# Values here are based on Mozilla's "Modern compatibility" configuration.
# https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
#
# NB: This configuration severely limits older browsers and configurations.
# Specifically, the following are the oldest supported versions:
#
#  * Firefox 27
#  * Chrome 30
#  * IE 11 on Windows 7
#  * Edge
#  * Opera 17
#  * Safari 9
#  * Android 5.0
#  * Java 8 
#
# Older browsers or platforms won't be able to negotiate a connection.

ssl_protocols               TLSv1.2;
ssl_ciphers                 "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
ssl_prefer_server_ciphers   on;
ssl_session_timeout         1d;
ssl_session_cache           shared:SSL:50m;
ssl_session_tickets         off;
ssl_stapling                on;
ssl_stapling_verify         on;
resolver                    8.8.8.8;