About JeremyD

Has anyone had success getting past a B on ssllabs for the globalprotect web portal.   i have created the below ssl profile and bound it to the global protect portal. even though enc-algo-aes-128-cbc and enc-algo-aes-128-gcm are set to know, they still appear in the test   show shared ssl-tls-service-profile TestSSL TestSSL { protocol-settings { min-version tls1-2; max-version tls1-2; auth-algo-sha1 no; auth-algo-sha256 no; auth-algo-sha384 yes; enc-algo-3des no; enc-algo-aes-128-cbc no; enc-algo-aes-128-gcm no; enc-algo-aes-256-cbc yes; enc-algo-aes-256-gcm yes; enc-algo-rc4 no; keyxchg-algo-dhe yes; keyxchg-algo-ecdhe yes; keyxchg-algo-rsa no; } certificate "Wildcard 2020"; }   SSL Labs Report     # TLS 1.2 (suites in server-preferred order) TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)     WEAK256TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)     WEAK128TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)     WEAK256TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)     WEAK128TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)     WEAK128TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)     ECDH secp256r1 (eq. 3072 bits RSA)   FS       WEAK256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)     ECDH secp256r1 (eq. 3072 bits RSA)   FS       WEAK128 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)       ECDH secp256r1 (eq. 3072 bits RSA)   FS 256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)       ECDH secp256r1 (eq. 3072 bits RSA)   FS 128TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)     DH 2048 bits     FS       WEAK256TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)     DH 2048 bits     FS       WEAK128 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)       DH 2048 bits     FS 256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)       DH 2048 bits     FS 128     ... View more