diff --git a/doc.ja/src/sgml/ssl.sgml b/doc.ja/src/sgml/ssl.sgml
index b83a54b5..25737c48 100644
--- a/doc.ja/src/sgml/ssl.sgml
+++ b/doc.ja/src/sgml/ssl.sgml
@@ -189,6 +189,44 @@ SSLサポートを有効にするためには、<productname>Pgpool-II</productn
 <!--
         This parameter can only be set at server start.
 -->
+このパラメータはサーバ起動時にのみ設定可能です。
+      </para>
+      </listitem>
+    </varlistentry>
+
+    <varlistentry id="guc-ssl-ciphers" xreflabel="ssl_ciphers">
+      <term><varname>ssl_ciphers</varname> (<type>string</type>)
+        <indexterm>
+<!--
+          <primary><varname>ssl_ciphers</varname> configuration parameter</primary>
+-->
+          <primary><varname>ssl_ciphers</varname>設定パラメータ</primary>
+        </indexterm>
+    </term>
+    <listitem>
+      <para>
+<!--
+        Specifies a list of <acronym>SSL</acronym> cipher suites that
+        are allowed to be used on secure connections.  See
+        the <citerefentry><refentrytitle>ciphers</refentrytitle></citerefentry>
+        manual page in the <application>OpenSSL</application> package
+        for the syntax of this setting and a list of supported values.
+        The default value
+        is <literal>HIGH:MEDIUM:+3DES:!aNULL</literal>, which is same
+        as <productname>PostgreSQL</productname>.
+        See <productname>PostgreSQL</productname> manual to know why
+        the value is chosen.
+-->
+セキュアな接続で使用できる<acronym>SSL</acronym>暗号スイートのリストを指定します。
+設定構文と使用可能な値のリストについては<application>OpenSSL</application>パッケージの
+<citerefentry><refentrytitle>ciphers</refentrytitle></citerefentry>マニュアルをご覧ください。
+デフォルト値は<literal>HIGH:MEDIUM:+3DES:!aNULL</literal>で、<productname>PostgreSQL</productname>と同じです。
+この値が選ばれた理由については、<productname>PostgreSQL</productname>のマニュアルをご覧ください。
+      </para>
+      <para>
+<!--
+        This parameter can only be set at server start.
+-->
 このパラメータはサーバ起動時にのみ設定可能です。
       </para>
       </listitem>
diff --git a/doc/src/sgml/ssl.sgml b/doc/src/sgml/ssl.sgml
index f91da84f..0388e143 100644
--- a/doc/src/sgml/ssl.sgml
+++ b/doc/src/sgml/ssl.sgml
@@ -126,6 +126,31 @@
       </listitem>
     </varlistentry>
 
+    <varlistentry id="guc-ssl-ciphers" xreflabel="ssl_ciphers">
+      <term><varname>ssl_ciphers</varname> (<type>string</type>)
+        <indexterm>
+          <primary><varname>ssl_ciphers</varname> configuration parameter</primary>
+        </indexterm>
+    </term>
+    <listitem>
+      <para>
+        Specifies a list of <acronym>SSL</acronym> cipher suites that
+        are allowed to be used on secure connections.  See
+        the <citerefentry><refentrytitle>ciphers</refentrytitle></citerefentry>
+        manual page in the <application>OpenSSL</application> package
+        for the syntax of this setting and a list of supported values.
+        The default value
+        is <literal>HIGH:MEDIUM:+3DES:!aNULL</literal>, which is same
+        as <productname>PostgreSQL</productname>.
+        See <productname>PostgreSQL</productname> manual to know why
+        the value is chosen.
+      </para>
+      <para>
+        This parameter can only be set at server start.
+      </para>
+      </listitem>
+    </varlistentry>
+
   </variablelist>
  </sect2>
 
diff --git a/src/config/pool_config_variables.c b/src/config/pool_config_variables.c
index 63dd46d4..f0b74cce 100644
--- a/src/config/pool_config_variables.c
+++ b/src/config/pool_config_variables.c
@@ -992,6 +992,16 @@ static struct config_string ConfigureNamesString[] =
 		NULL, NULL, NULL, NULL
 	},
 
+	{
+		{"ssl_ciphers", CFGCXT_INIT, SSL_CONFIG,
+			"Allowed SSL ciphers.",
+			CONFIG_VAR_TYPE_STRING, false, 0
+		},
+		&g_pool_config.ssl_ciphers,
+		"",
+		NULL, NULL, NULL, NULL
+	},
+
 	{
 		{"memqcache_oiddir", CFGCXT_INIT, CACHE_CONFIG,
 			"Tempory directory to record table oids.",
diff --git a/src/include/pool_config.h b/src/include/pool_config.h
index dd662698..cd212ca9 100644
--- a/src/include/pool_config.h
+++ b/src/include/pool_config.h
@@ -333,7 +333,7 @@ typedef struct
 	char	   *ssl_ca_cert;	/* path to root (CA) certificate */
 	char	   *ssl_ca_cert_dir;	/* path to directory containing CA
 									 * certificates */
-
+	char	   *ssl_ciphers;	/* allowed ssl ciphers */
 	int64		relcache_expire;	/* relation cache life time in seconds */
 	int			relcache_size;	/* number of relation cache life entry */
 	bool		check_temp_table;	/* enable temporary table check */
diff --git a/src/sample/pgpool.conf.sample b/src/sample/pgpool.conf.sample
index 998920db..f9dfa90b 100644
--- a/src/sample/pgpool.conf.sample
+++ b/src/sample/pgpool.conf.sample
@@ -120,7 +120,9 @@ ssl = off
                                    # Directory containing CA root certificate(s)
                                    # (change requires restart)
 
