diff --git a/roles/ldap_server/tasks/main.yml b/roles/ldap_server/tasks/main.yml
index cda8c4c0906f86816d2dc40d0a51463d3d497b72..7b8787fde3ea0779f36bcba07bc815a2390a7c10 100644
--- a/roles/ldap_server/tasks/main.yml
+++ b/roles/ldap_server/tasks/main.yml
@@ -60,8 +60,9 @@
   notify:
     - Restart slapd
 
-- name: Configure TLS for slapd
+- name: Configure TLS for slapd (includes hardening)
   ldap_entry: dn=cn=config state=replace olcTLSCertificateFile="/etc/ssl/certs/{{ ldap_server_tls_certificate | basename }}" olcTLSCertificateKeyFile="/etc/ssl/private/{{ ldap_server_tls_key | basename }}"
+              olcTLSCipherSuite="NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL"
   notify:
     - Restart slapd