diff --git a/README.md b/README.md
index 99ee069..80c4a20 100644
--- a/README.md
+++ b/README.md
@@ -380,6 +380,7 @@ nginx_http_template:
       dhparam: /etc/ssl/private/dh_param.pem
       protocols: TLSv1 TLSv1.1 TLSv1.2
       ciphers: HIGH:!aNULL:!MD5
+      prefer_server_ciphers: true
       session_cache: none
       session_timeout: 5m
       trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
diff --git a/defaults/main.yml b/defaults/main.yml
index dd183af..c17e075 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -192,6 +192,7 @@ nginx_http_template:
       dhparam: /etc/ssl/private/dh_param.pem
       protocols: TLSv1 TLSv1.1 TLSv1.2
       ciphers: HIGH:!aNULL:!MD5
+      prefer_server_ciphers: true
       session_cache: none
       session_timeout: 5m
       trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2
index e8a71e9..f5922cd 100644
--- a/templates/http/default.conf.j2
+++ b/templates/http/default.conf.j2
@@ -66,6 +66,9 @@ server {
 {% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %}
     ssl_ciphers {{ item.value.ssl.ciphers }};
 {% endif %}
+{% if item.value.ssl.prefer_server_ciphers is defined and item.value.ssl.prefer_server_ciphers %}
+    ssl_prefer_server_ciphers on;
+{% endif %}
 {% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %}
     ssl_session_cache {{ item.value.ssl.session_cache }};
 {% endif %}