diff --git a/Network/Wai/Handler/WarpTLS.hs b/Network/Wai/Handler/WarpTLS.hs
--- a/Network/Wai/Handler/WarpTLS.hs
+++ b/Network/Wai/Handler/WarpTLS.hs
@@ -67,6 +67,18 @@
       -- Default: 'TLS.defaultLogging'.
       --
       -- Since 1.4.0
+    , tlsAllowedVersions :: [TLS.Version]
+      -- ^ The TLS versions this server accepts.
+      --
+      -- Default: '[TLS.SSL3,TLS.TLS10,TLS.TLS11,TLS.TLS12]'.
+      --
+      -- Since 1.4.2
+    , tlsCiphers :: [TLS.Cipher]
+      -- ^ The TLS ciphers this server accepts.
+      --
+      -- Default: '[TLSExtra.cipher_AES128_SHA1, TLSExtra.cipher_AES256_SHA1, TLSExtra.cipher_RC4_128_MD5, TLSExtra.cipher_RC4_128_SHA1]'
+      --
+      -- Since 1.4.2
     }
 
 -- | An action when a plain HTTP comes to HTTP over TLS/SSL port.
@@ -89,6 +101,8 @@
     , keyFile = "key.pem"
     , onInsecure = DenyInsecure "This server only accepts secure HTTPS connections."
     , tlsLogging = TLS.defaultLogging
+    , tlsAllowedVersions = [TLS.SSL3,TLS.TLS10,TLS.TLS11,TLS.TLS12]
+    , tlsCiphers = ciphers
     }
 
 -- | Running 'Application' with 'TLSSettings' and 'Settings' using
@@ -101,8 +115,8 @@
             TLS.updateServerParams
                 (\sp -> sp { TLS.serverWantClientCert = False }) $
             TLS.defaultParamsServer
-            { TLS.pAllowedVersions = [TLS.SSL3,TLS.TLS10,TLS.TLS11,TLS.TLS12]
-            , TLS.pCiphers         = ciphers
+            { TLS.pAllowedVersions = tlsAllowedVersions
+            , TLS.pCiphers         = tlsCiphers
             , TLS.pCertificates    = zip certs $ (Just pk):repeat Nothing
             , TLS.pLogging         = tlsLogging
             }
diff --git a/warp-tls.cabal b/warp-tls.cabal
--- a/warp-tls.cabal
+++ b/warp-tls.cabal
@@ -1,5 +1,5 @@
 Name:                warp-tls
-Version:             1.4.1.4
+Version:             1.4.2
 Synopsis:            HTTP over SSL/TLS support for Warp via the TLS package
 License:             MIT
 License-file:        LICENSE
