be made with TLS 1.2,
1.1
and 1.0. Downgrade to SSLv3 is not possible which is also good.
This is really strange, when I last checked a few days ago this was definitely different. However, you are only providing DHE_RSA variants, which is potentially harmed by the latest Diffie Hellmann issues (your 2048 bit key should be fine though). Could you maybe add some ECDHE_RSA?
Please try again now. The new set has taken our score down a notch, but if it makes it work for more people I'm happy to keep a lower score.
Much better, even without ECDHE. Thanks.
Martin,
Tobias