diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
index 4487e4e4506dfb224e99de4dc607eb0d4cb188b9..978139174fda1702c883093dd33b57b4fc2ce45b 100644
--- a/server/conf/nginx_vhost.conf.master
+++ b/server/conf/nginx_vhost.conf.master
@@ -18,7 +18,7 @@ server {
         listen <tmpl_var name='ip_address'>:<tmpl_var name='proxy_protocol_https'> ssl proxy_protocol;
 </tmpl_if>
 </tmpl_if>
-		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+		ssl_protocols TLSv1.2;
 		# ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
 		# ssl_prefer_server_ciphers on;
 <tmpl_if name='ipv6_enabled'>
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index f6ad4b830f34f16cf17624045858573af3e6351d..0612c13f7f0009a3094c280fcf3678f031556868 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -52,7 +52,7 @@
 <tmpl_if name='ssl_enabled'>
 <tmpl_if name='enable_http2' op='==' value='y'>
 		Protocols h2 http/1.1
-		SSLProtocol All -SSLv2 -SSLv3
+		SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 		SSLCipherSuite 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS'
 </tmpl_if>
 </tmpl_if>
@@ -79,7 +79,7 @@
 		<IfModule mod_ssl.c>
 <tmpl_if name='ssl_enabled'>
 		SSLEngine on
-		SSLProtocol All -SSLv2 -SSLv3
+		SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 		# SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
 		SSLHonorCipherOrder     on
 		# <IfModule mod_headers.c>