review our ssl ciphers suite
We currently use magic incantation from the Mozilla SSL observatory in our Apache (and now nginx, see #32239 (moved)) installations. We should review it and see if it's still relevant. It seems we're using the suites as per the Mozilla observatory, but since we're upgrading to buster, it might be worth upgrading our suite a little.
The documentation in the file mentions those URLs:
https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.25&openssl=1.0.2l&hsts=yes&profile=intermediate https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.25&openssl=1.1.0&hsts=no&profile=intermediate
But that's two lists... maybe what we have is the merged one?
In any case, this probably needs a kick. The list was created in 2014 and last touched in 2018, according to the comments in the apache config.
Unless we have per openssl-version configs, this will have to wait until #29399 (moved) is done at least.