diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg
index 121815e..3692982 100644
--- a/haproxy/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@@ -1,7 +1,11 @@
 global
     log stdout format raw local0
     ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
-    ssl-default-bind-ciphers PROFILE=SYSTEM
+    # bez ssl-default-bind-ciphers; użyj domyślnych OpenSSL
+    # (opcjonalnie) dla TLS1.3:
+    ssl-default-bind-ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+    # (opcjonalnie) dla TLS1.2:
+    # ssl-default-bind-ciphers ECDHE+AESGCM:EDH+AESGCM
 
 defaults
     log     global