diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index 722045477660eaeaa4ff8902dae4efb044bf2f59..c29116e11b72fde2554f250fdf5bdf2131e20255 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -1390,11 +1390,11 @@ Parameters
   List of TLS protocols the web server should support. Each value specified
   should be compatible with Nginx configuration option ``ssl_protocols``.
 
-**web_server_tls_ciphers** (string, optional ``DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT``)
+**web_server_tls_ciphers** (string, optional, ``DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:!aNULL:!MD5:!EXPORT``)
   TLS ciphers to enable on the web server. This should be an OpenSSL-compatible
   cipher specification. Value should be compatible with Nginx configuration
   option ``ssl_ciphers``. Default value allows only TLSv1.2 and strong PFS
-  ciphers.
+  ciphers with RSA private keys.
 
 
 Distribution compatibility