diff --git a/internal/ftpd/server.go b/internal/ftpd/server.go
index eeac46a3..317a4741 100644
--- a/internal/ftpd/server.go
+++ b/internal/ftpd/server.go
@@ -302,10 +302,9 @@ func (s *Server) buildTLSConfig() {
 			certID = s.binding.GetAddress()
 		}
 		s.tlsConfig = &tls.Config{
-			GetCertificate:           certMgr.GetCertificateFunc(certID),
-			MinVersion:               util.GetTLSVersion(s.binding.MinTLSVersion),
-			CipherSuites:             s.binding.ciphers,
-			PreferServerCipherSuites: true,
+			GetCertificate: certMgr.GetCertificateFunc(certID),
+			MinVersion:     util.GetTLSVersion(s.binding.MinTLSVersion),
+			CipherSuites:   s.binding.ciphers,
 		}
 		logger.Debug(logSender, "", "configured TLS cipher suites for binding %q: %v, certID: %v",
 			s.binding.GetAddress(), s.binding.ciphers, certID)
diff --git a/internal/httpd/server.go b/internal/httpd/server.go
index 20712840..b3889179 100644
--- a/internal/httpd/server.go
+++ b/internal/httpd/server.go
@@ -108,11 +108,10 @@ func (s *httpdServer) listenAndServe() error {
 			certID = s.binding.GetAddress()
 		}
 		config := &tls.Config{
-			GetCertificate:           certMgr.GetCertificateFunc(certID),
-			MinVersion:               util.GetTLSVersion(s.binding.MinTLSVersion),
-			NextProtos:               []string{"http/1.1", "h2"},
-			CipherSuites:             util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites),
-			PreferServerCipherSuites: true,
+			GetCertificate: certMgr.GetCertificateFunc(certID),
+			MinVersion:     util.GetTLSVersion(s.binding.MinTLSVersion),
+			NextProtos:     []string{"http/1.1", "h2"},
+			CipherSuites:   util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites),
 		}
 		httpServer.TLSConfig = config
 		logger.Debug(logSender, "", "configured TLS cipher suites for binding %q: %v, certID: %v",
diff --git a/internal/telemetry/telemetry.go b/internal/telemetry/telemetry.go
index 554c3333..dfeec713 100644
--- a/internal/telemetry/telemetry.go
+++ b/internal/telemetry/telemetry.go
@@ -126,11 +126,10 @@ func (c Conf) Initialize(configDir string) error {
 			return err
 		}
 		config := &tls.Config{
-			GetCertificate:           certMgr.GetCertificateFunc(common.DefaultTLSKeyPaidID),
-			MinVersion:               util.GetTLSVersion(c.MinTLSVersion),
-			NextProtos:               []string{"http/1.1", "h2"},
-			CipherSuites:             util.GetTLSCiphersFromNames(c.TLSCipherSuites),
-			PreferServerCipherSuites: true,
+			GetCertificate: certMgr.GetCertificateFunc(common.DefaultTLSKeyPaidID),
+			MinVersion:     util.GetTLSVersion(c.MinTLSVersion),
+			NextProtos:     []string{"http/1.1", "h2"},
+			CipherSuites:   util.GetTLSCiphersFromNames(c.TLSCipherSuites),
 		}
 		logger.Debug(logSender, "", "configured TLS cipher suites: %v", config.CipherSuites)
 		httpServer.TLSConfig = config
diff --git a/internal/webdavd/server.go b/internal/webdavd/server.go
index 4d75c950..6cde1200 100644
--- a/internal/webdavd/server.go
+++ b/internal/webdavd/server.go
@@ -80,11 +80,10 @@ func (s *webDavServer) listenAndServe(compressor *middleware.Compressor) error {
 			certID = s.binding.GetAddress()
 		}
 		httpServer.TLSConfig = &tls.Config{
-			GetCertificate:           certMgr.GetCertificateFunc(certID),
-			MinVersion:               util.GetTLSVersion(s.binding.MinTLSVersion),
-			NextProtos:               []string{"http/1.1", "h2"},
-			CipherSuites:             util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites),
-			PreferServerCipherSuites: true,
+			GetCertificate: certMgr.GetCertificateFunc(certID),
+			MinVersion:     util.GetTLSVersion(s.binding.MinTLSVersion),
+			NextProtos:     []string{"http/1.1", "h2"},
+			CipherSuites:   util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites),
 		}
 		logger.Debug(logSender, "", "configured TLS cipher suites for binding %q: %v, certID: %v",
 			s.binding.GetAddress(), httpServer.TLSConfig.CipherSuites, certID)