diff --git a/changelog.d/2-features/coturn-tls b/changelog.d/2-features/coturn-tls
new file mode 100644
index 00000000000..f193fb9c198
--- /dev/null
+++ b/changelog.d/2-features/coturn-tls
@@ -0,0 +1,4 @@
+The coturn Helm chart now has a `.tls.ciphers` option to allow setting
+the cipher list for TLS connections, when TLS is enabled. By default,
+this option is set to a cipher list which is compliant with [BSI
+TR-02102-2](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-2.pdf).
diff --git a/charts/coturn/templates/configmap-coturn-conf-template.yaml b/charts/coturn/templates/configmap-coturn-conf-template.yaml
index 4a2a4c4c066..b981c3cce9c 100644
--- a/charts/coturn/templates/configmap-coturn-conf-template.yaml
+++ b/charts/coturn/templates/configmap-coturn-conf-template.yaml
@@ -13,6 +13,9 @@ data:
     {{- if .Values.tls.enabled }}
     cert=/secrets-tls/tls.crt
     pkey=/secrets-tls/tls.key
+    {{- if .Values.tls.ciphers }}
+    cipher-list={{ .Values.tls.ciphers }}
+    {{- end }}
     {{- else }}
     no-tls
     {{- end }}
diff --git a/charts/coturn/values.yaml b/charts/coturn/values.yaml
index eede1626bec..d56986c6e0f 100644
--- a/charts/coturn/values.yaml
+++ b/charts/coturn/values.yaml
@@ -28,6 +28,8 @@ coturnTurnTlsListenPort: 5349
 
 tls:
   enabled: false
+  # compliant with BSI TR-02102-2
+  ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384'
   secretRef:
   reloaderImage:
     # container image containing https://github.com/Pluies/config-reloader-sidecar