diff --git a/db/config.cc b/db/config.cc
index 74cee32fe3..84df7f3d32 100644
--- a/db/config.cc
+++ b/db/config.cc
@@ -102,6 +102,8 @@ db::config::config()
 db::config::~config()
 {}
 
+const sstring db::config::default_tls_priority("SECURE128:-VERS-TLS1.0");
+
 namespace utils {
 
 template<>
diff --git a/db/config.hh b/db/config.hh
index 3e0b16603f..8b76db0bbc 100644
--- a/db/config.hh
+++ b/db/config.hh
@@ -762,6 +762,8 @@ public:
     add_options(boost::program_options::options_description_easy_init&);
 
     const db::extensions& extensions() const;
+
+    static const sstring default_tls_priority;
 private:
     template<typename T>
     struct log_legacy_value : public named_value<T, value_status::Used> {
diff --git a/init.cc b/init.cc
index 8fc0996e3e..cf168b287a 100644
--- a/init.cc
+++ b/init.cc
@@ -105,6 +105,8 @@ void init_ms_fd_gossiper(sharded<gms::feature_service>& features
             creds->set_x509_trust_file(ms_trust_store, x509_crt_format::PEM).get();
         }
 
+        creds->set_priority_string(db::config::default_tls_priority);
+
         if (!ms_tls_prio.empty()) {
             creds->set_priority_string(ms_tls_prio);
         }
diff --git a/service/storage_service.cc b/service/storage_service.cc
index eedec1293e..637c8d6d83 100644
--- a/service/storage_service.cc
+++ b/service/storage_service.cc
@@ -2166,6 +2166,7 @@ future<> storage_service::start_native_transport() {
                     auto cred = std::make_shared<seastar::tls::credentials_builder>();
 
                     cred->set_dh_level(seastar::tls::dh_params::level::MEDIUM);
+                    cred->set_priority_string(db::config::default_tls_priority);
 
                     if (ceo.count("priority_string")) {
                         cred->set_priority_string(ceo.at("priority_string"));