See the overview of Strengthening TLS/SSL Settings for information about strong ciphers.
Click Devices > Access Gateways > Edit > Advanced Options.
Set the following advanced options:
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:MEDIUM:!LOW:!EXP:!SSLv2:!aNULL:!EDH:!ECDH:!ECDSA:!AESGCM:!eNULL:!NULL
While setting the cipher suite, ensure that the web server supports the cipher suite. For example, if Access Manager supports ECDH ciphers, but the web server does not support it, the connection fails.
You can configure SSLCipherSuite option as follows to get the A+ rating while validating with SSLLabs. However, this setting might affect performance.
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384