We have two haproxy servers (redundancy) accepting HTTPS. Just tested the SSL security by using https://www.ssllabs.com/ssltest/. We get a B due to the following issues:
“This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.” More info at https://weakdh.org/
“This server accepts RC4 cipher, but only with older browsers. Grade capped to B.” More info at https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what
My question is: What do we need to do to fix this issues so that we can get an A?
Please note that we have tried what the suggestions on https://weakdh.org/sysadmin.html, but this broke our haproxy’s.
haproxy -v say:
HA-Proxy version 1.5.8 2014/10/31
Copyright 2000-2014 Willy Tarreau email@example.com