How to get a Score of 100 on SSL labs
How to get the highest score/rating on SSL labs for cipher strength.
Strengthening the ciphers on a Virtual Service (VS) to give the highest score on SSL labs.
|Steps to Reproduce:|
The default settings on an SSL offloaded VS will give an "A" rating with a protocol strength of 100 and a cipher strength of 90 when using TLS 1.2/1.3 only and best practices cipher suite. See image below
By Adjusting the Cipher list it is possible to secure a 100 score for ciphers on SSL labs.
Please note that with security settings this high some older client Operating System's (OS's) and Applications may not be able to connect to the virtual service. As always balance security with availability for the service.
Go to "Certificates & Security -> Cipher Sets"
Filter by "Best Practices" cipher set
Remove ciphers from the current “Best Practices” cipher list until the following 5 are all that remains:
Then save as new cipher set as: "BestPracticesHIGH"
Then apply that cipher set to a virtual service that is offloaded/re-encrypted under SSL properties.
Then Deselect the three 128bit ciphers under TLS 1.3 settings
Now run the SSL labs test again and it should now have 100 as the score for Cipher Strength.
SSL Accelerated Service: