diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index 0d58eeeb7..f4502d950 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -67,9 +67,16 @@ http {
 	}
 
 	server {
-		listen 443 default_server;
+		listen 443 ssl http2 default_server;
 		server_name _;
 		return 301 https://{{ url_base }}$request_uri;
+
+		ssl_certificate "/etc/pki/nginx/server.crt";
+		ssl_certificate_key "/etc/pki/nginx/server.key";
+		ssl_session_cache shared:SSL:1m;
+		ssl_session_timeout  10m;
+		ssl_ciphers HIGH:!aNULL:!MD5;
+		ssl_prefer_server_ciphers on;
 	}
 
 	server {