ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;<!--

✘ SSLProfileModern --><span ng-if="!isSSLProfileModern()">

# Diffie-Hellman parameter for DHE ciphersuites
ssl_dhparam /etc/nginx/dhparam.pem;</span>

# {{ data.ssl_profile }} configuration
ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols }};
ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers }};
ssl_prefer_server_ciphers on;<!--

✔ HSTS--><span ng-if="isHSTS()">

# HSTS (1 year, preload)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;</span>

# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;

resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 2s;