AdGuardHome icon indicating copy to clipboard operation
AdGuardHome copied to clipboard

Published 20 hours ago verified publisher icon AdguardTeam

Fix #4925: SSL Lab result capped to B

Open ssrahul96 opened this issue 3 years ago • 2 comments

Issue https://github.com/AdguardTeam/AdGuardHome/issues/4925

The Cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA needs to be supported in order to pass Forward Secrecy test of SSL Labs

SSL Lab result after supporting this Cipher

image

Ref : https://www.namecheap.com/support/knowledgebase/article.aspx/9653/38/how-to-check-whether-the-server-supports-forward-secrecy/

This Cipher is allowed in d.adguard-dns.com as well, SSL Labs report : link

ssrahul96 avatar Sep 20 '22 15:09 ssrahul96

How much work for A+?

EDIT I know, it's just "cosmetics", but why not aim for it...

hnnweb avatar Sep 21 '22 06:09 hnnweb

How much work for A+?

EDIT I know, it's just "cosmetics", but why not aim for it...

I think we may need to add Strict-Transport-Security header

"cosmetics" ? may be! may not be! depends on perspective.

just made the changes for that as well https://github.com/AdguardTeam/AdGuardHome/pull/4941

ssrahul96 avatar Sep 22 '22 03:09 ssrahul96

reopening as https://github.com/AdguardTeam/AdGuardHome/pull/4990

ssrahul96 avatar Oct 04 '22 03:10 ssrahul96