SSLLabs message: This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.
To fix it, you can increase the DHE key size to 2048 adding the registry key below:
- Open Registry Editor.
- Access the following registry location:
Update the following DWORD value to:
Using this setting you will have a AEAD cipher that is not classified as “weak” and SSLLabs will give you an A Grade.