ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3; # Score=100

# ssl ciphers list
ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED'; # Score=90 (recommended because more compatible)
# ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; # Score=100

# to ensure that the best possible cipher is always included over the weaker ones, chosen from the above order
ssl_prefer_server_ciphers on;


# OCSP stapling
ssl_stapling on; # allow Nginx to send OCSP results during the connection process
ssl_stapling_verify on;
resolver 80.67.169.12 80.67.169.40 valid=300s;
resolver_timeout 10s;

# Speeds things up a little bit when resuming a session
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;