Mozilla updated its recommended configurations for server-side TLS

Modern configuration (use this if you control all clients in your network) now requires TLS 1.3 only. Furthermore, it requires an ECDSA certificate and X25519, prime256v1, and secp384r1 curves.

https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

Intermediate configuration (use this for web servers) now also requires TLS 1.3 and TLS 1.2. Only cipher suites with support for PFS/AEAD are recommended.

https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29