diff --git a/ansible/roles/nginx/templates/ssl.conf.j2 b/ansible/roles/nginx/templates/ssl.conf.j2
index 900fe7d..58851db 100644
--- a/ansible/roles/nginx/templates/ssl.conf.j2
+++ b/ansible/roles/nginx/templates/ssl.conf.j2
@@ -1,2 +1,8 @@
-ssl_protocols TLSv1.2 TLSv1.3;
-add_header Strict-Transport-Security max-age=31536000;
+ssl_protocols TLSv1.3;
+add_header Strict-Transport-Security max-age=63072000 always;
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;
+ssl_session_tickets off;
+ssl_prefer_server_ciphers off;
+ssl_stapling on;
+ssl_stapling_verify on;
\ No newline at end of file