See "cipher_list" in mods-enabled/eap. The string contents are passed directly to OpenSSL. See the OpenSSL documentation for what names to use, and how to format them.
I have cipher_list="ECDHE-ECDSA-AES128-CCM8" and it is the only Cipher Suites listed in the Server Hello portion of the message as captured below. I would like to also reduce the supported Certificate Hash Algorithms reported in the Certificate Request portion of the TLS message. Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 66 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 62 Version: TLS 1.2 (0x0303) Random: 12747cfe9804564023feaacaed5b3d9be5a06c4b2e7943cfa035166f8c2b5312 Session ID Length: 0 Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xc0ae) Compression Method: null (0) Extensions Length: 22 Extension: renegotiation_info (len=1) Type: renegotiation_info (65281) Length: 1 Renegotiation Info extension Extension: max_fragment_length (len=1) Type: max_fragment_length (1) Length: 1 Maximum Fragment Length: 2048 (3) Extension: ec_point_formats (len=4) Type: ec_point_formats (11) Length: 4 EC point formats Length: 3 Elliptic curves point formats (3) EC point format: uncompressed (0) EC point format: ansiX962_compressed_prime (1) EC point format: ansiX962_compressed_char2 (2) Extension: extended_master_secret (len=0) Type: extended_master_secret (23) Length: 0 Thanks, Jim