diff --git a/actor/src/udsactor/http/server.py b/actor/src/udsactor/http/server.py
index 5ba0f57ca..d561f8bd3 100644
--- a/actor/src/udsactor/http/server.py
+++ b/actor/src/udsactor/http/server.py
@@ -159,7 +159,11 @@ class HTTPServerThread(threading.Thread):
         # self._server.socket = ssl.wrap_socket(self._server.socket, certfile=self.certFile, server_side=True)
 
         context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+        # Disable TLSv1.0 and TLSv1.1, disable TLSv1.2, use only TLSv1.3
         context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
+
+        context.set_ciphers('ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-SHA256')
+
         context.load_cert_chain(certfile=self._certFile, password=password)
         self._server.socket = context.wrap_socket(self._server.socket, server_side=True)
 
diff --git a/server/src/uds/core/util/certs.py b/server/src/uds/core/util/certs.py
index 5f2cd0630..f662e4cd9 100644
--- a/server/src/uds/core/util/certs.py
+++ b/server/src/uds/core/util/certs.py
@@ -15,7 +15,7 @@ from cryptography.hazmat.primitives.asymmetric import rsa
 def selfSignedCert(ip: str) -> typing.Tuple[str, str, str]:
     key = rsa.generate_private_key(
         public_exponent=65537,
-        key_size=2048,
+        key_size=4096,
         backend=default_backend(),
     )
     # Create a random password for private key