$SERVER["socket"] == ":443" {
        ssl.engine   = "enable"

        ssl.pemfile = "/etc/dehydrated/certs/example.com/fullcert.pem"
        ssl.ca-file = "/etc/dehydrated/certs/example.com/fullchain.pem"

        #Disabled during compile time
        #ssl.use-compression = "disable"

        # Environment flag for HTTPS enabled
        setenv.add-environment = (
                "HTTPS" => "on"
        )

        # modern configuration, tweak to your needs
        # Generated by: https://mozilla.github.io/server-side-tls/ssl-config-generator/

        ssl.disable-client-renegotiation = "enable"

        # ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
        ssl.ec-curve = "secp384r1"

        ssl.use-sslv2 = "disable"
        ssl.use-sslv3 = "disable"
        ssl.honor-cipher-order = "enable"
        ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
}