Am Freitag, 21. August 2015, 10:34:46 schrieb Martin Owens:
On Fri, 2015-08-21 at 16:12 +0200, Tobias Ellinghaus wrote:
> > The SSL Labs report you link to gives an A grade and only A+ is
> > (usually requires HSTS and extra features for top score). The report
> > clearly state that suitable connections can be made with TLS 1.2,
> > and 1.0. Downgrade to SSLv3 is not possible which is also good.
> This is really strange, when I last checked a few days ago this was
> different. However, you are only providing DHE_RSA variants, which is
> potentially harmed by the latest Diffie Hellmann issues (your 2048 bit
> should be fine though). Could you maybe add some ECDHE_RSA?
Please try again now. The new set has taken our score down a notch, but
if it makes it work for more people I'm happy to keep a lower score.
Much better, even without ECDHE. Thanks.