A client and a server negotiate a cipher suite as part of establishing a TLS connection. Cipher suites are rated with an associated level of security. In one example, the client and the server maintain a historical record that identifies the cipher suites used in previous TLS connections between the client and the server. The client and the server determine a minimally acceptable cipher suite rating based at least in part on the historical record of previously used cipher suites. If the negotiated cipher suite has a rating less than the determined minimally acceptable cipher suite rating, the TLS connection may be terminated, the cipher suite may be renegotiated, or other corrective action may be taken. In another example, the client and the server exchange digital certificates, and the digital certificates identify cipher suites for use with a TLS connection that are acceptable to the certificate owner.