diff --git a/CHANGELOG b/CHANGELOG
index 6a8e9db..b951034 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -26,6 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * logsentry: delete unused default file that we put in /usr/share/scripts
 * base: set the lookup option so that resolv.conf searches /etc/hosts before querying a domain name server; the default is the opposite
 * post-install: add the pf_states check by default in generateldif.sh script
+* nagios-nrpe: allow older cipher suites for older Icinga version
 
 ### Changed
 
diff --git a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
index 7385928..19783eb 100644
--- a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
+++ b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
@@ -1,3 +1,8 @@
+{% if ansible_distribution_version is version_compare("7.2",'>=') %}
+# Allow older cipher suites for older Icinga version
+ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
+
+{% endif %}
 # System checks
 command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10
 command[check_load]=/usr/local/libexec/nagios/check_load --percpu --warning=0.7,0.6,0.5 --critical=0.9,0.8,0.7