-
+ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
+                                   # Allowed SSL ciphers
+                                   # (change requires restart)
 #------------------------------------------------------------------------------
 # POOLS
 #------------------------------------------------------------------------------
diff --git a/src/sample/pgpool.conf.sample-logical b/src/sample/pgpool.conf.sample-logical
index b75c1ed5..d7a9abde 100644
--- a/src/sample/pgpool.conf.sample-logical
+++ b/src/sample/pgpool.conf.sample-logical
@@ -120,7 +120,9 @@ ssl = off
                                    # Directory containing CA root certificate(s)
                                    # (change requires restart)
 
-
+ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
+                                   # Allowed SSL ciphers
+                                   # (change requires restart)
 #------------------------------------------------------------------------------
 # POOLS
 #------------------------------------------------------------------------------
diff --git a/src/sample/pgpool.conf.sample-master-slave b/src/sample/pgpool.conf.sample-master-slave
index 24c5b841..d9f4fd4b 100644
--- a/src/sample/pgpool.conf.sample-master-slave
+++ b/src/sample/pgpool.conf.sample-master-slave
@@ -119,7 +119,9 @@ ssl = off
                                    # Directory containing CA root certificate(s)
                                    # (change requires restart)
 
-
+ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
+                                   # Allowed SSL ciphers
+                                   # (change requires restart)
 #------------------------------------------------------------------------------
 # POOLS
 #------------------------------------------------------------------------------
diff --git a/src/sample/pgpool.conf.sample-replication b/src/sample/pgpool.conf.sample-replication
index 067fd4b0..3b288499 100644
--- a/src/sample/pgpool.conf.sample-replication
+++ b/src/sample/pgpool.conf.sample-replication
@@ -118,7 +118,9 @@ ssl = off
                                    # Directory containing CA root certificate(s)
                                    # (change requires restart)
 
-
+ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
+                                   # Allowed SSL ciphers
+                                   # (change requires restart)
 #------------------------------------------------------------------------------
 # POOLS
 #------------------------------------------------------------------------------
diff --git a/src/sample/pgpool.conf.sample-stream b/src/sample/pgpool.conf.sample-stream
index ecb19673..7b9baee9 100644
--- a/src/sample/pgpool.conf.sample-stream
+++ b/src/sample/pgpool.conf.sample-stream
@@ -120,7 +120,9 @@ ssl = off
                                    # Directory containing CA root certificate(s)
                                    # (change requires restart)
 
-
+ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
+                                   # Allowed SSL ciphers
+                                   # (change requires restart)
 #------------------------------------------------------------------------------
 # POOLS
 #------------------------------------------------------------------------------
diff --git a/src/utils/pool_process_reporting.c b/src/utils/pool_process_reporting.c
index bb079fc1..acf25bc3 100644
--- a/src/utils/pool_process_reporting.c
+++ b/src/utils/pool_process_reporting.c
@@ -257,6 +257,11 @@ get_config(int *nrows)
 	StrNCpy(status[i].desc, "directory containing CA root certificate(s)", POOLCONFIG_MAXDESCLEN);
 	i++;
 
+	StrNCpy(status[i].name, "ssl_ciphers", POOLCONFIG_MAXNAMELEN);
+	snprintf(status[i].value, POOLCONFIG_MAXVALLEN, "%s", pool_config->ssl_ciphers);
+	StrNCpy(status[i].desc, "allowed SSL ciphers", POOLCONFIG_MAXDESCLEN);
+	i++;
+
 	/* POOLS */
 
 	/* - Pool size -  */
diff --git a/src/utils/pool_ssl.c b/src/utils/pool_ssl.c
index db1983b4..b3a335da 100644
--- a/src/utils/pool_ssl.c
+++ b/src/utils/pool_ssl.c
@@ -309,6 +309,13 @@ init_ssl_ctx(POOL_CONNECTION * cp, enum ssl_conn_type conntype)
 	 */
 	SSL_CTX_set_mode(cp->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 
+	/* set up the allowed cipher list */
+	error = SSL_CTX_set_cipher_list(cp->ssl_ctx, pool_config->ssl_ciphers);
+	SSL_RETURN_ERROR_IF((error != 1), "Setting allowed cipher list");
+
+	/* Let server choose order */
+	SSL_CTX_set_options(cp->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+
 	if (conntype == ssl_conn_serverclient)
 	{
 		/* between frontend and pgpool */