include conf.d/ssl/*.conf;

## lowering from 16k to 4k to improve time-to-first-byte
ssl_buffer_size  4k;

{%- if env.NGX_HTTP_SSL_PROFILE %}
include snip.d/ssl-{{ env.NGX_HTTP_SSL_PROFILE }};
{%- endif %}

{%- if j2cfg.tls.stapling.enable %}
ssl_stapling on;
  {%- if j2cfg.tls.stapling.verify %}
ssl_stapling_verify on;
  {%- else %}
ssl_stapling_verify off;
  {%- endif %}
  {%- if j2cfg.tls.stapling.file %}
ssl_stapling_file {{ j2cfg.tls.stapling.file | ngx_esc }};
  {%- endif %}
  {%- if j2cfg.tls.stapling.responder %}
ssl_stapling_responder {{ j2cfg.tls.stapling.responder | ngx_esc }};
  {%- endif %}
{%- else %}
ssl_stapling off;
{%- endif %}