To comply with upcoming standards (PCI DSS) a default installation of nginx
should only support TLS 1.1 and above (1.2 recommended / strongly encouraged):

[0]
https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

> 30 June 2018 is the deadline for disabling SSL/early TLS and implementing a 
> more secure encryption protocol ��� TLS 1.1 or higher (TLS v1.2 is strongly
> encouraged) in order to meet the PCI Data Security Standard (PCI DSS) for
> safeguarding payment data.

For some more details refer to [1]
https://bugzilla.suse.com/show_bug.cgi?id=1086764

Therefore the default should be changed in /etc/lighttpd/lighttpd.conf

[2] https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL

Configuration
======================
ssl.openssl.ssl-conf-cmd     specify openssl config commands (e.g. ("Protocol"
=> "-ALL, TLSv1.2") restricts protocol to only TLS 1.2) (since 1.4.48) (commit
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/c09acbeb8a030942d9825b3d0dd01c84e0a0b919)
======================

lighttpd version 1.4.48 is in openSUSE Tumbleweed and openSUSE Leap 15 only:
https://software.opensuse.org/package/lighttpd


Something to be like this in 'SSL Support' section of
/etc/lighttpd/lighttpd.conf file:
============================
# Allow TLS version 1.2 only, which is a recommended default these days
# by international information security standards.
#ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1.2")
============================


See also:
=============
[3] https://bugzilla.suse.com/show_bug.cgi?id=1086854 (Change default TLS
configuration of apache2 for better security out-of-the-box)

[4] https://bugzilla.suse.com/show_bug.cgi?id=1086855 (Change default TLS
configuration of nginx for better security out-of-the-box)