I'm in the process of redoing the SSL/Security on some of my IIS web servers and had a question about Chrome. My website is currently getting a score of A from Qualy's, however Google Chrome specifically gives me this:
An example website that Google is happy with is this:
From what I understand, Google will always give you an obsolete cipher if you aren't using the most modern cryptography possible. Specifically, I don't think they like any of the CBC ciphers and they want you to be on the GCM Ciphers. At least with Server 2012, the only GCM ciphers that I have are these:
Now I know that I can't use the top group without an ECC/EV Certificate, but it won't negotiate at the bottom ones either even if I put them at the top of the Cipher list.
I guess the short version of my question is basically is possible to make Google happy without an EV/ECC SSL Certificate?