diff --git a/config b/config
index 03ba06e..0b101c7 100644
--- a/config
+++ b/config
@@ -39,12 +39,6 @@
 # TCP traffic between Radicale and a reverse proxy
 #certificate_authority =
 
-# SSL Protocol used. See python's ssl module for available values
-#protocol = PROTOCOL_TLSv1_2
-
-# Available ciphers. See python's ssl module for available ciphers
-#ciphers =
-
 
 [encoding]
 
diff --git a/radicale/config.py b/radicale/config.py
index c2b5cc5..a3ef92d 100644
--- a/radicale/config.py
+++ b/radicale/config.py
@@ -127,15 +127,7 @@ DEFAULT_CONFIG_SCHEMA = OrderedDict([
             "value": "",
             "help": "set CA certificate for validating clients",
             "aliases": ["--certificate-authority"],
-            "type": filepath}),
-        ("protocol", {
-            "value": "PROTOCOL_TLSv1_2",
-            "help": "SSL protocol used",
-            "type": str}),
-        ("ciphers", {
-            "value": "",
-            "help": "available ciphers",
-            "type": str})])),
+            "type": filepath})])),
     ("encoding", OrderedDict([
         ("request", {
             "value": "utf-8",
diff --git a/radicale/server.py b/radicale/server.py
index 216db47..64a9a42 100644
--- a/radicale/server.py
+++ b/radicale/server.py
@@ -162,20 +162,18 @@ class ParallelHTTPSServer(ParallelHTTPServer):
     # These class attributes must be set before creating instance
     certificate = None
     key = None
-    protocol = None
-    ciphers = None
     certificate_authority = None
 
     def server_bind(self):
-        """Create server by wrapping HTTP socket in an SSL socket."""
         super().server_bind()
-        self.socket = ssl.wrap_socket(
-            self.socket, self.key, self.certificate, server_side=True,
-            cert_reqs=ssl.CERT_REQUIRED if self.certificate_authority else
-            ssl.CERT_NONE,
-            ca_certs=self.certificate_authority or None,
-            ssl_version=self.protocol, ciphers=self.ciphers,
-            do_handshake_on_connect=False)
+        # Wrap the TCP socket in an SSL socket
+        context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+        context.load_cert_chain(certfile=self.certificate, keyfile=self.key)
+        if self.certificate_authority:
+            context.load_verify_locations(cafile=self.certificate_authority)
+            context.verify_mode = ssl.CERT_REQUIRED
+        self.socket = context.wrap_socket(
+            self.socket, server_side=True, do_handshake_on_connect=False)
 
     def finish_request_locked(self, request, client_address):
         try:
@@ -267,9 +265,6 @@ def serve(configuration, shutdown_socket=None):
         ServerCopy.key = configuration.get("server", "key")
         ServerCopy.certificate_authority = configuration.get(
             "server", "certificate_authority")
-        ServerCopy.ciphers = configuration.get("server", "ciphers")
-        ServerCopy.protocol = getattr(
-            ssl, configuration.get("server", "protocol"), ssl.PROTOCOL_SSLv23)
         # Test if the SSL files can be read
         for name in ["certificate", "key"] + (
                 ["certificate_authority"]