diff --git a/inventory/group_vars/webservers.yml b/inventory/group_vars/webservers.yml
index ae8a1f4..732d161 100644
--- a/inventory/group_vars/webservers.yml
+++ b/inventory/group_vars/webservers.yml
@@ -1,3 +1,4 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
backups_outdir: "/cold/backups"
+ssl_cipher_suite: "!SHA1:!SHA256:!SHA384"
diff --git a/roles/dokuwiki/templates/apache2-vhost-ssl.conf b/roles/dokuwiki/templates/apache2-vhost-ssl.conf
index 0f8936c..4b100fd 100644
--- a/roles/dokuwiki/templates/apache2-vhost-ssl.conf
+++ b/roles/dokuwiki/templates/apache2-vhost-ssl.conf
@@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ dokuwiki_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ dokuwiki_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ dokuwiki_url}}-fullchain.crt
+ SSLCipherSuite {{ ssl_cipher_suite }}
\
SSLOptions +StdEnvVars
diff --git a/roles/gitea/templates/apache2-vhost-ssl.conf b/roles/gitea/templates/apache2-vhost-ssl.conf
index aeaf894..5f7e5ae 100644
--- a/roles/gitea/templates/apache2-vhost-ssl.conf
+++ b/roles/gitea/templates/apache2-vhost-ssl.conf
@@ -16,6 +16,7 @@ SSLProxyEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt
+ SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ gitea_url }}
DocumentRoot {{ gitea_webroot }}
diff --git a/roles/gitlab/templates/apache2-vhost-ssl.conf b/roles/gitlab/templates/apache2-vhost-ssl.conf
index 879b1b3..f6a9c0d 100644
--- a/roles/gitlab/templates/apache2-vhost-ssl.conf
+++ b/roles/gitlab/templates/apache2-vhost-ssl.conf
@@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt
+ SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ gitlab_url }}
DocumentRoot {{ gitlab_webroot }}
diff --git a/roles/gitweb/templates/apache2-vhost-ssl.conf b/roles/gitweb/templates/apache2-vhost-ssl.conf
index c3e444b..9fee433 100644
--- a/roles/gitweb/templates/apache2-vhost-ssl.conf
+++ b/roles/gitweb/templates/apache2-vhost-ssl.conf
@@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ gitweb_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitweb_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitweb_url}}-fullchain.crt
+ SSLCipherSuite {{ ssl_cipher_suite }}
\
SSLOptions +StdEnvVars
diff --git a/roles/nextcloud/templates/apache2-vhost-ssl.conf b/roles/nextcloud/templates/apache2-vhost-ssl.conf
index cc2d51c..09aeae5 100644
--- a/roles/nextcloud/templates/apache2-vhost-ssl.conf
+++ b/roles/nextcloud/templates/apache2-vhost-ssl.conf
@@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt
+ SSLCipherSuite {{ ssl_cipher_suite }}
\
SSLOptions +StdEnvVars