D to B - that’s good - going in the right direction
Personally I would, yes.
It’s worth using the Mozilla link above to determine which ciphers etc are good for you.
One to be careful with though is
Header always set Strict-Transport-Security “max-age=15768000”
especially if including options like subdomains. Basically it’s forcing your users to always use HTTPS ( which is a good thing ), but only once you have tested and made sure everything is working, otherwise you will block your users from your site