Nginx should accept ECDSA certificates
Problem to solve
The default conf of Nginx should accept ECDSA certificates, like it accepts RSA certs.
Further details
By default the list of ciphers contains only "RSA-capable" ones. So when launching Gitlab with an ECDSA cert no https connection is possible.
Proposal
With the addition these new ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384
(non exhaustive, replace all occurences of "RSA" by "ECDSA"), Nginx can handle proper https connection for both RSA and ECDSA certs.
No regression has to be expected as Nginx (Openssl) picks the right ciphers. It's one thing less to remind when administrating a Gitlab server with EC and not the more common RSA certificate.
Links / references
Gitlab docker version: 11.1.4-ce.0
https://blog.cloudflare.com/ecdsa-the-digital-signature-algorithm-of-a-better-internet/
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility