diff --git a/src/Socket.cpp b/src/Socket.cpp
index 206ddef2..ad0f918a 100644
--- a/src/Socket.cpp
+++ b/src/Socket.cpp
@@ -30,19 +30,13 @@
 #ifdef HAVE_LIBSSL
 // Copypasted from
 // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
-// at 2018-04-01
+// at 2020-09-24
 static CString ZNC_DefaultCipher() {
-    return "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-"
-           "ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-"
-           "AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-"
-           "SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-"
-           "RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:"
-           "ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-"
-           "SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:"
-           "DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:"
-           "ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:"
-           "AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-"
-           "SHA:DES-CBC3-SHA:!DSS";
+    // This is TLS1.2 only, because TLS1.3 ciphers are probably not configurable here yet
+    return "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"
+           "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:"
+           "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"
+           "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
 }
 #endif
 
diff --git a/src/znc.cpp b/src/znc.cpp
index 481534e5..88a4e688 100644
--- a/src/znc.cpp
+++ b/src/znc.cpp
@@ -59,7 +59,7 @@ CZNC::CZNC()
       m_uiConnectDelay(5),
       m_uiAnonIPLimit(10),
       m_uiMaxBufferSize(500),
-      m_uDisabledSSLProtocols(Csock::EDP_SSL),
+      m_uDisabledSSLProtocols(Csock::EDP_SSL | Csock::EDP_TLSv1 | Csock::EDP_TLSv1_1),
       m_pModules(new CModules),
       m_uBytesRead(0),
       m_uBytesWritten(0),