Description
Is your feature request related to a problem? Please describe.
Currently the Nginx options for TLS settings and ciphers are either fixed (ciphers) or modifiable only partially (TLS server templates for hosts allowing changes for HSTS and HTTP/2). More options would allow to use Mozilla Modern TLS 1.3 configurations or allow users to switch between old/intermediate/modern configurations and/or their individual options to suit their server/client needs and capability.
Describe the solution you'd like
- either additional templates + Tabler WebGUI options for
/etc/nginx/conf.d/include/ssl-ciphers.confallowing to choosessl_protocols(TLSv1.3),ssl_ciphers(lists),ssl_prefer_server_ciphers(off),ssl_ecdh_curve(X25519:prime256v1:secp384r1) - or extension of current templates for creation of individual
site.conffiles with more options to choose from, that would incorporate the above cipher options - again as per Mozilla recommendations above, potentially also with addition of OCSP stapling (probably separate subject due to complexity).
Describe alternatives you've considered
Just editing of /etc/nginx/conf.d/include/ssl-ciphers.conf
Additional context
Again, ideally both selectable individual options above and composite options to choose between old, intermediate and modern configurations as per Mozilla specs would be amazing.
As always - thank you for your great effort so far. No pressure and thank you for consideration.