diff --git a/config b/config
index d6b2d2d8..3f59c2ad 100644
--- a/config
+++ b/config
@@ -26,6 +26,10 @@ ssl = False
 certificate = /etc/apache2/ssl/server.crt
 # SSL private key
 key = /etc/apache2/ssl/server.key
+# SSL Protocol used. See python's ssl module for available values
+protocol = PROTOCOL_SSLv23
+# Ciphers available. See python's ssl module for available ciphers
+ciphers =
 # Reverse DNS to resolve client address in logs
 dns_lookup = True
 # Root URL of Radicale (starting and ending with a slash)
diff --git a/radicale/__init__.py b/radicale/__init__.py
index 3c70ab6c..f14f4f3c 100644
--- a/radicale/__init__.py
+++ b/radicale/__init__.py
@@ -98,7 +98,9 @@ class HTTPSServer(HTTPServer):
             server_side=True,
             certfile=config.get("server", "certificate"),
             keyfile=config.get("server", "key"),
-            ssl_version=ssl.PROTOCOL_SSLv23)
+            ssl_version=getattr(ssl, config.get("server", "protocol"),
+                                ssl.PROTOCOL_SSLv23),
+            ciphers=config.get("server", "ciphers") or None)
 
         self.server_bind()
         self.server_activate()
diff --git a/radicale/config.py b/radicale/config.py
index 9cdad823..71d27a8a 100644
--- a/radicale/config.py
+++ b/radicale/config.py
@@ -45,6 +45,8 @@ INITIAL_CONFIG = {
         "ssl": "False",
         "certificate": "/etc/apache2/ssl/server.crt",
         "key": "/etc/apache2/ssl/server.key",
+        "protocol": "PROTOCOL_SSLv23",
+        "ciphers": "",
         "dns_lookup": "True",
         "base_prefix": "/",
         "realm": "Radicale - Password Required"},