diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index e80ee23a7..e7bc505e7 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -333,6 +333,8 @@ sub writeserverconf {
     print CONF "ncp-disable\n";
     print CONF "cipher $sovpnsettings{DCIPHER}\n";
 	print CONF "auth $sovpnsettings{'DAUTH'}\n";
+    # Set TLSv2 as minimum
+    print CONF "tls-version-min 1.2\n";
 
     if ($sovpnsettings{'TLSAUTH'} eq 'on') {
 	print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
@@ -996,6 +998,9 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
     print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
   }
 
+  # Set TLSv1.2 as minimum
+  print SERVERCONF "tls-version-min 1.2\n";
+
   if ($cgiparams{'COMPLZO'} eq 'on') {
    print SERVERCONF "# Enable Compression\n";
    print SERVERCONF "comp-lzo\n";
@@ -1098,6 +1103,9 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
     print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
   }
 
+  # Set TLSv1.2 as minimum
+  print CLIENTCONF "tls-version-min 1.2\n";
+
   if ($cgiparams{'COMPLZO'} eq 'on') {
    print CLIENTCONF "# Enable Compression\n";
    print CLIENTCONF "comp-lzo\n";