That. I really appreciate being able to read the motivation behind chosen cipher set.
Furthermore, they have great config examples for nginx and others[1] -- it's pretty easy to forget/misconfigure things like Diffie-Hellman parameters, OCSP stapling and session caching.
Furthermore, they have great config examples for nginx and others[1] -- it's pretty easy to forget/misconfigure things like Diffie-Hellman parameters, OCSP stapling and session caching.
[1] https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx