I configure TLS settings in the http{} block in my /etc/nginx/nginx.conf. Attempting to override these settings:
- Interferes with my cipher choices and TLS config on other sites
- In my case (probably because of TLSv1.3), causes the funkwhale site to fail to load with SSL_ERROR_ILLEGAL_PARAMETER_ALERT
This PR adds the funkwhale_nginx_tls_configure_ciphers var to disable funkwhale's overriding of the following settings:
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;The default of true maintains the current behavior for indifferent users.