In reference to post https://forum.opnsense.org/index.php?topic=17151.0 to bring this to 20.7.
It isn't possible to modify the cipher list with the Nginx plugin, as it is hardcoded in a template. The current release is using weak ciphers as determined by SSLLabs.
We have written a patch which adds a drop-down list to the HTTP Server configuration for cipher selection.
Commit: https://github.com/opnsense/plugins/commit/a694ac4cb65481df9abf7138c0eb7693a9e36d11
(//)
it would be great!
(may be add some helpful link in help text area?
eg https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#23-use-secure-cipher-suites)