my eye

nginx_ssl_params.conf

$def with (dhparam_location)
ssl_protocols              TLSv1.3;
ssl_prefer_server_ciphers  on;
ssl_dhparam                $dhparam_location; 
ssl_ciphers                EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve             secp384r1;
ssl_session_timeout        10m;
ssl_session_cache          shared:SSL:10m;
ssl_session_tickets        off;
ssl_stapling               on;
ssl_stapling_verify        on;
resolver                   8.8.8.8  8.8.4.4  valid=300s;  # TODO drop google
resolver_timeout           5s;
# leave this here for cat'ing over SSH...