SSL Labs and Fortigate: Grade capped at B


This is annoying but I found the correct settings so you can use SSL Labs and actually get a score that isn’t capped at B because of AES 128 CBC ciphers!

It is very simple:

This turns off the ciphers that do not support DH and allows for Forward Security test phase to pass.

As soon as I did this and rerun the scan my firewalls returned A+ for their overall rating.