Tls

Configuring TLS ciphers used to involve copying a magic list from Mozilla SSL Configurator and moving on. In 2026 the landscape has shifted enough that revisiting is worth it. What changed TLS 1.3 is now supported by 95%+ of clients. Serving TLS 1.0 or 1.1 is an active liability. OpenSSL 3.x became the default on most modern distros. Some older ciphers are simply gone. Post-quantum hybrid key exchange (X25519-Kyber768) started rolling out in Chrome and Firefox. Perfect Forward Secrecy is universally expected. No more RSA key exchange. Recommended nginx config ssl_protocols TLSv1.2 TLSv1.3; # TLS 1.3 cipher suites (nginx picks automatically) ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256'; ssl_prefer_server_ciphers off; ssl_ecdh_curve X25519:secp521r1:secp384r1; ssl_prefer_server_ciphers off is correct for modern deployments — clients know better than servers which ciphers perform well on their hardware. ...