nginx_ssl_params.conf
$def with (dhparam_location) ssl_protocols TLSv1.3; ssl_prefer_server_ciphers on; ssl_dhparam $dhparam_location; ssl_ciphers EECDH+AESGCM:EDH+AESGCM; ssl_ecdh_curve secp384r1; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; # TODO drop google resolver_timeout 5s; # leave this here for cat'ing over SSH... |