TLS 1.2 ciphers were slightly tweaked for attestation.app, grapheneos.org and releases.grapheneos.org and some legacy browsers / other HTTPS clients are no longer supported. TLS 1.3 is also enabled again since the issues encountered with the drafts are now gone.
Conversation
Let me know if you run into any issues with non-ancient software though. I won't be disabling TLS 1.2 for quite some time to preserve some backwards compatibility. I'd like to finally set Must-Staple in the certificate but nginx and apache OCSP stapling are both still broken...