From 145575a8d11a2a2e35ff81318d229b368a0372c8 Mon Sep 17 00:00:00 2001
From: chansizzle <14916599+chansizzle@users.noreply.github.com>
Date: Mon, 9 Jan 2023 11:03:58 -0700
Subject: [PATCH] set old cipher's priority to last (#405)

If old ciphers are used, make sure they are set to last in priority, which improves preferred order score.
---
 debian/resources/nginx/fusionpbx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/resources/nginx/fusionpbx b/debian/resources/nginx/fusionpbx
index 9eb3c76..892f8fd 100755
--- a/debian/resources/nginx/fusionpbx
+++ b/debian/resources/nginx/fusionpbx
@@ -186,7 +186,8 @@ server {
 	ssl_certificate_key     /etc/ssl/private/nginx.key;
 	#ssl_protocols           TLSv1.2 TLSv1.3;
 	ssl_protocols	        TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-	ssl_ciphers             DHE-RSA-AES256-SHA:AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+	ssl_prefer_server_ciphers on;
+	ssl_ciphers             ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA;
 	ssl_session_cache       shared:SSL:40m;
 	ssl_session_timeout     2h;
 	ssl_session_tickets     off;