Confidentiality of the TLS connection is indeed easy to handle here.

The hard part is certificate authentication. And that's not included in the cipher suite setting.