It would be nice to have defaults that are following regulations because it sucks to have and maintain explicit list. If it would be a simple toggle - secureciphersonly=yes sure, but listing them is just creating tech debt.