docker-automatic-nginx-letsencrypt/extra/ssl.conf

# Values here are based on Mozilla's "Modern compatibility" configuration.
# https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
#
# NB: This configuration severely limits older browsers and configurations.
# Specifically, the following are the oldest supported versions:
#
#  * Firefox 27
#  * Chrome 30
#  * IE 11 on Windows 7
#  * Edge
#  * Opera 17
#  * Safari 9
#  * Android 5.0
#  * Java 8 
#
# Older browsers or platforms won't be able to negotiate a connection.

http {

    ssl_protocols               TLSv1.2;
    ssl_ciphers                 "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
    ssl_prefer_server_ciphers   on;
    ssl_session_timeout         1d;
    ssl_session_cache           shared:SSL:50m;
    ssl_session_tickets         off;
    ssl_stapling                on;
    ssl_stapling_verify         on;
    resolver                    8.8.8.8;

}