Why does the lotro.com webserver prefer the weakest cipher suite available instead of the strongest?
I wanted to read the announcements forums and post them directly into discord so I sent a GET request but the server negotiates TLS_DHE_RSA_WITH_AES_256_GCM_S HA384 with a 1024 DH key, upon which my client immediately aborts the connection for using too small keys. I noticed all major web browsers are connecting via the next best option TLS_RSA_WITH_AES_256_GCM_SHA38 4. However, if I specify in my get request the cipher suite I want to use is TLS_ECDHE_RSA_WITH_AES_256_GCM _SHA384, lotro.com supports this and responds. So why doesn't lotro.com default to stronger cipher suites over the weaker ones? It feels like a misconfiguration as 256bit AES is a complete overkill with the default 1024 DH key exchange, you might as well use 128bit AES then. I am only reading public info so it doesn't really matter, but the choices seem... odd.
Apart from changing the cipher suite preference order, I think you should fully remove the 3DES option. It's slower and less secure than AES, I believe there is no legitimate use case for this. Similarly you should end support for TLSv1.0 and TLSv1.1 as nowadays their only purpose is to downgrade TLSv1.2 connections. N.B. All major browsers have ended support for 1.0 and 1.1 in 2020 and now only support 1.2+ (which came out in 2008).