The following ciphers are supported:<br>
ak-akamai-2020q1<br>
<br>
TLS-CHACHA20-POLY1305-SHA256<br>
ECDHE-ECDSA-AES256-GCM-SHA384<br>
ECDHE-ECDSA-AES128-GCM-SHA256<br>
ECDHE-RSA-AES256-GCM-SHA384<br>
ECDHE-RSA-AES128-GCM-SHA256<br>
ECDHE-ECDSA-CHACHA20-POLY1305<br>
ECDHE-RSA-CHACHA20-POLY1305<br>
<br>
So for this nginx, the configuration would be:<br>
<br>
--------------------------------------------------------------------------------------------------------<br>
# Server ciphers are preferred and ciphers are only ak-akamai-2020q1 supported:<br>
<br>
ssl_protocols TLSv1.3 TLSv1.2;<br>
ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';<br>
ssl_prefer_server_ciphers on;<br>
<br>
ssl_session_cache shared:le_nginx_SSL:10m;<br>
ssl_session_timeout 1440m;<br>
ssl_session_tickets off;<br>
<br>
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot<br>
ssl_certificate /var/www/clients/client0/web31/ssl/ak-akamai-2020q1.gino.es-le.crt;<br>
ssl_certificate_key /var/www/clients/client0/web31/ssl/ak-akamai-2020q1.gino.es-le.key;<br>
--------------------------------------------------------------------------------------------------------<br>