Suggestions for

If possible,

  1. Use TLS 1.3 first, only when client doesn’t support, downgrade to TLS 1.2. Use AEAD (Encrypt-then-MAC) only, including TLS 1.2.
  2. Use 256-bit encryption for and only, please don’t use 128-bit encryption. Consider use Chacha20_Poly1305, it seems consume less power and faster in mobile phone.
  3. Use safe curves only. If client support, use Ed448-Goldilocks or named Curve448, if not, use Curve25519, about safe curves, see also RFC 7748 and
  4. Use 4096-bit RSA. ECDSA uses awful NIST Prime Curves, EdDSA has fault attack.