ssl_dhparam /etc/nginx/dhparam.pem; ssl_protocols TLSv1.2 TLSv1.3; # Score=100 # ssl ciphers list ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED'; # Score=90 (recommended because more compatible) # ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; # Score=100 # to ensure that the best possible cipher is always included over the weaker ones, chosen from the above order ssl_prefer_server_ciphers on; # OCSP stapling ssl_stapling on; # allow Nginx to send OCSP results during the connection process ssl_stapling_verify on; resolver 80.67.169.12 80.67.169.40 valid=300s; resolver_timeout 10s; # Speeds things up a little bit when resuming a session ssl_session_timeout 5m; ssl_session_cache shared:SSL:5m;