Configuration to get an A+ on the Qualys SSL Labs test with fast performing and low overhead SSL ciphers. Works in combination with nginx 1.9.8 full and OpenSSL v1.0.2d.

nginx-ssl.conf

#NOTES
#	http2 works only if you compiled nginx with "--with-http_v2_module"!
#	If you need help on compiling nginx with http2 please refer to this link
#	https://www.m00nie.com/2015/01/install-nginx-and-pagespeed/
	
	#www to root redirect
	server {
		listen	80;
		listen	[::]:80;
		listen	443 ssl http2;
		listen	[::]:443 ssl http2;
		server_name    www.example.com; #Edit
		rewrite ^(.*) https://example.com$1 permanent; #Edit
		
		add_header Strict-Transport-Security max-age=15768000; #6Months of HSTS
		add_header Public-Key-Pins 'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000;'; #2Months of HPKP
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
		ssl_buffer_size 8k;
		ssl_prefer_server_ciphers on;
		ssl_session_cache shared:SSL:50m;
		ssl_session_timeout 30m;
		
		ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; #Edit
		ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; #Edit
		
		ssl_dhparam /pat/to/dhparams.pem; #Edit
		ssl_stapling on;
		resolver 8.8.8.8;
		ssl_stapling_verify on;
		ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; #Edit
    }
	#http to https
	server {
		listen	80;
		listen	[::]:80;
		server_name    example.com; #Edit
		rewrite ^(.*) https://example.com$1 permanent; #Edit
    }
	
	#Main
	server {
		listen		 443 ssl http2;
		listen		 [::]:443 ssl http2;
        server_name  example.com; #Edit
		#------SSL Start------#
		add_header Strict-Transport-Security max-age=15768000; #6Months of HSTS
		add_header Public-Key-Pins 'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000;'; #2Months of HPKP
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
		ssl_buffer_size 8k;
		ssl_prefer_server_ciphers on;
		ssl_session_cache shared:SSL:50m;
		ssl_session_timeout 30m;
		
		ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; #Edit
		ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; #Edit
		
		ssl_dhparam /path/to/dhparams.pem; #Edit
		
		ssl_stapling on;
		resolver 8.8.8.8;
		ssl_stapling_verify on;
		ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; #Edit
		#------SSL End------#
		
		#------GZIP Start------#
		#GZIP Compression
		gzip  on;
		gzip_comp_level 6;
		gzip_vary on;
		gzip_min_length 256;
		gzip_buffers 4 32k;
		gzip_proxied expired no-cache no-store private auth;
		gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
		gzip_disable "MSIE [1-6]\.";
		#------GZIP End------#
		 

		#Root Folder
		root   html;
		
        location / {
            index  index.php index.html;
        }
		
		#Static Files Caching
		location ~ \.(css|htc|less|js|js2|js3|js4)$ {
			expires 31536000s;
			add_header Pragma "public";
			add_header Cache-Control "max-age=31536000, public";
		}
		location ~ \.php$ {
			try_files $uri =404;
			fastcgi_pass  127.0.0.1:90000;
			fastcgi_index index.php;
			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
			include /path/to/nginx/fastcgi_param; #Edit
		}
	}