diff --git a/README.md b/README.md
index 31fc1173..6b1c81e6 100644
--- a/README.md
+++ b/README.md
@@ -542,6 +542,23 @@ Notice that the dict object has to use precisely the names stated in the documen
   - Override with `CONSUL_TLS_VERIFY_SERVER_HOSTNAME` environment variable
 - Default value: false
 
+### `consul_tls_min_version`
+
+- [Minimum acceptable TLS version](https://www.consul.io/docs/agent/options.html#tls_min_version)
+  - Can be overridden with `CONSUL_TLS_MIN_VERSION` environment variable
+- Default value: tls12
+
+### `consul_tls_cipher_suites`
+
+- [Comma-separated list of supported ciphersuites](https://www.consul.io/docs/agent/options.html#tls_cipher_suites)
+- Default value: ""
+
+### `consul_tls_prefer_server_cipher_suites`
+
+- [Prefer server's cipher suite over client cipher suite](https://www.consul.io/docs/agent/options.html#tls_prefer_server_cipher_suites)
+  - Can be overridden with `CONSUL_TLS_PREFER_SERVER_CIPHER_SUITES` environment variable
+- Default value: false
+
 ### `consul_install_remotely`
 
 - Whether to download the files for installation directly on the remote hosts
diff --git a/templates/config.json.j2 b/templates/config.json.j2
index c41a066a..cb352bfa 100644
--- a/templates/config.json.j2
+++ b/templates/config.json.j2
@@ -79,9 +79,9 @@
     "verify_server_hostname": {{ consul_tls_verify_server_hostname | bool | to_json }},
     "tls_min_version": "{{ consul_tls_min_version }}",
     {% if consul_tls_cipher_suites is defined and consul_tls_cipher_suites %}
-    "tls_cipher_suites": "{{ vault_tls_cipher_suites}}",
+    "tls_cipher_suites": "{{ consul_tls_cipher_suites}}",
     {% endif %}
-    "tls_prefer_server_cipher_suites": {{ vault_tls_prefer_server_cipher_suites | bool | to_json }},
+    "tls_prefer_server_cipher_suites": {{ consul_tls_prefer_server_cipher_suites | bool | to_json }},
     {% endif %}
 
     {## LAN Join ##}