diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index 6cd711e0..5e47aa8b 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -15,26 +15,19 @@ server {
   include /etc/nginx/mime.types;
   charset utf-8;
   override_charset on;
+
   ssl on;
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_protocols TLSv1.2;
+  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
   ssl_prefer_server_ciphers on;
-  ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
-
   add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
+  ssl_session_cache shared:SSL:50m;
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
+  add_header Strict-Transport-Security max-age=15768000;
 
-  #ssl_session_cache shared:SSL:50m;
-  #ssl_session_timeout 1d;
-  #ssl_session_tickets off;
-
-  #add_header X-Frame-Options SAMEORIGIN;
-  #add_header X-Content-Type-Options nosniff;
-  #add_header X-XSS-Protection "1; mode=block";
-  #add_header Referrer-Policy: no-referrer-when-downgrade;
-  #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
-
-  ssl_ecdh_curve secp384r1;
   index index.php index.html;
   include /etc/nginx/conf.d/server_name.active;
   error_log  /var/log/nginx/error.log;