# SSL Configuration for Custom PHP Framework
# Environment: {{ environment | upper }}

# SSL Protocols and Ciphers
ssl_protocols {{ ssl_protocols | join(' ') }};
ssl_ciphers {{ ssl_ciphers }};
ssl_prefer_server_ciphers {{ ssl_prefer_server_ciphers | ternary('on', 'off') }};

# SSL Session Caching
ssl_session_cache {{ ssl_session_cache }};
ssl_session_timeout {{ ssl_session_timeout }};
ssl_session_tickets {{ ssl_session_tickets | ternary('on', 'off') }};

# OCSP Stapling
ssl_stapling {{ ssl_stapling | ternary('on', 'off') }};
ssl_stapling_verify {{ ssl_stapling_verify | ternary('on', 'off') }};
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

# DH Parameters
ssl_dhparam /etc/ssl/certs/dhparam.pem;

# SSL Security Headers
add_header Strict-Transport-Security "max-age={{ hsts_max_age }}; includeSubDomains; preload" always;

# SSL Buffer Size (performance optimization)
ssl_buffer_size 4k;