Hello, I'm trying to update my server security. I'm wanting to implement the OWASP recommended Advanced+ setup. For reference that is: https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet My client compatibility I thought was good, using firefox 57, chrome the latest I just updated it from ninite, and ie11 on win10, and Aquamail as an android client. My tls cipher suite I'm using for the advanced+ configuration is: DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 Having set this nothing is working, getting tls connection errors can not negotiate a compatible protocol or cipher. This tells me the protocols and ciphers are to restrictive, I was under the impression this should work. Does anyone have this implemented? Can you make exceptions for certain clients I'll go that way if I have to. The services I'm trying to get going are Apache v2.4, Postfix 3.3, and dovecot 2.3. My openssl version is 1.02q 20 NOV. 2018. Suggestions welcome. Thanks. Dave.