diff --git a/under construction/STARTTLS-how-to.md b/under construction/STARTTLS-how-to.md
index b595445..81885fa 100644
--- a/under construction/STARTTLS-how-to.md	
+++ b/under construction/STARTTLS-how-to.md	
@@ -58,8 +58,8 @@ Under construction
 	# disable compression and client-initiated renegotiation
     tls_ssl_options = NO_COMPRESSION, 0x40000000
 	# disable unsecure ciphers
-    smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA, DHE-RSA-AES256-CCM8, AES256-CCM8, DHE-RSA-AES128-CCM8, AES128-CCM8
-    smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA, DHE-RSA-AES256-CCM8, AES256-CCM8, DHE-RSA-AES128-CCM8, AES128-CCM8
+    smtpd_tls_exclude_ciphers = EXP, LOW, MEDIUM, aNULL, eNULL, SRP, PSK, kDH, ADH, AECDH, kRSA, DSS, RC4, DES, IDEA, SEED, ARIA, AESCCM8, 3DES, MD5
+    smtp_tls_exclude_ciphers = EXP, LOW, MEDIUM, aNULL, eNULL, SRP, PSK, kDH, ADH, AECDH, kRSA, DSS, RC4, DES, IDEA, SEED, ARIA, AESCCM8, 3DES, MD5
 	# Enable server cipher-suite preferences
     tls_preempt_cipherlist = yes
     # Forward secrecy