This article provides a configuration for nginx that successfully passes SSL Labs tests with A or A+ mark (see below), and 100% score for all metrics (certificate, protocol support, key exchange, cipher strength).

Notes:

  • Key size must be at least 4096 bytes (for certbot, use certbot certonly --rsa-key-size 4096).
  • To get A+, HSTS must be enabled (add_header Strict-Transport-Security "max-age=63072000;" always;); to include the domain into the HSTS preload list, please see the submission requirements.
  • Contrary to what some other people say, OCSP stapling is not required to get all 100. If you need OCSP stapling, the correct configuration is ssl_trusted_certificate /etc/letsencrypt/domain/live/chain.pem; ssl_stapling on; ssl_stapling_verify on;, and it is desirable to invoke certbot with --must-staple command line option.
  • X-Frame-Options: DENY and X-Content-Type-Options: nosniff header are not required to get all 100.

Using Only Elliptic Curve Ephemeral Diffie-Hellman Key Exchange

No need to set up Diffe-Hellman parameters (dhparams.pem).

ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE:!AES128:!CAMELLIA128';
ssl_ecdh_curve secp384r1;

Notes:

  • For my system, ECDHE:!AES128:!CAMELLIA128 expands to ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA.
  • ECDHE-RSA-AES256-SHA (and ECDHE-ECDSA-AES256-SHA) is actually a TLSv1 cipher; however, if it is disabled, Android 5.0.0, Android 6.0, Firefox 31.3.0 ESR / Win 7, and IE 11 / Win Phone 8.1 will fail to connect (Server sent fatal alert: handshake_failure).

Using More Cipher Suites

ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE:DHE:!AES128:!CAMELLIA128:!SEED';
ssl_ecdh_curve secp384r1;
ssl_dhparam /etc/nginx/dhparams.pem;

Notes:

  • For my system, ECDHE:DHE:!AES128:!CAMELLIA128:!SEED expands to ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA.
  • See note about ECDHE-RSA-AES256-SHA (and ECDHE-ECDSA-AES256-SHA) above.
  • DHE-RSA-AES256-SHA, DHE-DSS-AES256-SHA, DHE-RSA-CAMELLIA256-SHA, and DHE-DSS-CAMELLIA256-SHA are SSLv3 ciphers; they can be safely disabled (i.e., ECDHE:DHE:!AES128:!CAMELLIA128:!SEED:!SSLv3).
  • Diffie-Hellman group size should be at least 4096 bits (dhparams.pem can be taken from here).

See also: SSL Labs SSL Server Rating Guide

Final notes:

  • Although both configurations are strong and secure, they are quite restricted: not all clients (for example, Android 4.x, IE 8-10 on Win 7, Java 7, Safari 6.0.4 on OS X 10.8.4) will be able to connect.
  • According to HTBridge, both configurations are PCI DSS compliant.
  • According to HTBridge, neither configuration follows HIPAA or NIST guidelines (both require TLSv1.1, and both object to ECDHE-RSA-CHACHA20-POLY1305, DHE-RSA-CHACHA20-POLY1305, DHE-RSA-AES256-CCM8, DHE-RSA-AES256-CCM, and DHE-RSA-CAMELLIA256-SHA cipher suites; also, both HIPAA and NIST guidelines require OCSP stapling).
How to Get Maximum Score in SSL Labs Test (nginx)
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *