How to get an A+ from Qualys SSLLabs on your Horizon UAG deployment.
So after a recent deployment of VMware’s Universal Access Gateway appliance (v3.3.0), it seems that out of the box, this appliance gets a B grade from SSLLABS.COM. Obviously you want to make sure you get an A rating from a security perspective so here are the steps we took to achieve an A+ rating on the Qualys SSL server test.
If you log into the AUG and go to Advanced System Settings, the first option you can change is the Honor Cipher Order. This selection by default will get you a B grade giving you the following warning message in the report.
Changing the Honor Cipher Order to YES will get rid of this Forward Secrecy grade cap.
The next issue is the weak cipher suites as noted in the grade cap below.
You can also change those in the UI right above Honor Cipher Order by pasting the following line. (be sure to remove line break)
If you follow these two steps on each of your UAGs in the environment, you will have successfully bumped your Qualys grade from a B to an A+.
Thanks to my client (you know who you are) who helped me to figure this out.