diff --git a/rootfs/etc/confd/templates/proftpd.conf.tmpl b/rootfs/etc/confd/templates/proftpd.conf.tmpl
index 016f399..7a443e3 100644
--- a/rootfs/etc/confd/templates/proftpd.conf.tmpl
+++ b/rootfs/etc/confd/templates/proftpd.conf.tmpl
@@ -20,19 +20,16 @@ PassivePorts {{getenv "PASSIVE_LOWER_BOUND"}} {{getenv "PASSIVE_UPPER_BOUND"}}
 
 <IfModule mod_tls.c>
     TLSEngine on
-    TLSProtocol TLSv1.2
+    TLSProtocol {{getenv "TLS_PROTOCOL" "TLSv1.2"}}
     TLSRequired on
 
     TLSRSACertificateFile /etc/ssl/proftp/fullchain.pem
-    TLSRSACertificateKeyFile /etc/ssl/proftp/provkey.pem
-
-    # CA the server trusts
-    TLSCACertificateFile /etc/ftpd/root.cert.pem
+    TLSRSACertificateKeyFile /etc/ssl/proftp/privkey.pem
 
     TLSVerifyClient off
     TLSServerCipherPreference on
     TLSSessionCache internal: 1800
-    TLSCipherSuite AES128+EECDH:AES128+EDH
+    TLSCipherSuite {{getenv "TLS_CIPHERS" "AES128+EECDH:AES128+EDH"}}
 </IfModule>
 
 <IfModule mod_ldap.c>