diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml
index 5330356..053242f 100644
--- a/roles/apache/tasks/main.yml
+++ b/roles/apache/tasks/main.yml
@@ -50,8 +50,8 @@
     - "/etc/httpd/conf.local.d"
 
 - name: create ssl config
-  copy:
-    src: ssl.conf
+  template:
+    src: ssl.conf.j2
     dest: /etc/httpd/conf.local.d/ssl.conf
     mode: 0644
     owner: root
diff --git a/roles/apache/files/ssl.conf b/roles/apache/templates/ssl.conf.j2
similarity index 74%
rename from roles/apache/files/ssl.conf
rename to roles/apache/templates/ssl.conf.j2
index ff0b186..8f6c0c2 100644
--- a/roles/apache/files/ssl.conf
+++ b/roles/apache/templates/ssl.conf.j2
@@ -7,9 +7,13 @@
 
 Listen 443
 
-# Use Mozilla recommended intermediate settings
+# Use Mozilla recommended settings
+{% if ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8 %}
+SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
+{% else %}
 SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+{% endif %}
 SSLHonorCipherOrder off
 SSLSessionTickets off