Hey @schoen! As posted on GitHub, there is indeed some interesting information on AES128 vs AES256: https://wiki.mozilla.org/Security/Server_Side_TLS#Prioritization_logic (“AES 128 is preferred to AES 256. There has been discussions on whether AES256 extra security was worth the cost, and the result is far from obvious. At the moment, AES128 is preferred, because it provides good security, is really fast, and seems to be more resistant to timing attacks.”)