diff --git a/assets/runtime/config/nginx/gitlab-ssl b/assets/runtime/config/nginx/gitlab-ssl
index 830b33b4..60ed584d 100644
--- a/assets/runtime/config/nginx/gitlab-ssl
+++ b/assets/runtime/config/nginx/gitlab-ssl
@@ -55,7 +55,7 @@ server {
   ssl_client_certificate {{SSL_CA_CERTIFICATES_PATH}};
 
   # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
-  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+  ssl_ciphers "{{SSL_CIPHERS}}";
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults
index 741ef862..99a2f272 100644
--- a/assets/runtime/env-defaults
+++ b/assets/runtime/env-defaults
@@ -130,6 +130,7 @@ SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-$GITLAB_DATA_DIR/certs/gitlab.crt}
 SSL_KEY_PATH=${SSL_KEY_PATH:-$GITLAB_DATA_DIR/certs/gitlab.key}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-$GITLAB_DATA_DIR/certs/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
+SSL_CIPHERS=${SSL_CIPHERS:-'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'}
 
 SSL_REGISTRY_KEY_PATH=${SSL_REGISTRY_KEY_PATH:-$GITLAB_DATA_DIR/certs/registry.key}
 SSL_REGISTRY_CERT_PATH=${SSL_REGISTRY_CERT_PATH:-$GITLAB_DATA_DIR/certs/registry.crt}
diff --git a/assets/runtime/functions b/assets/runtime/functions
index 673c98ae..508b76da 100644
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@@ -851,7 +851,8 @@ nginx_configure_gitlab_ssl() {
       SSL_KEY_PATH \
       SSL_DHPARAM_PATH \
       SSL_VERIFY_CLIENT \
-      SSL_CA_CERTIFICATES_PATH
+      SSL_CA_CERTIFICATES_PATH \
+      SSL_CIPHERS
   fi
 }