Server vs client cipher preference
Historically, admins set the server to dictate cipher order (ssl_prefer_server_ciphers on, SSLHonorCipherOrder on) to keep weak clients from negotiating weak ciphers. With a modern cipher list that contains no weak options, it's better to let the client choose, because clients know best whether they have hardware AES acceleration (preferring AES-GCM) or not (preferring ChaCha20-Poly1305). So Modern and Intermediate turn server preference **off**; the Old profile turns it **on** because its cipher list still includes weaker suites that should only be used as a last resort. TLS 1.3 ignores this setting entirely.