diff --git a/roles/xmpp_server/templates/prosody.cfg.lua.j2 b/roles/xmpp_server/templates/prosody.cfg.lua.j2
index 029b32dc9e0e7c53dcd7df5a6b9eaf8cf2985c47..8a2863c73e0b3e7d3d9b3e4fb6790b9cda2d0f16 100644
--- a/roles/xmpp_server/templates/prosody.cfg.lua.j2
+++ b/roles/xmpp_server/templates/prosody.cfg.lua.j2
@@ -40,26 +40,23 @@ modules_enabled = {
 -- For more information see http://prosody.im/doc/creating_accounts
 allow_registration = false;
 
--- These are the SSL/TLS-related settings. If you don't want
--- to use SSL/TLS, you may comment or remove this
-s2s_ssl = {
+-- Set global settings for SSL/TLS.
+ssl = {
   key = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key";
   certificate = "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem";
   dhparam = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem";
 }
 
+-- Configure TLS protocol and ciphers for client-to-server
+-- connections (STARTTLS).
 c2s_ssl = {
-  key = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key";
-  certificate = "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem";
-  dhparam = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem";
   protocol = "{{ xmpp_server_tls_protocol }}";
   ciphers = "{{ xmpp_server_tls_ciphers }}";
 }
 
+-- Configure TLS protocol and ciphers for client-to-server
+-- connections (direct TLS).
 legacy_ssl_ssl = {
-  key = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key";
-  certificate = "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem";
-  dhparam = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem";
   protocol = "{{ xmpp_server_tls_protocol }}";
   ciphers = "{{ xmpp_server_tls_ciphers }}";
 }