diff --git a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java
index dda88cf..3b23e20 100644
--- a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java
+++ b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java
@@ -72,6 +72,10 @@ public class QueryServerProperties {
             "phoenix.queryserver.tls.truststore";
     public static final String QUERY_SERVER_TLS_TRUSTSTORE_PASSWORD =
             "phoenix.queryserver.tls.truststore.password";
+    public static final String QUERY_SERVER_TLS_ENABLED_PROTCOLS =
+            "phoenix.queryserver.tls.protocols";
+    public static final String QUERY_SERVER_TLS_ENABLED_CIPHERSUITES =
+            "phoenix.queryserver.tls.ciphersuites";
     public static final String QUERY_SERVER_JMX_JSON_ENDPOINT_DISABLED =
             "phoenix.queryserver.jmxjsonendpoint.disabled";
 
diff --git a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
index 8619da1..de5ef58 100644
--- a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
+++ b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
@@ -297,7 +297,19 @@ private void setTlsIfNeccessary(Builder<Server> builder, Configuration conf) thr
         throw new Exception(String.format("if %s is enabled, %s must be specfified" , QueryServerProperties.QUERY_SERVER_TLS_ENABLED, QueryServerProperties.QUERY_SERVER_TLS_TRUSTSTORE));
       }
       final File tlsTruststoreFile = new File(tlsTruststore);
-      builder.withTLS(tlsKeystoreFile, tlsKeystorePassword, tlsTruststoreFile, tlsTruststorePassword, keystoreType);
+
+      final String tlsEnabledProtocolsString = getConf().get(QueryServerProperties.QUERY_SERVER_TLS_ENABLED_PROTCOLS);
+      String[] tlsEnabledProtocols = null;
+      if (tlsEnabledProtocolsString != null) {
+          tlsEnabledProtocols = tlsEnabledProtocolsString.trim().split(",");
+      }
+      final String tlsEnabledChiphersuitesString = getConf().get(QueryServerProperties.QUERY_SERVER_TLS_ENABLED_CIPHERSUITES);
+      String[] tlsEnabledChiphersuites = null;
+      if (tlsEnabledChiphersuitesString != null) {
+          tlsEnabledChiphersuites = tlsEnabledChiphersuitesString.trim().split(",");
+      }
+
+      builder.withTLS(tlsKeystoreFile, tlsKeystorePassword, tlsTruststoreFile, tlsTruststorePassword, keystoreType, tlsEnabledProtocols, tlsEnabledChiphersuites);
     }
 }