diff --git a/etc/nginx/conf.d/mozModern_ssl.conf b/etc/nginx/conf.d/mozModern_ssl.conf
index cb16e8d..60ea872 100644
--- a/etc/nginx/conf.d/mozModern_ssl.conf
+++ b/etc/nginx/conf.d/mozModern_ssl.conf
@@ -15,9 +15,10 @@ ssl_session_tickets off;
 
 # SSL ciphers
 ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'
+ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
 ssl_prefer_server_ciphers on;
-ssl_early_data on;
+# if your NGINX build supports this and is using TLSv1.3, then enable
+#ssl_early_data on;
 
 # Diffie-Hellman parameter for DHE cipher suites, using 4096 bits
 ssl_dhparam <path/to/your_dhparam.pem>;