Getting an A rating on SSL labs with an SSL offloaded or Re-encrypted service on the LoadMaster is a simple procedure. Navigate to the virtual service then expand SSL properties, Disable SSLv3, TLS 1.0, and TLS 1.1 and then use the drop down list to select the best practices cipher set.
For those who want a bit tighter security you can adjust your settings as follows to get an A+ rating
Enable TLS 1.2 and TLS 1.3 only (This will still work with only TLS 1.2 enabled)
Enable require SNI hostname (Recommended)
Ensure that you have the proper intermediate certificates installed on the LoadMaster, adding the root cert may bring the following error in the SSL scan regarding the certificate chain “Contains anchor” However this should not stop you from getting an A+ rating.
Create and apply the following content rule to add the HSTS – Strict-Transport-Security Header as a “Request Rule” to the Virtual Service under
Advanced Properties -> HTTP Header Modifications
The rule can be created under Rules & Checking -> Content rules.
Rule Type: Add Header
Header Field to be Added: Strict-Transport-Security
Value of Header Field to be Added: max-age=31536000; includeSubDomains
For more information please see this link below.