We added TLSv1.3:

ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; # Include TLSv1.3 if supported
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; # Use Mozilla's generator
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;