From Fedora Project Wiki

Questions

What about crypto packages that do not use nss or GnuTLS? Packages like java-1.7.0-openjdk and bouncycastle ship many security providers and may not rely on nss or GnuTLS at all

Omajid (talk) 16:34, 27 February 2014 (UTC)

Mozilla recommendation

FYI, Mozilla published a TLS configuration recommendation at https://wiki.mozilla.org/Security/Server_Side_TLS