So – you like to get an A+ rating from SSLLABS? That’s the way you can configure BOMGAR. #
This are some good settings for «cipher suites» and their order in BOMGAR Remote Support and BOMGAR PAM /appliance SSL Tab. This settings work good with operating Systems Windows 7 or Server 2008 R2 and higher.
Allow only:
TLS v1.2 and
TLS v1.1
If you need still support for some older Vista Clients or Windows Server 2008 non R2, then you can allow TLS v1.0 additionaly, but ssllabs.com «Protocol Support» Rating will then be only at a 95% and not at the 100% level.
Allow only the following Ciphers and in this order under the bomgar yoursite/appliance settings.:
Cipher Suite supports: Windows10 Windows8.1 Windows7 Vista TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS1.2 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS1.0-1.2 TLS1.0-1.2 TLS1.0-1.2 TLS1.0 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS1.0-1.2 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS1.2 TLS1.2 TLS1.2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS1.2 TLS1.1 TLS1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS1.2 TLS1.1 TLS1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS1.2 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 TLS1.2 TLS1.2 TLS1.2 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 TLS1.2 TLS1.2 TLS1.2 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 TLS1.0-1.2 TLS1.0-1.2 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 TLS1.0-1.2 TLS1.0-1.2
To do the security test against your site please visit the following website: https://www.ssllabs.com/ssltest
Although i have thoroughly researched and tested the written with BOMGAR RS 17 and PAM 17 – MICRODYN DISCLAIMS ALL WARRANTIES!
Author: MICRODYN – R. Hahn / 17.2.2018
BOMGAR is a proprietary trademark of «BOMGAR Corporation».
Windows and Windows Vista are registered trademarks of Microsoft Corporation.
SSLLABS QUALSYS is a proprietary trademark of «Qualsys, Inc.»