diff --git a/templates/reverse_proxy.conf.j2 b/templates/reverse_proxy.conf.j2
index 0f47325..c279ba1 100644
--- a/templates/reverse_proxy.conf.j2
+++ b/templates/reverse_proxy.conf.j2
@@ -1,9 +1,5 @@
 #jinja2: lstrip_blocks: True
 # {{ ansible_managed }}
-
-# generated 2024-03-26, Mozilla Guideline v5.7, nginx 1.22.1, OpenSSL 3.0.11, modern configuration
-# https://ssl-config.mozilla.org/#server=nginx&version=1.22.1&config=modern&openssl=3.0.11&guideline=5.7
-
 {% if item.value.cache is defined %}
 {{ item.value.cache }}
 {% endif %}
@@ -17,25 +13,10 @@ server {
     ssl_certificate_key {{ tls_cert_path }}/{{ item.value.certificate }}.key;
     # verify chain of trust of OCSP response using Root CA and Intermediate certs
     ssl_trusted_certificate {{ tls_cert_path }}/{{ item.value.certificate }}.ca;
-    
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
-    ssl_session_tickets off;
-
-    # modern configuration
-    ssl_protocols TLSv1.3;
-    ssl_prefer_server_ciphers off;
 
     # HSTS (ngx_http_headers_module is required) (63072000 seconds)
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 
-    # OCSP stapling
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    # replace with the IP address of your resolver
-    resolver 127.0.0.1;
-
     # Logs
     access_log /var/log/nginx/{{ item.key }}_access.log;
     error_log /var/log/nginx/{{ item.key }}_error.log warn;
diff --git a/templates/security.conf.j2 b/templates/security.conf.j2
index 9f3a38c..308ea26 100644
--- a/templates/security.conf.j2
+++ b/templates/security.conf.j2
@@ -1,6 +1,23 @@
 #jinja2: lstrip_blocks: True
 # {{ ansible_managed }}
 
+# SSL Settings
+# generated 2025-01-07, Mozilla Guideline v5.7, nginx 1.22.1 (UNSUPPORTED; end-of-life), OpenSSL 3.0.15, modern config
+# https://ssl-config.mozilla.org/#server=nginx&version=1.22.1&config=modern&openssl=3.0.15&guideline=5.7
+# modern configuration
+ssl_protocols TLSv1.3;
+ssl_ecdh_curve X25519:prime256v1:secp384r1;
+ssl_prefer_server_ciphers off;
+
+ssl_session_tickets off;
+
+# OCSP stapling
+ssl_stapling on;
+ssl_stapling_verify on;
+
+# replace with the IP address of your resolver
+resolver 127.0.0.1;
+
 # Rate limiting
 # https://blog.nginx.org/blog/rate-limiting-nginx
 # https://www.techgrube.de/news-und-infos/nginx-rate-limiting-einstellungen-und-funktion