Has anyone had success getting past a B on ssllabs for the globalprotect web portal
# TLS 1.2 (suites in server-preferred order)
|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK||256|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK
When i disable Weak cipher suite i got this error please suggest
Seems your SSL/TLS profile uses a cert and that cert might be using these ciphers when you disable weak ciphers.
I tested this on my PA and did the commit and no issues.
Please check Ciphers used the certificate for SSL/TLS profile.
You can disable the weak ciphers w/ CLI commands. This Reddit thread has a good walk-through. When I followed it, I got up to an A- on the SSLLabs evaluation.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!