diff --git a/public/index.html b/public/index.html
index a0a5d55..a583200 100644
--- a/public/index.html
+++ b/public/index.html
@@ -601,19 +601,19 @@
 												<div class="form-check form-check-inline" ng-class="{ 'input-changed': data.ssl_profile !== defaultData.ssl_profile && data.ssl_profile === 'modern' }">
 													<input class="form-check-input" type="radio" id="ssl-modern" ng-model="data.ssl_profile" value="modern">
 													<label class="form-check-label col-form-label-sm" for="ssl-modern">
-														<span tooltips tooltip-template="For services that don't need backward compatibility, the parameters below provide a higher level of security.<br><br>Oldest compatible clients:<ul><li>{{ sslProfiles.modern.oldest_clients.join('</li><li>') }}</li></ul>" tooltip-side="top" tooltip-class="ssl">Mozilla Modern</span>
+														<span tooltips tooltip-template="Services with clients that support TLS 1.3 and don't need backward compatibility<br><br>Oldest compatible clients:<ul><li>{{ sslProfiles.modern.oldest_clients.join('</li><li>') }}</li></ul>" tooltip-side="top" tooltip-class="ssl">Mozilla Modern</span>
 													</label>
 												</div>
 												<div class="form-check form-check-inline" ng-class="{ 'input-changed': data.ssl_profile !== defaultData.ssl_profile && data.ssl_profile === 'intermediate' }">
 													<input class="form-check-input" type="radio" id="ssl-intermediate" ng-model="data.ssl_profile" value="intermediate">
 													<label class="form-check-label col-form-label-sm" for="ssl-intermediate">
-														<span tooltips tooltip-template="For services that don't need compatibility with legacy clients, but still need to support a wide range of clients, this configuration is recommended.<br><br>Oldest compatible clients: <ul><li>{{ sslProfiles.intermediate.oldest_clients.join('</li><li>') }}</li></ul>" tooltip-side="top" tooltip-class="ssl">Mozilla Intermediate</span>
+														<span tooltips tooltip-template="General-purpose servers with a variety of clients, recommended for almost all systems<br><br>Oldest compatible clients: <ul><li>{{ sslProfiles.intermediate.oldest_clients.join('</li><li>') }}</li></ul>" tooltip-side="top" tooltip-class="ssl">Mozilla Intermediate</span>
 													</label>
 												</div>
 												<div class="form-check form-check-inline" ng-class="{ 'input-changed': data.ssl_profile !== defaultData.ssl_profile && data.ssl_profile === 'old' }">
 													<input class="form-check-input" type="radio" id="ssl-old" ng-model="data.ssl_profile" value="old">
 													<label class="form-check-label col-form-label-sm" for="ssl-old">
