diff --git a/deploy/containers/nginx/conf/nginx.dev.conf b/deploy/containers/nginx/conf/nginx.dev.conf
index 05a2573e92..23719b11b9 100644
--- a/deploy/containers/nginx/conf/nginx.dev.conf
+++ b/deploy/containers/nginx/conf/nginx.dev.conf
@@ -47,8 +47,9 @@ http {
 
         ssl_certificate             /etc/secrets/server.crt;
         ssl_certificate_key         /etc/secrets/server.key;
-        ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
-        ssl_ciphers                 HIGH:!aNULL:!MD5;
+        ssl_protocols               TLSv1.2 TLSv1.3;
+        ssl_ciphers                 ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+        ssl_prefer_server_ciphers   on;
 
         client_max_body_size        50M;
 
diff --git a/deploy/containers/nginx/conf/nginx.k8s.conf b/deploy/containers/nginx/conf/nginx.k8s.conf
index 2d15a1c960..620b3fd3e3 100644
--- a/deploy/containers/nginx/conf/nginx.k8s.conf
+++ b/deploy/containers/nginx/conf/nginx.k8s.conf
@@ -47,8 +47,9 @@ http {
 
         ssl_certificate             /CONSOLE_CERT_PATH/tls.crt;
         ssl_certificate_key         /CONSOLE_CERT_PATH/tls.key;
-        ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
-        ssl_ciphers                 HIGH:!aNULL:!MD5;
+        ssl_protocols               TLSv1.2 TLSv1.3;
+        ssl_ciphers                 ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+        ssl_prefer_server_ciphers   on;
 
         client_max_body_size        50M;