Java 8 supports Server Cipher Suite Preference by setting SSLParameters.setUseCipherSuiteorder() to true. If OpenFire would support this it would improve TLS security. Could someone look into this?
Also to improve security I’ve added -Djdk.tls.ephemeralDHKeySize=2048 -Djdk.tls.rejectClientInitiatedRenegotiation=true to my init script. Perhaps this could be added by default as well?