Comment 2 for bug 1970993

Can the charm take "secure by default" approach? For example in OpenStack charms, Apache2's default is ignored, but the charms are following Mozilla's Intermediate level cipher list in:
https://ssl-config.mozilla.org/