HTTPS server configuration comparative analysis

[1000TurquoisePogs]

#1857 lists some ways in which we feel our HTTPS, especially certificate, configuration could be improved.
But, there may be other ways to improve that are not yet listed.
And, when do we know we have done enough?

We need to compare our servers' HTTPS configuration experience to other popular servers. It does not need to be z/OS specific, but rather what do people think is a pleasant and powerful experience and how do we compare to that?

[1000TurquoisePogs]

Joe showed us some, and I presented my opinions on others.
The summary was,

• some webservers out there dont use a singular config file due to the libraries they inherit and not trying to hide that
• some webservers use config files of a syntax that they appear to have made themselves (nginx) where, it'd be a learning curve for anyone even if at some point it becomes intuitive.
• some webservers use xml, which is its own problem.

none of the webservers we observed were particularly better than what we do in yaml.
our main issues are

• yaml, for better and worse
• we have too many servers, more servers more problems
• our servers are not yet controlled together. for example, want to change ciphers? you'd have to do it n times in n different ways.

we're aiming to solve the too many servers / too many ways to configure with work in #1875 i believe, so it's not so bad.

overall, i think we learned that there's no silver bullet known to other servers out there. we all have our downsides, and we just need to continue doing what we're doing.