TLS Cipher Migrations
What should I do to move away from a weak tls ciphers?
There's a reason this website allows TLS 1.2. Twitter, Telegram, and others fetch previews over TLS 1.2 instead of 1.3. Take inventory of what clients you serve and make plans that are inclusive of your clients. If you are in a compliance environment (like PCI compliance), follow the recommendations from your auditor on what cipher suites should be enabled or disabled. These may be managed on your load balancer (hopefully) or application (hopefully not). For example, see AWS Application Load Balancer - TLS security policies or moz://a SSL Configuration Generator. Check out Can I use TLS 1.3. If you are still supporting TLS 1.1, you should consider inventorying what clients connect to you with a protocol from 2006.