diff --git a/ansible/roles/openldap_server/tasks/tls.yaml b/ansible/roles/openldap_server/tasks/tls.yaml
index 1e69df6..30f89a2 100644
--- a/ansible/roles/openldap_server/tasks/tls.yaml
+++ b/ansible/roles/openldap_server/tasks/tls.yaml
@@ -5,6 +5,8 @@
     attributes:
       olcTLSCertificateFile: "{{ ldap_cert_path }}"
       olcTLSCertificateKeyFile: "{{ ldap_key_path }}"
+      olcTLSProtocolMin: "3.3"    # TLS 1.2+
+      olcTLSCipherSuite: HIGH:!aNULL:!MD5
   args:
     server_uri: ldapi:///
     sasl_mech: EXTERNAL