listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate      /etc/nginx/ssl/geoadmin.yandex-team.ru.crt;
ssl_certificate_key  /etc/nginx/ssl/geoadmin.yandex-team.ru.key;

ssl_dhparam         /etc/nginx/ssl/dhparam.pem; # генерируется командой openssl dhparam 2048
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
ssl_session_cache    shared:SSL:64m;
ssl_session_timeout  28h;
