How to get “A” Rating on Qualys SSL Labs Test

That blog is hosted on an Amazon EC2 Instance, running Windows 2012 R2 Server.  And our SSL certificated is provided by Let’s Encrypt.

Starting from that default configuration, we ran the SSL test, and we got a B note.  We wanted to get the “A” Rating, and these are the 2 major warning we had to solve.

  • “This server supports weak Diffie-Hellman (DH) key exchange parameters”
  • “This server accepts RC4 cipher, but only with older protocols”

Solution

We were able to fix these issues with some simple registry tweaks that we describe in these articles

Then, after we ran these steps, we now have our A Grade!

Now, if you want an even better grade, you can continue to solve these little warnings that the SSLLabs test can give you.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.