set old cipher's priority to last (#405)

If old ciphers are used, make sure they are set to last in priority, which improves preferred order score.

debian/resources/nginx/fusionpbx

@@ -186,7 +186,8 @@ server {
 	ssl_certificate_key     /etc/ssl/private/nginx.key;
 	#ssl_protocols           TLSv1.2 TLSv1.3;
 	ssl_protocols	        TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-	ssl_ciphers             DHE-RSA-AES256-SHA:AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+	ssl_prefer_server_ciphers on;
+	ssl_ciphers             ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA;
 	ssl_session_cache       shared:SSL:40m;
 	ssl_session_timeout     2h;
 	ssl_session_tickets     off;