diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index d902df2..bfeaeee 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -16,6 +16,13 @@
       - certbot
       - nginx
 
+- name: Don’t enable old TLS versions
+  lineinfile:
+    path: /etc/nginx/nginx.conf
+    regex: '(\s+ssl_protocols\s.*)'
+    backrefs: yes
+    line: '#\1'
+
 - name: Create HTTP server directories
   file:
     path: /srv/http/.well-known