ISPConfig3 -- NGINX: http2 ssl_cipher missing
The current nginx template is missing the directive "ssl_cipher". When enabling http2 via webinterface, all sites aren't browsable because of the following error:
# google chrome client error
ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
# or more generically
INADEQUATE_SECURITY (0xc)
This is due a missing "ssl_cipher" in the nginx config. (because otherwise nginx is using blacklisted http2 ciphers).
So please update the nginx template for example adding:
# disable unsupported ciphers
ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;
This prevent using blacklisted http2 ciphers and the website is browsable again.
Best regards, Denny