# Disable TLS1.0 and TLS1.1 and Enable TLS1.3 on your vServer
set ssl vserver nsgw-vsrv-gateway.domain.pit -tls1 DISABLED -tls11 DISABLED -tls13 ENABLED

# Create new Cipher group

add ssl cipher CIPHER-PIT-AEAD
bind ssl cipher CIPHER-PIT-AEAD -cipherName TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256 -cipherPriority 1
bind ssl cipher CIPHER-PIT-AEAD -cipherName TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384 -cipherPriority 2
bind ssl cipher CIPHER-PIT-AEAD -cipherName TLS1.2-ECDHE-ECDSA-AES128-SHA256 -cipherPriority 3
bind ssl cipher CIPHER-PIT-AEAD -cipherName TLS1.2-ECDHE-ECDSA-AES256-SHA384 -cipherPriority 4
bind ssl cipher CIPHER-PIT-AEAD -cipherName TLS1.3-AES256-GCM-SHA384 -cipherPriority 5
bind ssl cipher CIPHER-PIT-AEAD -cipherName TLS1.3-AES128-GCM-SHA256 -cipherPriority 6
bind ssl cipher CIPHER-PIT-AEAD -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384 -cipherPriority 7
bind ssl cipher CIPHER-PIT-AEAD -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256 -cipherPriority 8
bind ssl cipher CIPHER-PIT-AEAD -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384 -cipherPriority 9
bind ssl cipher CIPHER-PIT-AEAD -cipherName TLS1.2-DHE-RSA-AES128-GCM-SHA256 -cipherPriority 10

# Replace the old Cipher group with the new created
unbind ssl vserver nsgw-vsrv-gateway.domain.pit -cipherName CIPHER-PIT
bind ssl vserver nsgw-vsrv-gateway.domain.pit -cipherName CIPHER-PIT-AEAD