TLS cipher order


I’m trying to achieve a 100% score in the website security test at

After enforcing TLS 1.2 I’m stuck at 97% due to this:

Cipher order

Your web server does not prefer ‘Good’ over ‘Sufficient’ over ‘Phase out’ ciphers (‘II’).

Technical details:

Web server IP address First found affected cipher pair
2606:4700:20::ac43:451b ECDHE-ECDSA-AES128-SHA

Indeed, ECDHE-ECDSA-AES256-GCM-SHA384 is ‘good’ and ECDHE-ECDSA-AES128-SHA is ‘sufficient’.

Can this be fixed?

Also see:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.