From 99a3f448a8e2ef3d9d9ace02819fe55035593683 Mon Sep 17 00:00:00 2001
From: subxero <371855+subxero@users.noreply.github.com>
Date: Tue, 17 Aug 2021 22:16:22 +0200
Subject: [PATCH] Fix SSL (#189)

Fix SSL_ERROR_NO_CYPHER_OVERLAP from lets encrypt ssl
---
 tasmoadmin/rootfs/etc/nginx/nginx-ssl.conf | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/tasmoadmin/rootfs/etc/nginx/nginx-ssl.conf b/tasmoadmin/rootfs/etc/nginx/nginx-ssl.conf
index 59a8b98..40ac168 100755
--- a/tasmoadmin/rootfs/etc/nginx/nginx-ssl.conf
+++ b/tasmoadmin/rootfs/etc/nginx/nginx-ssl.conf
@@ -20,10 +20,9 @@ http {
 
         ssl_certificate /ssl/%%certfile%%;
         ssl_certificate_key /ssl/%%keyfile%%;
-        ssl_protocols TLSv1.2;
-        ssl_prefer_server_ciphers on;
-        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
-        ssl_ecdh_curve secp384r1;
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers off;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
         ssl_session_timeout  10m;
         ssl_session_cache shared:SSL:10m;
         ssl_session_tickets off;