[blowski]

I appreciate the information you've given, but such a list of acronyms is exactly why so many webservers are configured incorrectly. Why can't this be made easier? Maybe flags like "Modern Support Only" or "Legacy Browser Support".

[jlgaddis]

If you use the Mozilla SSL Configuration Generator [0], you can select "Modern", "Intermediate", or "Old", and end up with a cut-and-paste configuration snippet that'll best suit your specific needs.

[0]: https://mozilla.github.io/server-side-tls/ssl-config-generat...

[blowski]

That's really useful, thank you.

But my question still stands - why do nginx and Apache not provide the same settings as a configuration option?

[stouset]

Because what is implied by those terms changes over time, and minor changes can have major impacts on accessibility by older clients.