Re: RFC 7465 - Prohibiting RC4 Cipher Suites
>>You're breaking the standard if you still offer RC4 in your client, or use RC4 on your server.
It's not a standard (yet) ITEF haven't adopted it as a standard as yet, it's still at proposed status.
>>All sites should achieve at least an A grade with https://www.ssllabs.com, an A+ grade is the goal. If you get less than an A you're doing something wrong.
While it's obviously nice to get an A+ there's many reasons that may prevent you getting an A, for example if your sever only supports TLS1.1 (regardless of whether it is vulnerable to POODLE v2) or if your server cert has an SHA-1 signature (despite PRF has no known vulnerability with SHA-1).
Rather than just getting a "tick in the box" it's better to understand what the impacts of perceived issues are, and what A really means, there's plenty of sites with A that are less secure than those with B, because of the nature of their sign-on, and the fact that there are no practical exploits for some of the issues that end up capping you with a B.
In other words, properly implemented servers that get B ratings can be more secure than badly implemented A rated servers.