From 5940f402c77940b3d2d9a7ccb50bd3034d97f51c Mon Sep 17 00:00:00 2001
From: thelittlefireman <thelittlefireman@users.noreply.github.com>
Date: Sun, 28 Feb 2021 23:59:22 +0100
Subject: [PATCH] improve default tls security

---
 confs/site/https.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/confs/site/https.conf b/confs/site/https.conf
index 623d190..5a50735 100644
--- a/confs/site/https.conf
+++ b/confs/site/https.conf
@@ -2,7 +2,7 @@ listen 0.0.0.0:%HTTPS_PORT% ssl %HTTP2%;
 ssl_certificate %HTTPS_CERT%;
 ssl_certificate_key %HTTPS_KEY%;
 ssl_protocols %HTTPS_PROTOCOLS%;
-ssl_prefer_server_ciphers off;
+ssl_prefer_server_ciphers on;
 ssl_session_tickets off;
 ssl_session_timeout 1d;
 ssl_session_cache shared:MozSSL:10m;