• 3
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

How to get a perfect score from SSLLabs?

As you can see at: https://www.ssllabs.com/ssltest/analyze.html?d=www.notfriendly.xyz&hideResults=on&clearCache=on my forum does have an A+ score but is lacking in Key Exchange and Chipher Strength. I am running the nginx webserver. What may I do to improve my score and achieve a more secure SSL/TLS Session?

ssl

Lacking in this context is obviously a very subjective statement: you obtained the highest possible score (A+) after all...

SSLLabs explains their scoring system in a document. It's an interesting read, but let's look at the two aspects you don't score 100% on.

Key Exchange

To score 100% on key exchange you need a key with a length > 2048 bits. 2048 bits keys like yours score 90%.

Cipher strength

The cipher strength score is the average of the score of the strongest cipher and the score of the weakest cipher your server is willing to support. To score 100% on this one, your server needs to support no cipher with less than 256 bits.

A special word of warning with respect to cipher strength: all ciphers you support are considered adequate (hence the high score), if you narrow down cipher selection to only the highest strengths this will negatively influence the performance of your server, and probably also the user experience.

Conclusion? Just as an exercise you could retune your server to obtain a 100% all over score, but for production this setup is among the best. Nice job!

  • 5
Reply Report

Trending Tags