Is your feature request related to a problem? Please describe.
Puma currently has the ssl_cipher_filter or ssl_cipher_list options to specify allowed SSL ciphers. These options seem to only be passed through to OpenSSL's SSL_CTX_set_cipher_list function, which sets ciphers for TLS1.2 and below. https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_cipher_list.html

There is no way to restrict cipher suites Puma uses for TLS1.3 connections, it always uses the OpenSSL defaults.

Describe the solution you'd like
A new Puma option to pass cipher suites to OpenSSL's SSL_CTX_set_ciphersuites function, which is used to configure TLS1.3 cipher suites.

Describe alternatives you've considered
Potentially the existing options could be used to pass the same cipher config to SSL_CTX_set_ciphersuites, but it's probably preferable to separate them.