Introduction
The team at Qualys (https://www.qualys.com/) have developed a very complex SSL Tester (https://www.ssllabs.com/) that enable administrators to asses and properly configure their SSL listeners.
On the other hand, the team at Mozilla published a detailed article (https://wiki.mozilla.org/Security/Server_Side_TLS) on SSL cipher suits and their compatibility with the plethora of Web browsers available on the Internet.
Mandatory requirement: run the latest version of the Axigen server.
Axigen Recommended SSL Cipher Suite List
Recommended SSL Cipher Suite to be configured in SSL Listeners tab:
SSL Listeners Recommended Configurations | |
---|---|
Allowed SSL Versions: | TLS1.0, TLS1.1, and TLS1.2 |
Use Cipher suite: | !AECDH:!ADH:!aNULL:!eNULL:!RC4:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!EDH:!EXPORT |
Prefer server's cipher suite order: | Checked |
Use Ephemeral Key: | Checked |
SSLLabs Result