- # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
- #add_header Strict-Transport-Security max-age=15768000;
+ # intermediate configuration
+ # ssl_protocols TLSv1.2 TLSv1.3;
+ # ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ # ssl_prefer_server_ciphers off;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ # add_header Strict-Transport-Security "max-age=63072000" always;