diff --git a/etcd.conf.yml.sample b/etcd.conf.yml.sample
index 38d74bcb793..f934f3059bf 100644
--- a/etcd.conf.yml.sample
+++ b/etcd.conf.yml.sample
@@ -138,3 +138,9 @@ force-new-cluster: false
 
 auto-compaction-mode: periodic
 auto-compaction-retention: "1"
+
+# Limit etcd to a specific set of tls cipher suites
+cipher-suites: [
+  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+]