diff --git a/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/30univention-ldap-server_head b/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/30univention-ldap-server_head
index 104cb877aa..2b4cfd11f6 100644
--- a/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/30univention-ldap-server_head
+++ b/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/30univention-ldap-server_head
@@ -8,7 +8,7 @@ TLSCertificateFile	/etc/univention/ssl/@%@hostname@%@.@%@domainname@%@/cert.pem
 TLSCertificateKeyFile	/etc/univention/ssl/@%@hostname@%@.@%@domainname@%@/private.key
 TLSCACertificateFile	/etc/univention/ssl/ucsCA/CAcert.pem
 @!@
-ciphers = configRegistry.get("ldap/tls/ciphersuite", "HIGH:MEDIUM:!aNULL:!MD5:!RC4")
+ciphers = configRegistry.get("ldap/tls/ciphersuite", "NORMAL:-NULL:-MD5:-ARCFOUR-128")
 if ciphers:
 	print 'TLSCipherSuite	%s' % (ciphers,)
 protocol = configRegistry.get("ldap/tls/minprotocol", "3.1")