A-grade SSL Listeners

Advanced Configuration of Axigen

Introduction

The team at Qualys (https://www.qualys.com/) have developed a very complex SSL Tester (https://www.ssllabs.com/) that enable administrators to asses and properly configure their SSL listeners.

On the other hand, the team at Mozilla published a detailed article (https://wiki.mozilla.org/Security/Server_Side_TLS) on SSL cipher suits and their compatibility with the plethora of Web browsers available on the Internet.

Mandatory requirement: run the latest version of the Axigen server.

Axigen Recommended SSL Cipher Suite List

Recommended SSL Cipher Suite to be configured in SSL Listeners tab:

SSL Listeners Recommended Configurations

Allowed SSL Versions:

TLS1.1, TLS1.2, and TLS1.3

Use Cipher suite:

!AECDH:!ADH:!aNULL:!eNULL:!RC4:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!EDH:!EXPORT

Prefer server's cipher suite order:

Checked

Use Ephemeral Key:

Checked

SSLLabs Result