A-grade SSL Listeners

Advanced Configuration of Axigen

Introduction

The team at Qualys (https://www.qualys.com/) have developed a very complex SSL Tester (https://www.ssllabs.com/) that enable administrators to asses and properly configure their SSL listeners.

On the other hand, the team at Mozilla published a detailed article (https://wiki.mozilla.org/Security/Server_Side_TLS) on SSL cipher suits and their compatibility with the plethora of Web browsers available on the Internet.

Mandatory requirement: run the latest version of the Axigen server.

Axigen Recommended SSL Cipher Suite List

Recommended SSL Cipher Suite to be configured in SSL Listeners tab:

SSL Listeners Recommended Configurations
Allowed SSL Versions: TLS1.0, TLS1.1, and TLS1.2
Use Cipher suite: !AECDH:!ADH:!aNULL:!eNULL:!RC4:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!EDH:!EXPORT
Prefer server's cipher suite order: Checked
Use Ephemeral Key: Checked

SSLLabs Result