diff --git a/misc/security.properties b/misc/security.properties
new file mode 100644
index 0000000000..8d845db353
--- /dev/null
+++ b/misc/security.properties
@@ -0,0 +1,12 @@
+# https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#DisabledAlgorithms
+# https://tersesystems.com/2014/01/13/fixing-the-most-dangerous-code-in-the-world/
+# http://bugs.java.com/bugdatabase/view_bug.do?bug_id=7133344
+# http://www.oracle.com/technetwork/java/javase/7u76-relnotes-2389087.html
+#
+# To load this file in a JVM, use the "java.security.properties" system property.
+#
+# Example: java -Djava.security.properties=/path/to/security.properties -jar /path/to/graylog.jar server
+#
+# jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, TLSv1, TLSv1.1
+# jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, TLSv1, TLSv1.1, EC keySize < 160, RSA keySize < 2048, DSA keySize < 2048
+# jdk.certpath.disabledAlgorithms=MD2, MD4, MD5, EC keySize < 160, RSA keySize < 2048, DSA keySize < 2048