diff --git a/webserver/vars/bullseye.yml b/webserver/vars/bullseye.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8998f738e75c174f5d03b02cfe026d050ffc198d
--- /dev/null
+++ b/webserver/vars/bullseye.yml
@@ -0,0 +1,12 @@
+---
+# yamllint disable rule:line-length
+
+protocols:
+  modern: 'TLSv1.3'
+  intermediate: 'TLSv1.2 TLSv1.3'
+ciphers:
+  modern: null
+  intermediate: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
+prefer_server_ciphers:
+  modern: false
+  intermediate: false