How to get 100 points on SSL Labs

Hi All,

A bit about how to get 100 points in all 4 test from SSL Labs.

First:
You need to create RSA 4096 bits key for certificate. Not 2048, but 4096.

Second:
Only 256 bit ciphers and higher. No 128 bit or less.
You should ignore old devices that don’t support new technologies. Security is most important thing.

Third:
You should enable Strict Transport Security (HSTS). Please note, that you will not be able to access your site via HTTP after enabling this feature. So please don’t use HTTPS only for admin pages. Only for whole site!

Forth:
You can (yeah, not must) enable HSTS Preloading. After your site will be preloaded, even if you will be hacked and HSTS headers will be removed on server, you will be in safe. Browsers will use HTTPS instead of HTTP.

Leave a Reply

Your email address will not be published. Required fields are marked *

By submitting this form, you accept the Mollom privacy policy.