Help(!) I have installed a UAG (Unified Access Gateway) and from Qualsys SSLLabs I get a Class B rating

Welcome back, and you might be reading this post because from interest perspective, or from a getting a Class R rating from Qualsys SSLLabs.

It is always best practice to check your Internet Facing products for Security / Certificate issues.

You can do this from this site:SSLLabs 

I have noticed that when installing a default UAG and not altering any settings you might get an B rating:

I’m hearing you saying : I don’t want to have a B rating, I want to have an A rating! How to fix this?

Well, that’s quite easy, but there are some things to consider : SSL&TLS Best Practices

When you go to your VMware UAG Appliance, you go to Advances Settings -> System Configuration:

And then Enable “Honor Cipher Order” (set is to YES)

And change the Cipher Suites from standard :  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA

to

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

And when you click Save and to the check again on SSLLabs, you should get a A-Rating:

Happy Securing your UAG!