http {
	...
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+ECDSA+AESGCM:AES128+EECDH:AES128+EDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!ADH";
        ssl_session_cache shared:TLS:20m;
        ssl_stapling on;
        #ssl_stapling_verify on;
        resolver 77.88.8.8 77.88.8.1 8.8.8.8 8.8.4.4 valid=300s;
        resolver_timeout 10s;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options "nosniff";

        ssl_dhparam /etc/ssl/dhparams.pem;
        ssl_certificate /etc/ssl/mydomain.crt;
        ssl_certificate_key /etc/ssl/private/mydomain.key;
	...
}