#
# {{ ansible_managed }}
#

ssl_ciphers "AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
{% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
ssl_stapling on;
ssl_stapling_verify on;
{% endif %}
resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
resolver_timeout {{ nginx_resolver_timeout }};
ssl_dhparam {{ nginx_dh_path }};

# vim:filetype=nginx