-														<span tooltips tooltip-template="This is the old ciphersuite that works with all clients back to Windows XP/IE6. It should be used as a last resort only.<br><br>Oldest compatible clients: <ul><li>{{ sslProfiles.old.oldest_clients.join('</li><li>') }}</li></ul>" tooltip-side="top" tooltip-class="ssl">Mozilla Old</span>
+														<span tooltips tooltip-template="Compatible with a number of very old clients, and should be used only as a last resort<br><br>Oldest compatible clients: <ul><li>{{ sslProfiles.old.oldest_clients.join('</li><li>') }}</li></ul>" tooltip-side="top" tooltip-class="ssl">Mozilla Old</span>
 													</label>
 												</div>
 											</div>
diff --git a/public/templates/conf/nginx.conf.html b/public/templates/conf/nginx.conf.html
index 2240037..7d3fe52 100644
--- a/public/templates/conf/nginx.conf.html
+++ b/public/templates/conf/nginx.conf.html
@@ -61,8 +61,10 @@ http {<!--
 	ssl_dhparam {{ data.directory_nginx }}dhparam.pem;</span>
 
 	# {{ sslProfiles[ data.ssl_profile ].name }} configuration
-	ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols.join(' ') }};
-	ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers.join(':') }};<!--
+	ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols.join(' ') }};<!--
+
+	✔ SSL ciphers length --><span ng-if="sslProfiles[ data.ssl_profile ].ciphers.length">
+	ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers.join(':') }};</span><!--
 
 	✔ SSL server preferred order --><span ng-if="sslProfiles[ data.ssl_profile ].server_preferred_order">
 	ssl_prefer_server_ciphers on;</span>
diff --git a/resources/js/app.js b/resources/js/app.js
index f017a3f..1eb6d45 100644
--- a/resources/js/app.js
+++ b/resources/js/app.js
@@ -421,9 +421,9 @@
 					'TLSv1.3',
 				],
 				ciphers: [
-					'TLS_AES_256_GCM_SHA384',
-					'TLS_AES_128_GCM_SHA256',
-					'TLS_CHACHA20_POLY1305_SHA256',
+					// 'TLS_AES_256_GCM_SHA384',
+					// 'TLS_AES_128_GCM_SHA256',
+					// 'TLS_CHACHA20_POLY1305_SHA256',
 				],
 				server_preferred_order: false,
 				dh_param_size: false,
@@ -436,21 +436,21 @@
 					'TLSv1.3',
 				],
 				ciphers: [
-					'TLS_AES_256_GCM_SHA384',
-					'TLS_AES_128_GCM_SHA256',
-					'TLS_CHACHA20_POLY1305_SHA256',
-					'ECDHE-ECDSA-AES256-GCM-SHA384',
-					'ECDHE-RSA-AES256-GCM-SHA384',
+					// 'TLS_AES_256_GCM_SHA384',
+					// 'TLS_AES_128_GCM_SHA256',
+					// 'TLS_CHACHA20_POLY1305_SHA256',
 					'ECDHE-ECDSA-AES128-GCM-SHA256',
 					'ECDHE-RSA-AES128-GCM-SHA256',
+					'ECDHE-ECDSA-AES256-GCM-SHA384',
+					'ECDHE-RSA-AES256-GCM-SHA384',
 					'ECDHE-ECDSA-CHACHA20-POLY1305',
 					'ECDHE-RSA-CHACHA20-POLY1305',
-					'DHE-RSA-AES256-GCM-SHA384',
 					'DHE-RSA-AES128-GCM-SHA256',
+					'DHE-RSA-AES256-GCM-SHA384',
 				],
-				server_preferred_order: true,
+				server_preferred_order: false,
 				dh_param_size: 2048,
-				oldest_clients: ['Firefox 27', 'Android 4.4.2', 'Chrome 31', 'Edge', 'IE 11 on Windows 7', 'Java 8u31', 'OpenSSL 1.0.1', 'Safari 9'],
