diff --git a/nginx-config/directive/bubbly_rock-hard-ssl.conf b/nginx-config/directive/bubbly_rock-hard-ssl.conf
index 73c03ee..e8d87b0 100644
--- a/nginx-config/directive/bubbly_rock-hard-ssl.conf
+++ b/nginx-config/directive/bubbly_rock-hard-ssl.conf
@@ -32,16 +32,22 @@
 	# Option 1. [DEFAULT] Typically sufficient.
 	ssl_ecdh_curve secp384r1;
 
-	# Option 2. Slightly better with a larger generation.
+	# Option 2. Slightly better.
 	# [WARNING] Slower and breaks some IE on mobiles.
 	#ssl_ecdh_curve secp521r1;
+	
+	# Option 3. Allow either on modern systems.
+	# [WARNING] Only for for nginx >= 1.11.0 and openssl >= 1.0.2
+	#ssl_ecdh_curve secp521r1:secp384r1;
 
 
 	####	Strict Transport Security
 	# [WARNING] Strict-Transport-Security will stop HTTP access for specified time.
 	# [OPTION] Include sub-domains with HSTS.
+	
 	# Option 1. [DEFAULT] Current domain only.
 	add_header Strict-Transport-Security "max-age=31536000" always;
+	
 	# Option 2. includeSubDomains
 	# [WARNING] This will block HTTP access to sub-domains.
 	#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always