Suggestions for 1.1.1.1

If possible,

  1. Use TLS 1.3 first, only when client doesn’t support, downgrade to TLS 1.2. Use AEAD (Encrypt-then-MAC) only, including TLS 1.2.
  2. Use 256-bit encryption for https://1.1.1.1 and https://1.0.0.1 only, please don’t use 128-bit encryption. Consider use Chacha20_Poly1305, it seems consume less power and faster in mobile phone.
  3. Use safe curves only. If client support, use Ed448-Goldilocks or named Curve448, if not, use Curve25519, about safe curves, see also RFC 7748 https://tools.ietf.org/html/rfc7748/ and https://safecurves.cr.yp.to/
  4. Use 4096-bit RSA. ECDSA uses awful NIST Prime Curves, EdDSA has fault attack.