diff --git a/README.md b/README.md
index 3a93425..3eef771 100644
--- a/README.md
+++ b/README.md
@@ -40,6 +40,14 @@ Noch ein paar Zusatzpakete:
 # yum install tcpdump -y
 # yum install python3-bcrypt -y
 # yum install tar -y
+
+
+Firewalld disablen (WICHTIG!!!)
+# systemctl disable --now firewalld
+
+Tiefere Sicherheitsstufe, siehe https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
+
+# update-crypto-policies --set LEGACY
 ```
 
 Wegen Entropy:
diff --git a/config/server.conf b/config/server.conf
index bc1524e..e2a6608 100644
--- a/config/server.conf
+++ b/config/server.conf
@@ -9,7 +9,10 @@ script-security 3
 writepid /var/run/openvpn-server/myopenvpn.pid
 
 ; ciphers
-tls-cipher "DEFAULT"
+tls-cipher "DEFAULT:@SECLEVEL=0"
+tls-version-min 1.0
+providers legacy default
+data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC
 
 ; tunnel configuration
 dev tap0