
Perhaps you no longer want to force a server-preferred TLS cipher order - citrin_ru
https://utcc.utoronto.ca/~cks/space/blog/tech/TLSServerCipherPriority
======
arkadiyt
There was a neat twitter thread about this here:
[https://twitter.com/agl__/status/1085648851594137610](https://twitter.com/agl__/status/1085648851594137610)

The tldr is:

\- BoringSSL supports an option called EqualPreferenceGroups. This lets you
create groups of ciphers (say, AES GCM for desktop computers and some ChaCha
option for mobile devices), and the server will select the client's preferred
cipher from the server's 1st preferred group, then the 2nd group, and so on.
This lets you get the best of both worlds.

\- OpenSSL felt this was a bit too complicated so they added a
`SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE` option to handle the common case. The
way it works is: if and only if the client specifies ChaCha as their first
preference, and server cipher priority is used, and the server specifies
SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE, then reprioritize ChaCha above everything
else.

