search

ssllabs / ssllabs-scan

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.
https://www.ssllabs.com/projects/ssllabs-apis/
Apache License 2.0
1.69k stars 239 forks source link

SSL Grade showing B #633

Open gauravrishi168 opened 6 years ago

gauravrishi168 commented 6 years ago

Hi, We have a domain akamai-secure.paytm.in and as per suggestion how to upgrade from B to A followed and updated our configuration parameter i.e. tune.ssl.default-dh-param 2048 but this grade is showing B. Kindly look into the matter

Razerwire commented 6 years ago

You must be doing something wrong Ssllabs stil shows you're using 1024-bit Diffie-Hellman parameter.

naumanshah03 commented 6 years ago

As per the parameter you've used it seems that you're using HAProxy. Please read the documentation for that parameter here

I would recommend you to use this or with the help of OpenSSL create a new DHParam key and append it to your certificate.

You can follow this procedure (though it is for nginx server)

I hope this will resolve your issue.

PS: Always read documentation :)