## Managed by Ansible ##

# Configure SSL
    ssl_ciphers "{{ nginx_ssl_ciphers }}";
    ssl_protocols {{ nginx_ssl_protocols }};
    ssl_prefer_server_ciphers off;
    ssl_early_data on;
    ssl_dhparam {{ nginx_ssl_dhparam }};
# OCSP Stapling fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001];
# SSL session handling
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;
    ssl_buffer_size 4k;