diff --git a/roles/xmpp_server/defaults/main.yml b/roles/xmpp_server/defaults/main.yml
index 3521fcc4d3dc666289d9432b2d9ee9084f0d64b1..74eee3909cbb4cf55f31ddf44204da19217f8af1 100644
--- a/roles/xmpp_server/defaults/main.yml
+++ b/roles/xmpp_server/defaults/main.yml
@@ -4,3 +4,12 @@ enable_backup: false
 xmpp_domains:
   - "{{ ansible_domain }}"
 xmpp_prosody_package: "prosody-0.10"
+xmpp_server_tls_protocol: "tlsv1_2+"
+xmpp_server_tls_ciphers: "\
+DHE-RSA-AES128-GCM-SHA256:\
+DHE-RSA-AES256-GCM-SHA384:\
+DHE-RSA-CHACHA20-POLY1305:\
+ECDHE-RSA-AES128-GCM-SHA256:\
+ECDHE-RSA-AES256-GCM-SHA384:\
+ECDHE-RSA-CHACHA20-POLY1305:\
+!aNULL:!MD5:!EXPORT"