diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,13 @@
+## Version 2.0.6
+
+* Setting `supportedCiphers` in `defaultSupported` to `ciphersuite_default`.
+  So, users don't have to override this value anymore by exporting
+  `Network.TLS.Extra.Cipher`.
+  [#471](https://github.com/haskell-tls/hs-tls/pull/471)
+* `ciphersuite_default` is the same as `ciphersuite_strong`.
+  So, the duplicated definition is removed.
+* Add missing modules for util/tls-client and util/tls-server.
+
 ## Version 2.0.5
 
 * Fixing handshake13_0rtt_fallback
diff --git a/Network/TLS/Extra/Cipher.hs b/Network/TLS/Extra/Cipher.hs
--- a/Network/TLS/Extra/Cipher.hs
+++ b/Network/TLS/Extra/Cipher.hs
@@ -196,30 +196,12 @@
 -- hardware-acceleration support.  If this dynamic runtime behavior is not
 -- desired, use 'ciphersuite_default_det' instead.
 ciphersuite_default :: [Cipher]
-ciphersuite_default = sortOptimized sets_default
+ciphersuite_default = ciphersuite_strong
 
 -- | Same as 'ciphersuite_default', but using deterministic preference not
 -- influenced by the CPU.
 ciphersuite_default_det :: [Cipher]
-ciphersuite_default_det = sortDeterministic sets_default
-
-sets_default :: [CipherSet]
-sets_default =
-    [ -- First the PFS + GCM + SHA2 ciphers
-      SetAead
-        [cipher_ECDHE_ECDSA_AES128GCM_SHA256, cipher_ECDHE_ECDSA_AES256GCM_SHA384]
-        [cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256]
-        [cipher_ECDHE_ECDSA_AES128CCM_SHA256, cipher_ECDHE_ECDSA_AES256CCM_SHA256]
-    , SetAead
-        [cipher_ECDHE_RSA_AES128GCM_SHA256, cipher_ECDHE_RSA_AES256GCM_SHA384]
-        [cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256]
-        []
-    , -- TLS13 (listed at the end but version is negotiated first)
-      SetAead
-        [cipher_TLS13_AES128GCM_SHA256, cipher_TLS13_AES256GCM_SHA384]
-        [cipher_TLS13_CHACHA20POLY1305_SHA256]
-        [cipher_TLS13_AES128CCM_SHA256]
-    ]
+ciphersuite_default_det = ciphersuite_strong_det
 
 ----------------------------------------------------------------
 
diff --git a/Network/TLS/Parameters.hs b/Network/TLS/Parameters.hs
--- a/Network/TLS/Parameters.hs
+++ b/Network/TLS/Parameters.hs
@@ -28,6 +28,7 @@
 import Network.TLS.Credentials
 import Network.TLS.Crypto
 import Network.TLS.Extension
+import Network.TLS.Extra.Cipher
 import Network.TLS.Imports
 import Network.TLS.Measurement
 import Network.TLS.RNG (Seed)
@@ -331,7 +332,7 @@
 defaultSupported =
     Supported
         { supportedVersions = [TLS13, TLS12]
-        , supportedCiphers = []
+        , supportedCiphers = ciphersuite_default
         , supportedCompressions = [nullCompression]
         , supportedHashSignatures = Struct.supportedSignatureSchemes
         , supportedSecureRenegotiation = True
diff --git a/tls.cabal b/tls.cabal
--- a/tls.cabal
+++ b/tls.cabal
@@ -1,6 +1,6 @@
 cabal-version:      >=1.10
 name:               tls
-version:            2.0.5
+version:            2.0.6
 license:            BSD3
 license-file:       LICENSE
 copyright:          Vincent Hanquez <vincent@snarc.org>
@@ -118,7 +118,7 @@
         base16-bytestring,
         bytestring >= 0.10 && < 0.13,
         cereal >= 0.5.3 && < 0.6,
-        crypton >= 0.34 && < 0.35,
+        crypton >= 0.34,
         crypton-x509 >= 1.7 && < 1.8,
         crypton-x509-store >= 1.6 && < 1.7,
         crypton-x509-validation >= 1.6.5 && < 1.7,
diff --git a/util/tls-client.hs b/util/tls-client.hs
--- a/util/tls-client.hs
+++ b/util/tls-client.hs
@@ -12,7 +12,6 @@
 import Network.Run.TCP
 import Network.Socket
 import Network.TLS
-import Network.TLS.Extra.Cipher
 import System.Console.GetOpt
 import System.Environment
 import System.Exit
@@ -293,8 +292,7 @@
             }
     supported =
         def
-            { supportedCiphers = ciphersuite_strong
-            , supportedVersions = vers
+            { supportedVersions = vers
             , supportedGroups = groups
             }
     hooks =
diff --git a/util/tls-server.hs b/util/tls-server.hs
--- a/util/tls-server.hs
+++ b/util/tls-server.hs
@@ -10,7 +10,6 @@
 import qualified Data.Map.Strict as M
 import Network.Run.TCP
 import Network.TLS
-import Network.TLS.Extra.Cipher
 import System.Console.GetOpt
 import System.Environment (getArgs)
 import System.Exit
@@ -37,7 +36,8 @@
         { optDebugLog = False
         , optShow = False
         , optKeyLogFile = Nothing
-        , optGroups = []
+        , -- excluding FFDHE8192 for retry
+          optGroups = [X25519, X448, P256, P521]
         , optCertFile = "servercert.pem"
         , optKeyFile = "serverkey.pem"
         }
@@ -99,12 +99,15 @@
     (host, port) <- case ips of
         [h, p] -> return (h, p)
         _ -> showUsageAndExit "cannot recognize <addr> and <port>\n"
+    when (null optGroups) $ do
+        putStrLn "Error: unsupported groups"
+        exitFailure
     smgr <- newSessionManager
     Right cred@(!_cc, !_priv) <- credentialLoadX509 optCertFile optKeyFile
     let keyLog = getLogger optKeyLogFile
         creds = Credentials [cred]
     runTCPServer (Just host) port $ \sock -> do
-        let sparams = getServerParams creds smgr keyLog
+        let sparams = getServerParams creds optGroups smgr keyLog
         E.bracket (contextNew sock sparams) bye $ \ctx -> do
             handshake ctx
             when (optDebugLog || optShow) $ putStrLn "------------------------"
@@ -114,10 +117,11 @@
 
 getServerParams
     :: Credentials
+    -> [Group]
     -> SessionManager
     -> (String -> IO ())
     -> ServerParams
-getServerParams creds sm keyLog =
+getServerParams creds groups sm keyLog =
     def
         { serverSupported = supported
         , serverShared = shared
@@ -133,8 +137,7 @@
             }
     supported =
         def
-            { supportedCiphers = ciphersuite_strong
-            , supportedGroups = [X25519, X448, P256, P521]
+            { supportedGroups = groups
             }
     hooks = def{onALPNClientSuggest = Just chooseALPN}
     debug = def{debugKeyLogger = keyLog}
