diff --git a/Userland/Libraries/LibTLS/CipherSuite.h b/Userland/Libraries/LibTLS/CipherSuite.h
index 590e46ef9f..76b8f7e3b4 100644
--- a/Userland/Libraries/LibTLS/CipherSuite.h
+++ b/Userland/Libraries/LibTLS/CipherSuite.h
@@ -10,20 +10,77 @@ namespace TLS {
 
 enum class CipherSuite {
     Invalid = 0,
-    AES_128_GCM_SHA256 = 0x1301,
-    AES_256_GCM_SHA384 = 0x1302,
-    AES_128_CCM_SHA256 = 0x1304,
-    AES_128_CCM_8_SHA256 = 0x1305,
 
-    // We support these
+    // Weak cipher suites, but we support them
+    // RFC 5246 - Original TLS v1.2 ciphers
     RSA_WITH_AES_128_CBC_SHA = 0x002F,
     RSA_WITH_AES_256_CBC_SHA = 0x0035,
     RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
     RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
+
+    // RFC 5288 - DH, DHE and RSA for AES-GCM
     RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
     RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
+
+    // All recommended cipher suites (according to https://ciphersuite.info/cs/)
+    // RFC 5288 - DH, DHE and RSA for AES-GCM
+    DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
+    DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
+
+    // RFC 5289 - ECDHE for AES-GCM
+    ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
+    ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
+
+    // RFC 5487 - Pre-shared keys
+    DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
+    DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
+
+    // RFC 6209 - ARIA suites
+    DHE_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC056,
+    DHE_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC057,
+    ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05C,
+    ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05D,
+    DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06C,
+    DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06D,
+
+    // RFC 6367 - Camellia Cipher Suites
+    DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080,
+    DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081,
+    ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086,
+    ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087,
+    DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090,
+    DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091,
+
+    // RFC 6655 - DHE, PSK and RSA with AES-CCM
+    DHE_PSK_WITH_AES_128_CCM = 0xC0A6,
+    DHE_PSK_WITH_AES_256_CCM = 0xC0A7,
+
+    // RFC 7251 - ECDHE with AES-CCM
+    ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC,
+    ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD,
+    ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE,
+    ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF,
+
+    // RFC 7905 - ChaCha20-Poly1305 Cipher Suites
+    ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9,
+    ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAC,
+    DHE_PSK_WITH_CHACHA20_POLY1305 = 0xCCAD,
+
+    // RFC 8442 - ECDHE_PSK with AES-GCM and AES-CCM
+    ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0xD001,
+    ECDHE_PSK_WITH_AES_256_GCM_SHA384 = 0xD002,
+    ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 = 0xD003,
+    ECDHE_PSK_WITH_AES_128_CCM_SHA256 = 0xD005,
+
+    // RFC 8446 - TLS v1.3
+    AES_128_GCM_SHA256 = 0x1301,
+    AES_256_GCM_SHA384 = 0x1302,
+    CHACHA20_POLY1305_SHA256 = 0x1303,
+    AES_128_CCM_SHA256 = 0x1304,
+    AES_128_CCM_8_SHA256 = 0x1305,
 };
 
+// Defined in RFC 5246 section 7.4.1.4.1
 enum class HashAlgorithm : u8 {
     None = 0,
     MD5 = 1,
@@ -34,6 +91,7 @@ enum class HashAlgorithm : u8 {
     SHA512 = 6,
 };
 
+// Defined in RFC 5246 section 7.4.1.4.1
 enum class SignatureAlgorithm : u8 {
     Anonymous = 0,
     RSA = 1,
@@ -41,6 +99,12 @@ enum class SignatureAlgorithm : u8 {
     ECDSA = 3,
 };
 
+// Defined in RFC 5246 section 7.4.1.4.1
+struct SignatureAndHashAlgorithm {
+    HashAlgorithm hash;
+    SignatureAlgorithm signature;
+};
+
 enum class CipherAlgorithm {
     Invalid,
     AES_128_CBC,
@@ -68,9 +132,4 @@ constexpr size_t cipher_key_size(CipherAlgorithm algorithm)
     }
 }
 
-struct SignatureAndHashAlgorithm {
-    HashAlgorithm hash;
-    SignatureAlgorithm signature;
-};
-
 }
diff --git a/Userland/Libraries/LibTLS/TLSv12.h b/Userland/Libraries/LibTLS/TLSv12.h
index 42cae30f89..d0c5645630 100644
--- a/Userland/Libraries/LibTLS/TLSv12.h
+++ b/Userland/Libraries/LibTLS/TLSv12.h
@@ -168,10 +168,6 @@ enum ClientVerificationStaus {
 // GCM specifically asks us to transmit only the nonce, the counter is zero
 // and the fixed IV is derived from the premaster key.
 #define ENUMERATE_CIPHERS(C)                                                                                                                    \
-    C(false, CipherSuite::AES_128_GCM_SHA256, SignatureAlgorithm::Anonymous, CipherAlgorithm::AES_128_GCM, Crypto::Hash::SHA256, 8, true)       \
-    C(false, CipherSuite::AES_256_GCM_SHA384, SignatureAlgorithm::Anonymous, CipherAlgorithm::AES_256_GCM, Crypto::Hash::SHA384, 8, true)       \
-    C(false, CipherSuite::AES_128_CCM_SHA256, SignatureAlgorithm::Anonymous, CipherAlgorithm::AES_128_CCM, Crypto::Hash::SHA256, 16, false)     \
-    C(false, CipherSuite::AES_128_CCM_8_SHA256, SignatureAlgorithm::Anonymous, CipherAlgorithm::AES_128_CCM_8, Crypto::Hash::SHA256, 16, false) \
     C(true, CipherSuite::RSA_WITH_AES_128_CBC_SHA, SignatureAlgorithm::RSA, CipherAlgorithm::AES_128_CBC, Crypto::Hash::SHA1, 16, false)        \
     C(true, CipherSuite::RSA_WITH_AES_256_CBC_SHA, SignatureAlgorithm::RSA, CipherAlgorithm::AES_256_CBC, Crypto::Hash::SHA1, 16, false)        \
     C(true, CipherSuite::RSA_WITH_AES_128_CBC_SHA256, SignatureAlgorithm::RSA, CipherAlgorithm::AES_128_CBC, Crypto::Hash::SHA256, 16, false)   \