diff --git a/roles/irc/tasks/main.yml b/roles/irc/tasks/main.yml
index c3ccfbd2525618e8e2a891c4f3c576a60254b9d2..0c55ef41923a11607e2b618ddb6061ad4a4c3842 100644
--- a/roles/irc/tasks/main.yml
+++ b/roles/irc/tasks/main.yml
@@ -31,11 +31,6 @@
     - motd.txt
     - rules.txt
 
-- name: Generate dhparams
-  command: openssh dhparams -out /etc/inspircd/dhparams 2048
-  args:
-    creates: /etc/inspircd/dhparams
-
 # Install anope configuration.
 
 - file:
diff --git a/roles/irc/templates/inspircd/inspircd.conf b/roles/irc/templates/inspircd/inspircd.conf
index a72fae64d6917516ed7f3d3b9588fb8bd64f4663..0a1140d37926f32416a9bf8571bef37eb8e61ca0 100644
--- a/roles/irc/templates/inspircd/inspircd.conf
+++ b/roles/irc/templates/inspircd/inspircd.conf
@@ -18,13 +18,13 @@
        email="irc@{{ domain_public[0] }}">
 
 # note: for the TLS configuration check out modules.conf
-<bind address="" port="16697" type="clients" ssl="gnutls">
-<bind address="" port="19999" type="clients" ssl="gnutls">
+<bind address="" port="16697" type="clients" profile="gnutls">
+<bind address="" port="19999" type="clients" profile="gnutls">
 # note: if you change the server port remember to also update links.conf
 # services
 <bind address="127.0.0.1" port="7000" type="servers">
 # linked irc servers
-<bind address="" port="17029" type="servers" ssl="gnutls">
+<bind address="" port="17029" type="servers" profile="gnutls">
 
 <sasl target="services.irc.{{ irc_network_name }}" requiressl="yes">
 
diff --git a/roles/irc/templates/inspircd/modules.conf b/roles/irc/templates/inspircd/modules.conf
index 028ce1117e53be4a9373b88bf3ce41212c2e4ee1..c66e6431160353a6f1a4eebad2d2cd6e936d18ef 100644
--- a/roles/irc/templates/inspircd/modules.conf
+++ b/roles/irc/templates/inspircd/modules.conf
@@ -60,11 +60,12 @@
 
 # TLS configuration
 <module name="m_ssl_gnutls.so">
-<sslprofile certfile="/etc/credentials/public/irc.autistici.org/fullchain.pem"
+<sslprofile
+        name="gnutls"
+        certfile="/etc/credentials/public/irc.autistici.org/fullchain.pem"
         keyfile="/etc/credentials/public/irc.autistici.org/privkey.pem"
-        hash="sha1" priority="NORMAL:-MD5"
-        dhfile="/etc/inspircd/dhparams"
-        dhbits="1024">
+        priority="SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.3:-RSA:-DHE-DSS"
+        >
 
 <module name="m_sslinfo.so">
 <module name="m_svshold.so">