diff --git a/auth_server/main.go b/auth_server/main.go
index 98407545..9a229de0 100644
--- a/auth_server/main.go
+++ b/auth_server/main.go
@@ -64,9 +64,7 @@ func ServeOnce(c *server.Config, cf string) (*server.AuthServer, *http.Server) {
 		glog.Exitf("Failed to create auth server: %s", err)
 	}
 
-	tlsConfig := &tls.Config{
-		PreferServerCipherSuites: true,
-	}
+	tlsConfig := &tls.Config{}
 	if c.Server.HSTS {
 		glog.Info("HTTP Strict Transport Security enabled")
 	}
@@ -101,6 +99,10 @@ func ServeOnce(c *server.Config, cf string) (*server.AuthServer, *http.Server) {
 		}
 		tlsConfig.CipherSuites = values
 		glog.Infof("TLS CipherSuites: %s", c.Server.TLSCipherSuites)
+	} else {
+		for _, s := range tls.CipherSuites() {
+			tlsConfig.CipherSuites = append(tlsConfig.CipherSuites, s.ID)
+		}
 	}
 	if c.Server.CertFile != "" || c.Server.KeyFile != "" {
 		// Check for partial configuration.