diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp
index fdbba6e..4d9d2e2 100644
--- a/ldap/manifests/init.pp
+++ b/ldap/manifests/init.pp
@@ -354,6 +354,7 @@ class ldap::client::ruby {
 class ldap::server {
 
     require ssl
+    include ssl::ciphersuites
 
     if !$ldap_server_key {
         $ldap_server_key = "${puppet_ssldir}/private_keys/${homename}.pem"
diff --git a/ldap/templates/slapd.conf.erb b/ldap/templates/slapd.conf.erb
index 7c1d95e..e553500 100644
--- a/ldap/templates/slapd.conf.erb
+++ b/ldap/templates/slapd.conf.erb
@@ -43,6 +43,8 @@ TLSCertificateFile	<%= scope.lookupvar('ssl::certs') %>/slapd.crt
 TLSCertificateKeyFile	<%= scope.lookupvar('ssl::private') %>/slapd.key
 TLSCACertificatePath	<%= scope.lookupvar('ldap::server::config') %>/cacerts
 TLSVerifyClient		try
+TLSCipherSuite		<%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>
+TLSProtocolMin		3.1
 
 # include database configs
 include		<%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/database.conf