Should a Server Set a Cipher Order?
Conflicting opinions exist on whether or not a server should set a cipher order for secure communication. While testssl.sh warns against a lack of cipher order, Mozilla recommends letting the client choose.
According to testssl.sh, a lack of cipher order is considered a deficit and should be avoided. The tool suggests that a server should begin by offering the strongest ciphers first, and only then offer weaker ones. This approach makes intuitive sense as it prioritizes stronger encryption.
On the other hand, Mozilla takes a different stance. They recommend not setting a cipher order and allowing the client to choose the preferred ciphers. The rationale behind this recommendation is that the client is better positioned to determine which ciphers they prefer, considering factors such as hardware support.
When it comes to security, as long as the server only supports ciphers that are strong enough, it doesn’t actually matter who chooses the cipher. Instead, other criteria such as performance become relevant. Simply using a ‘stronger’ cipher may add perceived value but not necessarily actual value, assuming that the server supports sufficiently strong ciphers.
Ultimately, the decision to set a cipher order or not depends on the specific use case and the priorities of the server administrator. It is important to consider both security and performance implications when making this decision.
For more information, you can refer to the explanation on Stack Exchange that discusses the preference for client cipher order or the lack thereof in TLS negotiation.