diff --git a/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2 b/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2
index cc323a39..940af0e2 100644
--- a/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2
+++ b/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2
@@ -10,6 +10,10 @@ ssl_certificate_key {{ ssl_certificate_key_path }};
 # http://nginx.org/en/docs/http/configuring_https_servers.html
 ssl_prefer_server_ciphers on;
 
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+
+
 # HTTP Strict Transport Security (HSTS)
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;