To enhance cryptography, you must use the Diffie-Hellman parameter file with a length of at least 4096 bits.
Let’s create a file like this:
openssl dhparam -out /etc/nginx/ssl-dhparams.pem 4096
Will be added to the Nginx config file:
ssl_prefer_server_ciphers on;
ssl_session_cache shared:TLS:2m;
ssl_session_timeout 2m;
ssl_buffer_size 4k;
ssl_dhparam /etc/nginx/ssl-dhparams.pem;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
You can use the following service to check: ssllabs.com