
Server Side TLS - MrRadar
https://wiki.mozilla.org/Security/Server_Side_TLS
======
MrRadar
For context, Mozilla's TLS server configuration guide has been updated for the
first time in 2.5 years.[1] Here's a summary of the major changes:

\- TLS 1.3 has been recommended across the board.

\- The "Modern" configuration is TLS 1.3-only.

\- The "Intermediate" configuration is TLS 1.3 and 1.2-only.

\- The "Intermediate" configuration now only uses AEAD ciphersuites with PFS.
No more 3DES, CBC, SHA-1, or static RSA key exchange.

\- ECDSA certificates (using NIST P-256) are now recommended for the
"Intermediate" configuration (in addition to the "Modern" configuration).

\- Servers now respect the client's cipher preferences with the "Modern" and
"Intermediate" configurations as all enabled ciphers should provide sufficient
security. This allows clients without AES hardware acceleration to prefer
AES-128 or ChaCha20 over AES-256 and vice-versa.

\- The "Old" configuration drops SSLv3 and some uncommon ciphers (CAMELLIA,
SEED, DSS). This loses support for IE 6 on Windows XP, bumping the minimum up
to IE 8.

\- X25519 is now the recommended curve for key exchange (followed by NIST
P-256 and P-384). NIST P-521 is no longer recommended as it doesn't provide
any major security benefit over the other curves, has less widespread support,
and is slower.

[1] [https://github.com/mozilla/server-side-
tls/issues/178](https://github.com/mozilla/server-side-tls/issues/178)

