From 85fb45cda307e752e3e535de9082992cd510ded2 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Thu, 3 Dec 2020 10:16:38 -0500
Subject: [PATCH] move cipher configuration

---
 nginx/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 489155aa..af258d05 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -30,6 +30,7 @@ http {
     limit_conn addr 256;
 
     ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256;
     ssl_prefer_server_ciphers on;
 
     ssl_certificate /etc/letsencrypt/live/grapheneos.org/fullchain.pem;
@@ -37,7 +38,6 @@ http {
     ssl_session_cache shared:SSL:10m;
     ssl_session_timeout 1d;
     ssl_session_tickets off;
-    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256;
 
     ssl_trusted_certificate /etc/letsencrypt/live/grapheneos.org/chain.pem;
     ssl_stapling on;