roles/nginx: Templatize SSL parameters using role defaults

Signed-off-by: Alan Orth <alan.orth@gmail.com>

roles/nginx/defaults/main.yml

@@ -7,8 +7,19 @@ nginx_confd_path: /etc/nginx/conf.d
 # parent directory of vhost roots
 nginx_root_prefix: /var/www
 
-# TLS protocol versions to support
-nginx_tls_protocols: TLSv1 TLSv1.1 TLSv1.2
+# 1 hour timeout
+nginx_ssl_session_timeout: 1h
+# 10MB -> 40,000 sessions
+nginx_ssl_session_cache: shared:SSL:10m
+# 1400 bytes to fit in one MTU (default is 16k!)
+nginx_ssl_buffer_size: 1400
+nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
+nginx_ssl_protocols: 'TLSv1 TLSv1.1 TLSv1.2'
+nginx_spdy_headers_comp: 6
+
+# Enable HTTP Strict Transport Security?
+# True on production, False on development!
+nginx_enable_hsts: True
 
 # TLS key directory
 tls_key_dir: /etc/ssl/private