diff --git a/controllers/phish.go b/controllers/phish.go
index 0d9fc262..f83d9006 100644
--- a/controllers/phish.go
+++ b/controllers/phish.go
@@ -3,6 +3,7 @@ package controllers
 import (
 	"compress/gzip"
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"net"
@@ -84,6 +85,10 @@ func WithContactAddress(addr string) PhishingServerOption {
 // Start launches the phishing server, listening on the configured address.
 func (ps *PhishingServer) Start() {
 	if ps.config.UseTLS {
+		// Only support TLS 1.2 and above - ref #1691, #1689
+		ps.server.TLSConfig = &tls.Config{
+			MinVersion: tls.VersionTLS12,
+		}
 		err := util.CheckAndCreateSSL(ps.config.CertPath, ps.config.KeyPath)
 		if err != nil {
 			log.Fatal(err)
diff --git a/controllers/route.go b/controllers/route.go
index 72cf545d..72cf791b 100644
--- a/controllers/route.go
+++ b/controllers/route.go
@@ -3,6 +3,7 @@ package controllers
 import (
 	"compress/gzip"
 	"context"
+	"crypto/tls"
 	"html/template"
 	"net/http"
 	"net/url"
@@ -70,6 +71,10 @@ func (as *AdminServer) Start() {
 		go as.worker.Start()
 	}
 	if as.config.UseTLS {
+		// Only support TLS 1.2 and above - ref #1691, #1689
+		as.server.TLSConfig = &tls.Config{
+			MinVersion: tls.VersionTLS12,
+		}
 		err := util.CheckAndCreateSSL(as.config.CertPath, as.config.KeyPath)
 		if err != nil {
 			log.Fatal(err)