There is a Mozilla websites that maintains a reference guide for navigating the TLS landscape, as well as a configuration generator to assist system administrators.
Mozilla maintains three (3) recommended confiruations for servers using TLS.
- Modern - modern clients that support TLS 1.3, with no need for backwards compatibility
- Intermediate - recommended confiruation for a general-purpose server
- Old - services accessed by very old clients or libraries, such as Internet Explorer 8 (windows XP), Java 6, or Open SSL 0.9.8
Mozilla SSL Configuration Generator |
Links: