From f3320a54d12e404e722a8af2493a7ea94571eb1f Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Fri, 23 Apr 2021 16:30:49 -0400
Subject: [PATCH] prefer ChaCha20 for clients without hardware AES

---
 nginx/nginx.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 9124b498..aed7aed2 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -43,6 +43,7 @@ http {
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256;
     ssl_prefer_server_ciphers on;
+    ssl_conf_command Options PrioritizeChaCha;
 
     ssl_certificate /etc/letsencrypt/live/grapheneos.org/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/grapheneos.org/privkey.pem;