My (point-in-time) Advice
• Prefer forward secret authen,cated encryp,on with associated data
(AEAD) mode of opera,on ciphers (ChaCha20/Poly1305, AES-GCM…)
• If possible, explicitly declare server cipher suites (vs. wildcards):
– Key exchange (e.g. Ephemeral [email protected] Curve Diffie Hellman)
– Cer,ficate type (e.g., ECDSA or RSA)
– Symmetric cipher (e.g., ChaCha20, AES 128)
– Mode of opera,on (if block cipher, e.g. GCM)
– Message authen,cator construc,on or PRF (e.g., SHA256)