diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0d79c37d2..3a5efa0b1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+15.06.2015
+
+* Apache config update: now only TLSv1.2 allowed with whitelisted chipers, please review all SSL config parameters
+
 08.06.2015
 
 * Add sk service name to application.yml
diff --git a/README.md b/README.md
index d5c6a34f3..01276c1e0 100644
--- a/README.md
+++ b/README.md
@@ -97,9 +97,10 @@ For Apache, registry admin goes to port 443 in production, /etc/apache2/sites-en
   SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
   SSLCACertificateFile /etc/ssl/certs/ca.pem
 
-  SSLProtocol TLSv1
+  SSLProtocol -all +TLSv1.2
   SSLHonorCipherOrder On
-  SSLCipherSuite RC4-SHA:HIGH:!ADH
+  SSLCompression off
+  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
 
   RewriteEnginriteEngine on
   RedirectMatch ^/$ /admin
@@ -157,9 +158,10 @@ Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follow
   SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
   SSLCACertificateFile /etc/ssl/certs/ca.pem
 
-  SSLProtocol TLSv1
+  SSLProtocol -all +TLSv1.2
   SSLHonorCipherOrder On
-  SSLCipherSuite RC4-SHA:HIGH:!ADH
+  SSLCompression off
+  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
 
   RewriteEngine on
   RedirectMatch ^/$ /registrar
@@ -240,9 +242,10 @@ Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as foll
     SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
     SSLCACertificateFile /etc/ssl/certs/ca.pem
 
-    SSLProtocol TLSv1
+    SSLProtocol -all +TLSv1.2
     SSLHonorCipherOrder On
-    SSLCipherSuite RC4-SHA:HIGH:!ADH
+    SSLCompression off
+    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
 
     RewriteEngine on
     RedirectMatch ^/$ /registrant
diff --git a/doc/repp-doc.md b/doc/repp-doc.md
index d1bd4a8f5..dbdad9a59 100644
--- a/doc/repp-doc.md
+++ b/doc/repp-doc.md
@@ -1,6 +1,9 @@
 # REPP integration specification
 
-REPP uses currently Basic Authentication (http://tools.ietf.org/html/rfc2617#section-2) with ssl certificate and key.
+REPP uses HTTP/1.1 protocol (http://www.ietf.org/rfc/rfc2616.txt) and 
+Basic Authentication (http://tools.ietf.org/html/rfc2617#section-2) using 
+Secure Transport (https://tools.ietf.org/html/rfc5246) with certificate and key (https://tools.ietf.org/html/rfc5280).
+
 Credentials and certificate are issued by EIS (in an exchange for desired API username, CSR and IP).
 
 To quickly test the API, use curl: