September 28, 2015 in Classic self-hosted technical help
I added this to nginx:
And in my site, Chrome reports AES_128_GCM and ECDHE_RSA, just like in this site.
The issue is that ssllabs gives this site an A score, and my site gets a B score, apparently because the directive above has some weak ciphers.
Well, they say this: "This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B."
Any help to fix that?
Don't have nginx but you may be able to disable DH. There is some useful info here https://cipherli.st/
Woot @Ausy thanks.
Now I only need to figure out what's the thing in the blue box.
Don't worry about it, all current browsers/mobile can handle SNI (older browsers will have trouble with IPS anyway). It means your hosts is serving different SSL certs on the same IP. That wasn't possible until SNI came along.
For example I have autoitscript.com and autoitconsulting.com on the same IP with two different SSL certs. That uses SNI to work. Otherwise I would have to have two IP addresses and each site bound to a different IP.
The notification about SNI is just an FYI, browsers that aren't capable of handling it are IE6 / Windows XP era and aren't people whom you can realistically support. In most cases they won't even be able to use most of the ciphers available now days
I've install startssl in a cloudlinux server (server.it). and I don't have buy ssl cert. nor static ip. but cause of it also my domain don't have sni. so, xp user with iexplorer (or other user with old android mobile ecc) cannot access in my website.
I hope isn't a large percentage
This topic is now archived and is closed to further replies.
Started Thursday at 01:08 PM
Started 3 hours ago