Now, fine, Issue https://github.com/letsencrypt/letsencrypt/issues/555 has been closed by Pull Request https://github.com/letsencrypt/letsencrypt/pull/1261, and guess what, nothing has changed. They’re not improving on the cipher list at all, just stick on the bloated default Mozilla list. Of course, the docs mention possible future changes of either the Mozilla recommendations or LE’s choice, only mentioning future choice of CHACHA20 and not the actually bloating of the cipher list in Mozilla’s recommendations.
As I said, to move things forward (if possible at all), one would have to directly approach Mozilla for their recommendations, not LE. LE will most likely (and for not too bad reason) always refer to Mozilla’s recommendations instead of creating just another set of ciphers.
For the record, here are the remaining topics:
- For modern compatibility, TLS 1.2 is sufficient. There is no modern browser which does support TLS 1.1 but not TLS 1.2, except when support for TLS 1.2 was manually disabled. I don’t think it’s worth supporting this case at all.
- Don’t support such bloated lists of ciphers. Any currently used browser can be approached with much shorter and better understandable lists that can simply rely on whitelisting single ciphers instead of blacklisting the old and bad ones. Pattern matching is understood by less than 5 % of the admins, overestimated. Cipher suites are not the right place to show off ‘mine is longer’.
- In times of
SSLHonorCipherOrder on, it’s completely useless to order stronger ciphers behind weaker ones. Either order AES256 in front of the respective AES128 ciphers or just don’t list them at all. - Don’t offer ciphers nobody uses and for which any target browser will choose a better cipher already on the list. DSS (DSA) keys were phased out from the major browsers, listing the respective ciphers at least in the ‘modern browsers’ scenario is completely unnecessary.