diff --git a/roles/totpcgi/files/totpcgi-httpd.conf b/roles/totpcgi/files/totpcgi-httpd.conf
index bfcaca319c..caa1c6767f 100644
--- a/roles/totpcgi/files/totpcgi-httpd.conf
+++ b/roles/totpcgi/files/totpcgi-httpd.conf
@@ -21,6 +21,9 @@ Listen 8443
 	SSLCertificateFile /etc/pki/totpcgi/totpcgi-server.crt
 	SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server.key
 	SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
+        SSLHonorCipherOrder On
+        SSLCipherSuite {{ ssl_ciphers }}
+        SSLProtocol {{ ssl_protocols }}
 
 	SSLVerifyClient require
 	SSLVerifyDepth 10
diff --git a/roles/totpcgi/files/totpcgi-httpd.conf.vpn b/roles/totpcgi/files/totpcgi-httpd.conf.vpn
index 55ff5b088e..eb88528e3f 100644
--- a/roles/totpcgi/files/totpcgi-httpd.conf.vpn
+++ b/roles/totpcgi/files/totpcgi-httpd.conf.vpn
@@ -20,6 +20,9 @@
 	SSLCertificateFile /etc/pki/totpcgi/totpcgi-server-vpn.crt
 	SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server-vpn.key
 	SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
+        SSLHonorCipherOrder On
+        SSLCipherSuite {{ ssl_ciphers }}
+        SSLProtocol {{ ssl_protocols }}
 
 	SSLVerifyClient require
 	SSLVerifyDepth 10