# SSL configuration by @konklone at https://gist.github.com/konklone/6532544
# 1) prefer certain ciphersuites, to enforce Perfect Forward Secrecy and avoid known vulnerabilities. http://ggramaize.wordpress.com/2013/08/02/tls-perfect-forward-secrecy-support-with-apache/ and https://www.ssllabs.com/ssltest/analyze.html
# 2) turn on session resumption, using a 10 min cache shared across nginx processes, as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html
ssl_session_cacheshared:SSL:10m;
ssl_session_timeout10m;
keepalive_timeout70;
# We'll expose the same static directory under https.