Move nginx ciphers to mozilla guidelines

Update the supported ciphers to those under the
"Modern" section for mozilla.

https://wiki.mozilla.org/Security/Server_Side_TLS

Resolves openbmc/openbmc#3209

Tested: Built image and verified nginx correctly starts
and REST api't still work as expected.

Change-Id: I6692b42b6a1dec10e51b72654e75da4f0c0d3b99
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/recipes-httpd/nginx/files/nginx.conf b/recipes-httpd/nginx/files/nginx.conf
index a626e4a..74010f9 100644
--- a/recipes-httpd/nginx/files/nginx.conf
+++ b/recipes-httpd/nginx/files/nginx.conf
@@ -14,6 +14,8 @@
 # Note that a lot of these settings come from the OWASP Secure
 # Configuration guide for nginx
 # https://www.owasp.org/index.php/SCG_WS_nginx
+# and the mozilla security guidelines
+# https://wiki.mozilla.org/Security/Server_Side_TLS
 
 http {
     include       mime.types;
@@ -59,8 +61,7 @@
         ssl_certificate_key  @CERTPATH@/cert.pem;
         ssl_session_timeout  5m;
         ssl_protocols  TLSv1.2;
-        ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH";
-
+        ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
         ssl_prefer_server_ciphers   on;
 
         location / {