diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
index e83466b87..c0cee4a84 100644
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@@ -24,6 +24,9 @@
 #   [*ssl_cert*]            - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
 #   [*ssl_key*]             - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
 #   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
+#   [*ssl_protocols*]       - SSL protocols enabled. Defaults to 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'.
+#   [*ssl_ciphers*]         - SSL ciphers enabled. Defaults to 'HIGH:!aNULL:!MD5'.
+#   [*spdy*]                - Toggles SPDY protocol.
 #   [*server_name*]         - List of vhostnames for which this vhost will respond. Default [$name].
 #   [*www_root*]            - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
 #   [*rewrite_www_to_non_www*]  - Adds a server directive and rewrite rule to
@@ -69,6 +72,9 @@
   $ssl_cert               = undef,
   $ssl_key                = undef,
   $ssl_port               = '443',
+  $ssl_protocols          = 'SSLv3 TLSv1 TLSv1.1 TLSv1.2',
+  $ssl_ciphers            = 'HIGH:!aNULL:!MD5',
+  $spdy                   = $nginx::params::nx_spdy,
   $proxy                  = undef,
   $proxy_read_timeout     = $nginx::params::nx_proxy_read_timeout,
   $proxy_set_header       = [],
diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb
index 63237a933..abee74f6b 100644
--- a/templates/vhost/vhost_ssl_header.erb
+++ b/templates/vhost/vhost_ssl_header.erb
@@ -1,5 +1,5 @@
 server {
-  listen       <%= listen_ip %>:<%= ssl_port %><% if scope.lookupvar('nginx::params::nx_spdy') == 'on' %> ssl spdy<% end %><% if @listen_options %><%= listen_options %><% end %>;
+  listen       <%= listen_ip %>:<%= ssl_port %> ssl<% if spdy == 'on' %> spdy<% end %><% if @listen_options %><%= listen_options %><% end %>;
   <% if ipv6_enable == 'true' && (defined? ipaddress6) %>
   listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
   <% end %>
@@ -11,8 +11,8 @@ server {
   ssl_certificate_key       <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.key;
   ssl_session_cache         shared:SSL:10m;
   ssl_session_timeout       5m;
-  ssl_ciphers               RC4:HIGH:!aNULL:!MD5;  
-  ssl_protocols             SSLv3 TLSv1;
+  ssl_protocols             <%= ssl_protocols %>;
+  ssl_ciphers               <%= ssl_ciphers %>;
   ssl_prefer_server_ciphers on;
 
 <% if auth_basic != :undef -%>
@@ -21,3 +21,6 @@ server {
 <% if auth_basic_user_file != :undef -%>
   auth_basic_user_file      <%= auth_basic_user_file %>;
 <% end -%>
+
+  access_log            <%= scope.lookupvar('nginx::params::nx_logdir')%>/ssl-<%= name %>.access.log;
+  error_log             <%= scope.lookupvar('nginx::params::nx_logdir')%>/ssl-<%= name %>.error.log;