Same reason they recommend the similar directive for nginx:
> all the ciphers in Modern and Intermediate are secure. As such, we let the client choose the most performant cipher suite for their hardware configuration.
The choice between ChaCha20 and AES can be left to the clients with the "PrioritizeChaCha" option. On both OpenSSL and BoringSSL, likely similar options are available with other libraries as well. Anything else such as not enforcing any preference is unnecessary.
Same reason they recommend the similar directive for nginx:
> all the ciphers in Modern and Intermediate are secure. As such, we let the client choose the most performant cipher suite for their hardware configuration.
https://github.com/mozilla/server-side-tls/issues/260#issuec...
https://wiki.mozilla.org/Security/Server_Side_TLS
There's no need for that.
The choice between ChaCha20 and AES can be left to the clients with the "PrioritizeChaCha" option. On both OpenSSL and BoringSSL, likely similar options are available with other libraries as well. Anything else such as not enforcing any preference is unnecessary.