fixed conflict

internal/home/home.go

@@ -383,6 +383,7 @@ func initWeb(args options, clientBuildFS fs.FS) (web *Web, err error) {
 		clientBetaFS: clientBetaFS,
 
 		serveHTTP3: config.DNS.ServeHTTP3,
+		tlsCiphers: config.TLS.TLSCiphers,
 	}
 
 	web = newWeb(&webConf)

internal/home/web.go

@@ -57,6 +57,9 @@ type webConfig struct {
 	firstRun bool
 
 	serveHTTP3 bool
+
+	// ciphers specified by user
+	tlsCiphers []string
 }
 
 // httpsServer contains the data for the HTTPS server.
@@ -288,6 +291,14 @@ func (web *Web) tlsServerLoop() {
 
 		web.httpsServer.cond.L.Unlock()
 
+		var cipher []uint16
+
+		if len(web.conf.tlsCiphers) == 0 {
+			cipher = aghtls.SaferCipherSuites()
+		} else {
+			cipher = aghtls.UserPreferredCipherSuites(web.conf.tlsCiphers)
+		}
+
 		addr := netutil.JoinHostPort(web.conf.BindHost.String(), web.conf.PortHTTPS)
 		web.httpsServer.server = &http.Server{
 			ErrorLog: log.StdLog("web: https", log.DEBUG),
@@ -295,7 +306,7 @@ func (web *Web) tlsServerLoop() {
 			TLSConfig: &tls.Config{
 				Certificates: []tls.Certificate{web.httpsServer.cert},
 				RootCAs:      Context.tlsRoots,
-				CipherSuites: aghtls.SaferCipherSuites(),
+				CipherSuites: cipher,
 				MinVersion:   tls.VersionTLS12,
 			},
 			Handler:           withMiddlewares(Context.mux, limitRequestBody),