Perhaps you no longer want to force a server-preferred TLS cipher order on clients
https://utcc.utoronto.ca/~cks/space/blog/tech/TLSServerCipherPriority [utcc.utoronto.ca]
2019-01-17 05:16
First, today many browsers update every six weeks or so, which is probably far more often than most people are re-checking their TLS best practices (certainly it’s far more frequently than we are). As a result, it’s easy for browsers to be the more up to date party on TLS best practices. Second, browsers are running on increasingly varied hardware where different ciphers may have quite different performance and power characteristics.