# {{ ansible_managed }}
# certificate settings
ssl_certificate_key /etc/pki/tls/private/my-private.key;
ssl_certificate /etc/pki/tls/certs/my-chained.crt;

ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/pki/tls/certs/my-intermediate.crt;

ssl_prefer_server_ciphers on;
ssl_dhparam {{ dhparam_file }};