diff --git a/SECURITY.md b/SECURITY.md
index c6a3418..16e3e50 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -15,7 +15,11 @@ This Gitea instance is configured following best practices, in order to thwart l
 ### Web front-end
 
 - Any plain-text (HTTP) traffic is redirected to the TLS secure counterpart (HTTPS).
-- TLS (or more specifically: TLSv1.2 and TLSv1.3) is used for transit encryption, with the following ciphers: `ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:AES-256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM` and with HSTS.
+- TLS (or more specifically: TLSv1.2 and TLSv1.3) is used for transit encryption - with HSTS and the following ciphers: 
+	```
+	ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:AES-256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM
+- OCSP stapling is enabled.
+- TLS session tickets are disabled (at least until Nginx fixes this properly).
 
 ### Networking