Set ssl_prefer_server_ciphers to off (#328)

Co-authored-by: Léo Colombaro <[email protected]>

h5bp/tls/ssl_engine.conf

@@ -25,7 +25,10 @@
 #     https://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx
 #     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
 #
-# (5) Basic security improvements
+# (5) The TLS 1.2 and 1.3 ciphers in use in current policies are not considered
+#     dangerous. This directive let the client choose the one that best fits their needs.
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers
+#     https://wiki.mozilla.org/Security/Server_Side_TLS
 
 # (1)
 ssl_session_timeout 24h;
@@ -41,4 +44,4 @@ keepalive_timeout 300s;
 ssl_session_tickets off;
 
 # (5)
-ssl_prefer_server_ciphers on;
+ssl_prefer_server_ciphers off;