Mozilla has a tool to generate server configurations at Mozilla SSL Configuration Generator. For Amazon Elastic Load Balancing (ELB), the configuration does not appear to have a setting for "use server preference".
"Use server preference" is an important server-side option because it ensures the server's choice of cipher suite is used (as opposed to using the client's cipher suite) (modulo the intersection of them). In Apache, the setting is SSLHonorCipherOrder. In OpenSSL, the setting is SSL_OP_CIPHER_SERVER_PREFERENCE.
What is the ELB setting to ensure the server's preference for cipher suites is used?
Best Answer
Amazon's predefined security policies already do this.
If you're trying to use the CloudFormation template that Mozilla gave you, you will see that the attribute is already there.