Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

SSLLabs 100% A+ Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

SSLLabs 100% A+ Help

4pple5auc34pple5auc3 Member
edited April 2023 in Help

Right now I'm using:

ssl_ciphers 'ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256';

This gets me a 90% A score.

I want to get 100% on all 4 categories with an A+ rating.

Right now I am getting a 100% on Certificate & Protocol Support.
I am getting 90% on Key Exchange & Cipher Strength.

What ciphers do I need to use to achieve this?

I don't mind killing off access to super old devices. My target demographic is more tech savvy users who aren't going to be using outdated browsers and 10+ year old devices.

Should I just use these? https://ciphersuite.info/cs/?page=1&software=openssl&security=recommended

Can anyone shed some light on this?

Comments

  • bruh21bruh21 Member, Host Rep

    It doesn’t matter. You can get an A+ with most of the things being 80%. You just need TLS1.2 or better with pfs and HSTS with a decent duration.

    Thanked by 14pple5auc3
  • 4pple5auc34pple5auc3 Member

    Ok I get ya. I know this is pointless and probably overkill, but hypothetically if someone were to want 100% across the board, what ciphers would they use.

  • bruh21bruh21 Member, Host Rep
    edited April 2023

    @4pple5auc3
    Key exchange means you need a 4096 bit RSA key (or equivalent)
    Cipher strength is worthless to change. To get a 100, I think you need to use only 256 bit ones and no 128 bit ciphers. If you have only 128 bit you get 80%, if you have 128 and 256 you get 90%, and if you have only 256 you get 100%. It’s not worth changing.

    Thanked by 14pple5auc3
  • emgemg Veteran

    @bruh21 said: It’s not worth changing.

    That may be true, but sometimes the driving motivation may be a point of pride or a learning opportunity, even if it is not worth the extra effort.

    It is like eliminating unimportant compiler warnings in your code. It may not be necessary, but you may have other motivations for doing it.

    Thanked by 24pple5auc3 raindog308
  • NeoonNeoon Community Contributor, Veteran

    https://ssl-config.mozilla.org/

    Thanked by 44pple5auc3 yoursunny m4nu Xrmaddness
  • tjntjn Member

    This was my nginx snippet to get A+ on SSL labs:

      listen 443 ssl http2;
  server_name   example.com;

  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  ssl_protocols TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  ssl_ecdh_curve secp384r1;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_dhparam /etc/nginx/ssl/dhparam.pem;

  resolver 8.8.8.8 8.8.4.4 valid=300s;

    Combined with:
    openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 4096

    Thanked by 1mrTom
  • 4pple5auc34pple5auc3 Member 
    ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384;
ssl_ecdh_curve X448:X25519:secp521r1:secp384r1;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:30m;
ssl_session_tickets off;
ssl_buffer_size 8k;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;

    I now have 100% on ciphers, but still 90% on Key Exchange. Hmm.

    I made a new key using: openssl dhparam -out /etc/ssl/private/dhparams_4096.pem 4096

    Any ideas?

  • alt_alt_ Member

    Using Caddy server gives me an instant A+; I haven't had any of those issues.

    Thanked by 1yoursunny
  • 4pple5auc34pple5auc3 Member

    Think it might be X25519 causing 90% on key exchange since its 128bit.

  • 4pple5auc34pple5auc3 Member

    Yep, that was it, I have 100% on everything now for SSLLabs. Thanks everyone!

    ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384;
ssl_ecdh_curve secp521r1:secp384r1;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:30m;
ssl_session_tickets off;
ssl_buffer_size 8k;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;
  • inlandinland Member

    I do not recommend aiming for full 100% on SSL Labs. That encourages bad practices and might actually reduce your security.

    The big point in their test is that every cipher suite and hash algorithm has to be larger than 256-bit or equivalent. That raises a couple of issues.

    1. By design, it is IMPOSSIBLE get 100% with TLS 1.3! By disabling the TLS_AES_128_GCM_SHA256 cipher suite deemed "insecure" by SSL Labs, you are actually breaking the protocol specification. SSL Labs believes they are smarter than the authors of TLS 1.3 themselves, which is ridiculous.

    Unlike in TLS 1.2 and earlier versions, cipher suites for TLS 1.3 have been drastically reworked and it is now explicitly considered bad practice to touch them. Some libraries do not even expose methods to do so for that very reason. See how even nginx makes it harder for you? But you don't care because you copy-pasted a config from a random Indian site with half of the directives touching unrelated shit, see the green bars all the way to the right and call it a day.

    1. If you decide to use ECC certificates instead of RSA (which you should), you generally have four widely-supported options - NIST curves p256r1, p384r1 and p521r1 which are believed to be "backdoored" by the NSA due to the way they were generated (it is believed that for this reason they were not used in Bitcoin), and you have the X25519 scheme created by cryptographer Daniel Bernstein. Because X25519 falls a bit short of SSL Labs' arbitrary value, it leaves you with two options, p384r1 and p521r1 - the backdoored curves.

    So you basically you can either:

    • break TLS 1.3 and potentially reduce your security

    or

    • don't get full 100% on some random test nobody except you is going to see ever again

    SSL Labs is a good test in general, but their methodology is not that great anymore.

    Thanked by 6raindog308 bruh21 jar cxg namein mrTom
  • NewbieInTrainingNewbieInTraining Member

    https://en.wikipedia.org/wiki/Nothing-up-my-sleeve_number

  • raindog308raindog308 Administrator, Veteran

    The most important site on the Internet (LowEndTalk) only scores a B.

  • niknik Member, Host Rep

    It's a very bad idea to aim for A+. Check out all the big sites, Google scores a B for example.

Sign In or Register to comment.