I have a FP9300 running in Multi-context mode.  It is active|standby and I have several contexts.  I have one context dedicated to remote access (anyconnect), and have a ldap over ssl configured for authentication. When I configured this originally I left all ssl ciphers at medium, and ssl over ldap just worked with the group of windows servers configured under aaa servers.  A few nights ago we had a failover event and once the firewall failed to the other side it broke ssl over ldap.  The configuration was identical on the otherside and everything else was working fine.  If I unchecked the box for ssl over ldap and just used port 389 it works, but no dice with the former. I tried everything until stumbling upon the cipher settings.  After various combinations I got auth working again over port 636. 

So, beside that being a head scratcher, I wanted to get some advice on what ciphers to use.  If I set everything to medium I ldap over ssl will not work.  I have to set custom for tls1.2 and default.  If I have default set with low security it works, but if I try to specify too many ciphers for either it breaks.  I'm not sure which ciphers to use that will offer good security, but also compatibility.