diff --git a/config.json b/config.json
index 90bed6911..d5f97d658 100644
--- a/config.json
+++ b/config.json
@@ -8,7 +8,20 @@
         "port": 80
       }
     ],
-    "mounts": {}
+    "mounts": {},
+
+    // Ciphers to use.
+    //
+    // These are the default ciphers in Node 4.2.6, we are setting
+    // them explicitly for older Node versions.
+    "ciphers": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA",
+
+    // Tell Node to respect the cipher order.
+    "honorCipherOrder": true,
+
+    // Specify to use at least TLSv1.1.
+    // See: https://github.com/certsimple/minimum-tls-version
+    "secureOptions": 117440512
   },
   "datadir": "/var/lib/xo-server/data",