

TLS Landscape - Tsiolkovsky
https://securityblog.redhat.com/2014/09/10/tls-landscape/

======
higherpurpose
Should use ChaCha20-Poly1305 instead of AES-GCM. It's several times faster in
software (important for the 98+ percent low-performance non-ARMv8 mobile
devices out there).

[https://www.imperialviolet.org/2013/10/07/chacha20.html](https://www.imperialviolet.org/2013/10/07/chacha20.html)

As for the PFS ciphers, unfortunately they must use the "unsafe" (and slow)
P-256 curve, until more browsers adopt Curve25519.

