SSL/TLS configuration in Nginx enables HTTPS by listening on port 443 with the ssl parameter and specifying paths to the SSL certificate (public key) and certificate key (private key). The http2 parameter enables HTTP/2 protocol support, which provides performance improvements through multiplexing, header compression, and server push capabilities. Certificates can be obtained from Certificate Authorities like Let's Encrypt, which provides free automated certificates.

Security configuration requires explicitly defining allowed protocols and cipher suites. The ssl_protocols directive should disable outdated protocols like SSLv3, TLSv1.0, and TLSv1.1, supporting only TLSv1.2 and TLSv1.3 for modern security. The ssl_ciphers directive specifies allowed encryption algorithms, with HIGH selecting strong ciphers and !aNULL:!MD5 excluding weak ones. The ssl_prefer_server_ciphers on directive ensures the server's cipher preference order is used rather than the client's.

Performance optimization uses session caching to reduce SSL handshake overhead. The ssl_session_cache shared:SSL:10m directive creates a 10MB shared memory zone for caching SSL sessions across worker processes, while ssl_session_timeout defines how long cached sessions remain valid. A separate server block listening on port 80 performs HTTP to HTTPS redirection using return 301, ensuring all traffic uses encrypted connections. The $host and $request_uri variables preserve the destination URL during redirection.