blob: 68bcdf0d94f7b1eeae48ae1415ad8adae65cc976 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
# SSL settings
ssl_protocols TLSv1.3 TLSv1.2;
ssl_buffer_size 4K;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve secp521r1:secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:le_nginx_SSL:2m;
ssl_session_tickets off;
ssl_session_timeout 1440m;
# Ciphers
ssl_ciphers 'EECDH+AESGCM:EECDH+AES256:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA';
# Additional headers
add_header Strict-Transport-Security "max-age=63072000" always;
|
