From Fedora Project Wiki

Questions

What about crypto packages that do not use nss or GnuTLS? Packages like java-1.7.0-openjdk and bouncycastle ship many security providers and may not rely on nss or GnuTLS at all

Omajid (talk) 16:34, 27 February 2014 (UTC)

For that matter, the current developer advice only has profile=system coding examples for OpenSSL and GnuTLS, not NSS or other crypto libs.

Fche (talk) 20:56, 4 September 2014 (UTC)

Mozilla recommendation

FYI, Mozilla published a TLS configuration recommendation at https://wiki.mozilla.org/Security/Server_Side_TLS