TLS 1.2 and enable only AEAD ciphers suite list
Don't do this. At least, don't do this on any system where you don't know for sure that it's not going to break things.
AEAD stands for "Authenticated Encryption with Additional Data" meaning there is a built-in message authentication code for integrity checking both the ciphertext and optionally additional authenticated (but unencrypted) data, and the only AEAD cipher suites in TLS are those using the AES-GCM and ChaCha20-Poly1305 algorithms, and they are indeed only supported in TLS 1.2. This means that if you have any clients trying to connect to this system that don't support either TLS 1.2, or even those that do support TLS 1.2 but not those specific cipher suites (and they're not mandatory...Only TLS_RSA_WITH_AES_128_CBC_SHA is mandatory, and it isn't an AEAD cipher suite) then those clients will not be able to connect at all.
It is true that these are the most secure options, and indeed the only options that will be supported for TLS v1.3, but for most systems today, this is not a realistic configuration. You do certainly want to enable TLS v1.2 and these cipher suites if you have an option to do so (configuring them is going to be specific to your system, so check your documentation) but as a rule, you should not require them unless you really know what you're doing and understand both your environment and the effects.
The accepted answer is a couple of years old, now, and only a select number of browsers still do not support TLS 1.2 by default and they only account for roughly ~5% of all web traffic. IE on Win XP and IE < 11 on newer versions are the biggest culprits.
This link displays a matrix of browsers that support TLS 1.2.
Chrome has supported it since version 30 (the current stable version is 64, I believe).
Windows Server 2012 R2 still doesn't support the *RSA*GCM* suites (as I recently found out trying to enable them on our web servers) so Server 2016/Windows 10 and IIS 10 will be required to use the RSA-based AEAD ciphers.
PCI compliance now requires disabling TLS 1.0, and it's only a small user base that still requires the use of TLS 1.0. So as of 2018, it is perfectly acceptable to make these changes so long as your server OS supports them.