Hello, i just made a test via ssllabs.com. And i got a grade F for my SSL connection.
The issues are : This server supports insecure Diffie-Hellman (DH) key exchange parameters. Grade set to F. This server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F. This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. This server accepts the RC4 cipher, which is weak. Grade capped to B. My pound.cfg is this in the https section: ListenHTTPS HeadRemove "X-Forwarded-Proto" AddHeader "X-Forwarded-Proto: https" Address 0.0.0.0 Port 443 Cert "/etc/ssl/mydomain.com/mydomain.com.pem" Ciphers "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA"/"ALL:!SSLv2:!SSLv3" Service HeadRequire "Host: mydomain.com" Redirect "https://www.mydomain.com" End Service BackEnd Address 127.0.0.1 Port 6081 End End End Can anyone advise what i need to change to get a better rating and make it more secure? thanks, Daniel