Mozilla maintains three recommended configurations for servers using TLS. Pick the correct configuration depending on your audience:
- Modern: Modern clients that support TLS 1.3, with no need for
- Intermediate: Recommended configuration for a general-purpose server
- Old: Services accessed by very old clients or libraries, such as
Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8
The ordering of cipher suites in the Intermediate and Old configurations is very important, as it determines the priority with which algorithms are selected.
OpenSSL will ignore cipher suites it doesn't understand, so always use the full set of cipher suites below, in their recommended order. The use of the Old configuration with modern versions of OpenSSL may require custom builds with support for deprecated ciphers.