diff --git a/src/main/java/eu/siacs/conversations/Config.java b/src/main/java/eu/siacs/conversations/Config.java
index 8762dc143..1fca62354 100644
--- a/src/main/java/eu/siacs/conversations/Config.java
+++ b/src/main/java/eu/siacs/conversations/Config.java
@@ -163,13 +163,22 @@ public final class Config {
 
     //only allow secure tls chipers now
     public static final String[] ENABLED_CIPHERS = {
-            "TLS_CHACHA20_POLY1305_SHA256",
-            "TLS_AES_256_GCM_SHA384",
-            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
-            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA512",
-            "TLS_DHE_RSA_WITH_AES_256_GCM_SHA512",
-            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+            //TLS 1.3
+			"TLS_AES_256_GCM_SHA384",
+			"TLS_CHACHA20_POLY1305_SHA256",
+			"TLS_AES_128_GCM_SHA256",
+            //post quantum key agreement with traditional encryption
+			"TLS_ECDHE_KYBER_WITH_CHACHA20_POLY1305_SHA256",
+            //pre shared key for resource constrained devices (e.g. Alexa, IoT)
+            // with post quantum encryption
+			"TLS_PSK_WITH_AES_128_GCM_SHA256",
+            //TLS 1.2 with traditional key agreement and encryption
+			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+			"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
     };
 
     public static final String[] WEAK_CIPHER_PATTERNS = {