How to fix TLS v1.2 issues? (SSL Lab)

ssl apache2 mod-ssl

Solution 1:

The question is not entirely clear, but I'm assuming it boils down to guidance regarding configuration of appropriate TLS cipher suites, etc.

That is a question that is tricky to answer well as best practice continues to evolve over time, but I can point to some good resources:

  • Mozilla makes their own Server Side TLS configuration guidance public, accompanied with a configuration generator for many common services.
    What is particularly useful here is that not only do they have very clear configuration guidance for multiple levels of legacy compatibility, they also document their rationale behind these suggested configurations.

  • Qualys does not only provide their quite popular SSL Labs Server Test (which the question appears to have a screenshot from), but also documentation with TLS Deployment Best Practices.

I would say that the Qualys document goes broader with overall deployment considerations, while the Mozilla document is focused specifically on detailed configuration considerations. Both are worthwhile and complement each other, although I get the impression that the Mozilla guide is more directly aimed at what you are asking for.

Related

Is the network part of an IPv4 address unique? [closed]
Robocopy cannot find specific directory
Unable to access AWS EC2 Instance after move to new office
Cluster network name blank in SQL cluster node configuration (setup exit with “Error code 0x84C00001”)
Google Cloud disk multiple snapshot schedules
permission denied when using service account with Google scp command
Prove that $\frac{n^n}{3^n} < n! < \frac{n^n}{2^n} \forall n \geq 6 $
Smart way to solve octics like $x^8+5992704x-304129728=0$
Distance between a point and a closed set in metric space
A set is infinite iff it is equivalent to a proper subset of itself
Why $\frac{X+YZ}{\sqrt{1+Z^2}} \sim \mathcal{N}(0,1)$ if $X,Y,Z$ are i.i.d. $\mathcal{N}(0,1)$?
No group of order 10,000 is simple