diff --git a/http.go b/http.go
index 32fd62362..c89272619 100644
--- a/http.go
+++ b/http.go
@@ -75,7 +75,19 @@ func (s *Server) ServeHTTP() {
 func (s *Server) ServeHTTPS(ctx context.Context) {
 	addr := s.Opts.HttpsAddress
 
-	config := oscrypto.SecureTLSConfig(&tls.Config{})
+	tlsCipherSuites := []uint16{
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+	}
+	config := oscrypto.SecureTLSConfig(&tls.Config{
+		MinVersion:   tls.VersionTLS12,
+		CipherSuites: tlsCipherSuites,
+	})
+
 	if config.NextProtos == nil {
 		config.NextProtos = []string{"http/1.1"}
 	}