diff --git a/ejabberd/templates/ejabberd.yml.erb b/ejabberd/templates/ejabberd.yml.erb
index 984be7d..33e0b8d 100644
--- a/ejabberd/templates/ejabberd.yml.erb
+++ b/ejabberd/templates/ejabberd.yml.erb
@@ -18,6 +18,10 @@ listen:
     access: c2s
     starttls_required: true
     certfile: "/etc/ejabberd/ejabberd.pem"
+    ciphers: "<%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>"
+    protocol_options:
+      - "no_sslv2"
+      - "no_sslv3"
   -
 <% if @ipaddress6 -%>
     ip: "::"
@@ -29,6 +33,10 @@ listen:
     access: c2s
     tls: true
     certfile: "/etc/ejabberd/ejabberd.pem"
+    ciphers: "<%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>"
+    protocol_options:
+      - "no_sslv2"
+      - "no_sslv3"
   -
 <% if @ipaddress6 -%>
     ip: "::"
@@ -57,6 +65,10 @@ listen:
 s2s_access: s2s
 s2s_certfile: "/etc/ejabberd/ejabberd.pem"
 s2s_use_starttls: required
+s2s_ciphers: "<%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>"
+s2s_protocol_options:
+  - "no_sslv2"
+  - "no_sslv3"
 
 <% if @auth.is_a?(Array) -%>
 auth_method: