14 lines
595 B
Text
14 lines
595 B
Text
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers EECDH+CHACHA20:EECDH+AES;
|
|
ssl_ecdh_curve X25519;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_stapling off;
|
|
ssl_stapling_verify off;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 24h;
|
|
ssl_session_tickets off;
|
|
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
|
keepalive_timeout 300s;
|
|
resolver 127.0.0.53 valid=60s;
|
|
resolver_timeout 10s;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|