diff --git a/defaults/main.yml b/defaults/main.yml
index 54cd1885..6ac5e89e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -111,9 +111,8 @@ keystone_ssl_enabled: false
 keystone_ssl_cert: /etc/ssl/certs/apache.cert
 keystone_ssl_key: /etc/ssl/private/apache.key
 keystone_ssl_cert_path: /etc/ssl/certs
-keystone_ssl_protocol: "ALL -SSLv2 -SSLv3"
-# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
-keystone_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+keystone_ssl_protocol: "{{ ssl_protocol }}"
+keystone_ssl_cipher_suite: "{{ ssl_cipher_suite }}"
 
 ## Caching
 # If set this will enable dog pile cache for keystone.
diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
index 4597623e..a5fc9ed4 100644
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@@ -18,6 +18,7 @@ WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup pr
     SSLCARevocationPath   {{ keystone_ssl_cert_path }}
     SSLVerifyClient optional
     SSLVerifyDepth 10
+    SSLCompression Off
     SSLProtocol {{ keystone_ssl_protocol }}
     SSLHonorCipherOrder On
     SSLCipherSuite {{ keystone_ssl_cipher_suite }}
@@ -42,6 +43,7 @@ WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup pr
     SSLCARevocationPath   {{ keystone_ssl_cert_path }}
     SSLVerifyClient optional
     SSLVerifyDepth 10
+    SSLCompression Off
     SSLProtocol {{ keystone_ssl_protocol }}
     SSLHonorCipherOrder On
     SSLCipherSuite {{ keystone_ssl_cipher_suite }}