Configuration Medium User browsers may select less secure cipher suites creating opportunities for attack. HTTPS server should be configured to enforce server ciphersuite preferences. How this is configured will vary by server. Mozilla has included guidelines for configuring server ciphersuite preference for various implementations. See link below. The server can override client ciphersuite prioritization during the TLS handshake. This is useful for enforcing better, more secure ciphersuites for all visiting clients. Vega has detected that this is not configured in the server, potentially leaving older clients at risk. Server Side TLS (Mozilla) HTTPS (Wikipedia)