diff --git a/README.md b/README.md
index 6190259..e48b0ea 100644
--- a/README.md
+++ b/README.md
@@ -131,6 +131,9 @@ nginx_ssl_local_path: /home/yourname/dev/testproject/secrets
 nginx_ssl_cert_name: sslcert.crt
 nginx_ssl_key_name: sslkey.key
 
+# Whicb SSL protocols should we support?
+nginx_ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2"
+
 # The amount in seconds to cache apt-update.
 apt_cache_valid_time: 86400
 
diff --git a/defaults/main.yml b/defaults/main.yml
index a90456f..e162a05 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -49,5 +49,6 @@ nginx_ssl_manage_certs: true
 nginx_ssl_local_path: /home/yourname/dev/testproject/secrets
 nginx_ssl_cert_name: sslcert.crt
 nginx_ssl_key_name: sslkey.key
+nginx_ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2"
 
 apt_cache_valid_time: 86400
diff --git a/templates/nginx_sites-available.conf.j2 b/templates/nginx_sites-available.conf.j2
index 4956c58..722971b 100644
--- a/templates/nginx_sites-available.conf.j2
+++ b/templates/nginx_sites-available.conf.j2
@@ -42,7 +42,7 @@ server {
   ssl_session_cache {{ nginx_ssl_session_cache }};
   ssl_session_timeout {{ nginx_ssl_session_timeout }};
   ssl_prefer_server_ciphers on;
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_protocols {{ nginx_ssl_protocols }};
   ssl_ciphers {{ nginx_ssl_ciphers }};
   ssl_ecdh_curve {{ nginx_ssl_ecdh_curve }};
   add_header Strict-Transport-Security $sts;