Allow client to choose cipher order with TLSv1.3 only, using nginx

With TLSv1.3 having no “bad” cipher suites and downgrade protection, it makes sense to allow clients to choose the cipher suite, especially given the enormous advantage Chacha20-Poly1305 has over AES on low-powered hardware. This is of course in contrast to the situation with TLSv1.2 and earlier, where there are bad suites and no downgrade protection,…