diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index c06557ed..96011133 100644
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c
@@ -2731,6 +2731,7 @@ libwebsocket_create_context(int port, const char *interf,
 
 	SSL_CTX_set_options(context->ssl_ctx, SSL_OP_NO_COMPRESSION);
 	SSL_CTX_set_options(context->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+	SSL_CTX_set_cipher_list(context->ssl_ctx, CIPHERS_LIST_STRING);
 
 	/* client context */
 
@@ -2751,6 +2752,7 @@ libwebsocket_create_context(int port, const char *interf,
 
 		SSL_CTX_set_options(context->ssl_client_ctx, SSL_OP_NO_COMPRESSION);
 		SSL_CTX_set_options(context->ssl_client_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+		SSL_CTX_set_cipher_list(context->ssl_client_ctx, CIPHERS_LIST_STRING);
 
 		/* openssl init for cert verification (for client sockets) */
 		if (!ssl_ca_filepath) {
diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h
index a5a11a7f..baf2a815 100644
--- a/lib/private-libwebsockets.h
+++ b/lib/private-libwebsockets.h
@@ -129,6 +129,7 @@ void debug(const char *format, ...)
 #define LWS_MAX_EXTENSIONS_ACTIVE 10
 #define SPEC_LATEST_SUPPORTED 13
 #define AWAITING_TIMEOUT 5
+#define CIPHERS_LIST_STRING "DEFAULT"
 
 #define MAX_WEBSOCKET_04_KEY_LEN 128
 #define SYSTEM_RANDOM_FILEPATH "/dev/urandom"