Directadmin does not follow the ciphers' order

We can define ciphers in DA via the ssl_cipher variable, but the problem is that DA does not follow the order defined in the string and thus connections are made using weak ciphers when they could use TLS 1.2 per example.

Apache and Dovecot have switches which force them to follow the order, maybe DA could do the same if it doesn't want it to be the default behaviour for some reason?

This is still an issue in 1.454.
We don't want to use SHA if we don't have to, but can't remove it because some users are still on TLS 1.0

Still an issue with 1.46. It would be good to be able to use PFS.