+				oldest_clients: ['Firefox 27', 'Android 4.4.2', 'Chrome 31', 'Edge', 'IE 11 on Windows 7', 'Java 8u31', 'OpenSSL 1.0.1', 'Opera 20', 'Safari 9'],
 			},
 			old: {
 				name: 'Mozilla Old',
@@ -461,69 +461,39 @@
 					'TLSv1.3',
 				],
 				ciphers: [
-					'TLS_AES_256_GCM_SHA384',
-					'TLS_AES_128_GCM_SHA256',
-					'TLS_CHACHA20_POLY1305_SHA256',
-					'ECDHE-ECDSA-CHACHA20-POLY1305',
-					'ECDHE-RSA-CHACHA20-POLY1305',
+					// 'TLS_AES_256_GCM_SHA384',
+					// 'TLS_AES_128_GCM_SHA256',
+					// 'TLS_CHACHA20_POLY1305_SHA256',
 					'ECDHE-ECDSA-AES128-GCM-SHA256',
 					'ECDHE-RSA-AES128-GCM-SHA256',
 					'ECDHE-ECDSA-AES256-GCM-SHA384',
 					'ECDHE-RSA-AES256-GCM-SHA384',
+					'ECDHE-ECDSA-CHACHA20-POLY1305',
+					'ECDHE-RSA-CHACHA20-POLY1305',
 					'DHE-RSA-AES128-GCM-SHA256',
 					'DHE-RSA-AES256-GCM-SHA384',
-					'DHE-DSS-AES128-GCM-SHA256',
-					'DHE-DSS-AES256-GCM-SHA384',
-					'ECDHE-RSA-AES128-SHA256',
+					'DHE-RSA-CHACHA20-POLY1305',
 					'ECDHE-ECDSA-AES128-SHA256',
-					'ECDHE-RSA-AES128-SHA',
+					'ECDHE-RSA-AES128-SHA256',
 					'ECDHE-ECDSA-AES128-SHA',
-					'ECDHE-RSA-AES256-SHA384',
+					'ECDHE-RSA-AES128-SHA',
 					'ECDHE-ECDSA-AES256-SHA384',
-					'ECDHE-RSA-AES256-SHA',
+					'ECDHE-RSA-AES256-SHA384',
 					'ECDHE-ECDSA-AES256-SHA',
+					'ECDHE-RSA-AES256-SHA',
 					'DHE-RSA-AES128-SHA256',
-					'DHE-RSA-AES128-SHA',
-					'DHE-DSS-AES128-SHA256',
 					'DHE-RSA-AES256-SHA256',
-					'DHE-DSS-AES256-SHA',
-					'DHE-RSA-AES256-SHA',
-					'ECDHE-RSA-DES-CBC3-SHA',
-					'ECDHE-ECDSA-DES-CBC3-SHA',
-					'EDH-RSA-DES-CBC3-SHA',
 					'AES128-GCM-SHA256',
 					'AES256-GCM-SHA384',
 					'AES128-SHA256',
 					'AES256-SHA256',
 					'AES128-SHA',
 					'AES256-SHA',
-					'DHE-DSS-AES256-SHA256',
-					'DHE-DSS-AES128-SHA',
 					'DES-CBC3-SHA',
-					'DHE-RSA-CHACHA20-POLY1305',
-					'ECDHE-RSA-CAMELLIA256-SHA384',
-					'ECDHE-ECDSA-CAMELLIA256-SHA384',
-					'DHE-RSA-CAMELLIA256-SHA256',
-					'DHE-DSS-CAMELLIA256-SHA256',
-					'DHE-RSA-CAMELLIA256-SHA',
-					'DHE-DSS-CAMELLIA256-SHA',
-					'CAMELLIA256-SHA256',
-					'CAMELLIA256-SHA',
-					'ECDHE-RSA-CAMELLIA128-SHA256',
-					'ECDHE-ECDSA-CAMELLIA128-SHA256',
-					'DHE-RSA-CAMELLIA128-SHA256',
-					'DHE-DSS-CAMELLIA128-SHA256',
-					'DHE-RSA-CAMELLIA128-SHA',
-					'DHE-DSS-CAMELLIA128-SHA',
-					'CAMELLIA128-SHA256',
-					'CAMELLIA128-SHA',
-					'DHE-RSA-SEED-SHA',
-					'DHE-DSS-SEED-SHA',
-					'SEED-SHA',
 				],
 				server_preferred_order: true,
 				dh_param_size: 1024,
-				oldest_clients: ['Firefox 1', 'Chrome 1', 'Opera 5', 'Safari 1', 'IE8 on Windows XP', 'Android 2.3', 'Java 7', 'OpenSSL 0.9.8'],
+				oldest_clients: ['Firefox 1', 'Android 2.3', 'Chrome 1', 'Edge 12', 'IE8 on Windows XP', 'Java 6', 'OpenSSL 0.9.8', 'Opera 5', 'Safari 1'],
 			},
 		};
 
