SSL Labs has posted a blog post outlining the updates they’ve made to their tool for 2014. I have used this opportunity to fix the last few browsers that weren’t getting forward secrecy when talking to this blog, as well as turning on HSTS and finally setting up a 301 redirect from http to https. For those who are curious here’s the TLS configuration for my nginx vhost:

add_header Strict-Transport-Security max-age=31536000;
ssl                  on;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_stapling on;
ssl_session_cache    shared:SSL:10m;
ssl_session_timeout  10m;
ssl_prefer_server_ciphers on;