ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve auto;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

# Prefer stateless session resumption only when you rotate shared ticket keys.
ssl_session_tickets off;