From d138d9ef22f2443bb74f9495ab2c28d9b24d2c87 Mon Sep 17 00:00:00 2001
From: April King <april@mozilla.com>
Date: Thu, 27 Jun 2019 15:24:18 -0500
Subject: Tentatively reordering some ciphers

---
 config/server-side-tls-conf-5.0.json | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

(limited to 'config')

diff --git a/config/server-side-tls-conf-5.0.json b/config/server-side-tls-conf-5.0.json
index d8e4062..020c90b 100644
--- a/config/server-side-tls-conf-5.0.json
+++ b/config/server-side-tls-conf-5.0.json
@@ -4,8 +4,8 @@
         "modern": {
             "openssl_ciphers": [],
             "openssl_ciphersuites": [
-                "TLS_AES_256_GCM_SHA384",
                 "TLS_AES_128_GCM_SHA256",
+                "TLS_AES_256_GCM_SHA384",
                 "TLS_CHACHA20_POLY1305_SHA256"
             ],
             "tls_versions": ["TLSv1.3"],
@@ -24,18 +24,18 @@
         },
         "intermediate": {
             "openssl_ciphers": [
-                "ECDHE-ECDSA-AES256-GCM-SHA384",
-                "ECDHE-RSA-AES256-GCM-SHA384",
                 "ECDHE-ECDSA-AES128-GCM-SHA256",
                 "ECDHE-RSA-AES128-GCM-SHA256",
+                "ECDHE-ECDSA-AES256-GCM-SHA384",
+                "ECDHE-RSA-AES256-GCM-SHA384",
                 "ECDHE-ECDSA-CHACHA20-POLY1305",
                 "ECDHE-RSA-CHACHA20-POLY1305",
-                "DHE-RSA-AES256-GCM-SHA384",
-                "DHE-RSA-AES128-GCM-SHA256"
+                "DHE-RSA-AES128-GCM-SHA256",
+                "DHE-RSA-AES256-GCM-SHA384"
             ],
             "openssl_ciphersuites": [
-                "TLS_AES_256_GCM_SHA384",
                 "TLS_AES_128_GCM_SHA256",
+                "TLS_AES_256_GCM_SHA384",
                 "TLS_CHACHA20_POLY1305_SHA256"
             ],
             "tls_versions": ["TLSv1.2", "TLSv1.3"],
@@ -49,22 +49,22 @@
             "hsts_min_age": 63072000,
             "oldest_clients": ["Firefox 27", "Android 4.4.2", "Chrome 31", "Edge", "IE 11 on Windows 7", "Java 8u31", "OpenSSL 1.0.1", "Opera 20", "Safari 9"],
             "ocsp_staple": true,
-            "server_preferred_order": true,
+            "server_preferred_order": false,
             "maximum_certificate_lifespan": 730
         },
         "old": {
             "openssl_ciphers": [
-                "ECDHE-ECDSA-AES256-GCM-SHA384",
-                "ECDHE-RSA-AES256-GCM-SHA384",
                 "ECDHE-ECDSA-AES128-GCM-SHA256",
                 "ECDHE-RSA-AES128-GCM-SHA256",
+                "ECDHE-ECDSA-AES256-GCM-SHA384",
+                "ECDHE-RSA-AES256-GCM-SHA384",
                 "ECDHE-ECDSA-CHACHA20-POLY1305",
                 "ECDHE-RSA-CHACHA20-POLY1305",
-                "DHE-RSA-AES256-GCM-SHA384",
                 "DHE-RSA-AES128-GCM-SHA256",
+                "DHE-RSA-AES256-GCM-SHA384",
                 "DHE-RSA-CHACHA20-POLY1305",
-                "DHE-DSS-AES256-GCM-SHA384",
                 "DHE-DSS-AES128-GCM-SHA256",
+                "DHE-DSS-AES256-GCM-SHA384",
                 "ECDHE-ECDSA-AES128-SHA256",
                 "ECDHE-RSA-AES128-SHA256",
                 "ECDHE-ECDSA-AES128-SHA",
@@ -120,8 +120,8 @@
                 "SEED-SHA"
             ],
             "openssl_ciphersuites": [
-                "TLS_AES_256_GCM_SHA384",
                 "TLS_AES_128_GCM_SHA256",
+                "TLS_AES_256_GCM_SHA384",
                 "TLS_CHACHA20_POLY1305_SHA256"
             ],
             "tls_versions": ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"],
-- 
cgit v1.2.3