Having the browser set to TLS 1.2 and 1.3 and limited to these strong cipher suites:
the connection with gitlab.labs.nic.cz fails:
Secure Connection Failed
An error occurred during a connection to gitlab.labs.nic.cz. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Thus would appreciate that when the certificates gets renewed there would be support for those cipher suites.