diff --git a/CHANGELOG.md b/CHANGELOG.md
index 99597b78e802251b1e8e56f06f4fc1306f699e6a..6898772f8d7299037aa4806c036e9a0839e74ae3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,14 +14,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 
-
+- The sever by default now only serves TLS 1.2 and 1.3, all previous versions
+  have been disabled in the default settings.  Make sure that your clients
+  (especially the Python client) are up to date.
 
 ### Deprecated
 
 - 
 
-### Removed
+### Removed ###
 
 - 
 
@@ -37,6 +38,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Security (in case of vulnerabilities)
 
+- TLS is by default restricted to v1.2 and v1.3 now.
+
+
 ## [0.1.0] - 2018-10-09
 
 Tag `v0.1` - Commit 3b17b49
diff --git a/conf/core/server.conf b/conf/core/server.conf
index 882c4453f1dd2f11eb36bf6a534e0ba26b249c62..c3cf62bafe6951f1b1412e648ea2eb10f469a2a4 100644
--- a/conf/core/server.conf
+++ b/conf/core/server.conf
@@ -26,10 +26,10 @@ CONTEXT_ROOT=
 SERVER_PORT_HTTPS=443
 SERVER_PORT_HTTP=80
 
-HTTPS_ENABLED_PROTOCOLS=TLSv1.2 TLSv1.1 TLSv1
-HTTPS_DISABLED_PROTOCOLS=SSLv3 SSLv2Hello
-HTTPS_ENABLED_CIPHER_SUITES=TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
-HTTPS_DISABLED_CIPHER_SUITES=SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
+HTTPS_ENABLED_PROTOCOLS=TLSv1.3 TLSv1.2
+HTTPS_DISABLED_PROTOCOLS=SSLv3 SSLv2Hello TLSv1.1 TLSv1.0
+HTTPS_ENABLED_CIPHER_SUITES=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_8_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+HTTPS_DISABLED_CIPHER_SUITES=TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHASSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
 
 INITIAL_CONNECTIONS=1
 
diff --git a/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java b/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java
index 11f16aa1377d1c5c2ed8d0e28fcd27f12343b463..8df3bc2f8b798a8495f9bb670fa7ce23c5eba9c2 100644
--- a/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java
+++ b/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java
@@ -1,11 +1,7 @@
 package caosdb.server.jobs.extension;
 
 import static caosdb.server.permissions.Role.ANONYMOUS_ROLE;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Objects;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+
 import caosdb.server.accessControl.UserSources;
 import caosdb.server.database.exceptions.EntityDoesNotExistException;
 import caosdb.server.datatype.SingleValue;
@@ -15,8 +11,6 @@ import caosdb.server.entity.Message;
 import caosdb.server.entity.Message.MessageType;
 import caosdb.server.entity.wrapper.Property;
 import caosdb.server.jobs.JobAnnotation;
-//import caosdb.server.jobs.core.CheckNoAdditionalPropertiesPresent;
-import caosdb.server.jobs.core.CheckNoOverridesPresent;
 import caosdb.server.jobs.core.CheckPropValid;
 import caosdb.server.permissions.EntityACL;
 import caosdb.server.permissions.EntityACLFactory;
@@ -28,6 +22,11 @@ import caosdb.server.transaction.Update;
 import caosdb.server.utils.EntityStatus;
 import caosdb.server.utils.ServerMessages;
 import caosdb.server.utils.Utils;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Objects;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 @JobAnnotation(transaction = caosdb.server.transaction.WriteTransaction.class, loadAlways = true)
 public class AWIBoxLoan extends AWIBoxLoanModel {
@@ -391,8 +390,9 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
         if (!isBoxRecord(e) || !hasOnlyAllowedBoxProperties4RequestLoan(e)) {
           return false;
         }
-        // TODO this breaks the box loan functionality if any other prior changes have been made to the box
-//        appendJob(e, CheckNoAdditionalPropertiesPresent.class);
+        // TODO this breaks the box loan functionality if any other prior changes have been made to
+        // the box
+        //        appendJob(e, CheckNoAdditionalPropertiesPresent.class);
       }
       return true;
     }
@@ -440,9 +440,10 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
           setCuratorAsOwner(e);
         }
         setLoanRequestDate(e);
-        // TODO this check breaks the box loan functionality if any other changes have been made to the box entity
-//        appendJob(e, CheckNoAdditionalPropertiesPresent.class);
-        appendJob(e, CheckNoOverridesPresent.class);
+        // TODO this check breaks the box loan functionality if any other changes have been made to
+        // the box entity
+        //        appendJob(e, CheckNoAdditionalPropertiesPresent.class);
+        //        appendJob(e, CheckNoOverridesPresent.class);
       }
       appendJob(AWIBoxLoanRequestLoanCuratorEmail.class);
       return true;
@@ -477,9 +478,10 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
         && isPersonRecord(getContainer().get(0))
         && checkUniqueName(getContainer().get(0))
         && checkEmail(getContainer().get(0))) {
-      // TODO this check breaks the box loan functionality if any other changes have been made to the box entity
-//      appendJob(getContainer().get(0), CheckNoAdditionalPropertiesPresent.class);
-      appendJob(getContainer().get(0), CheckNoOverridesPresent.class);
+      // TODO this check breaks the box loan functionality if any other changes have been made to
+      // the box entity
+      //      appendJob(getContainer().get(0), CheckNoAdditionalPropertiesPresent.class);
+      //      appendJob(getContainer().get(0), CheckNoOverridesPresent.class);
       logger.trace("isRequestReturnSetUser: true");
       return true;
     }
@@ -538,7 +540,7 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
    */
   boolean hasOnlyAllowedLoanProperties4RequestReturn(EntityInterface e) {
     runJobFromSchedule(e, CheckPropValid.class);
-    appendJob(e, CheckNoOverridesPresent.class);
+    //    appendJob(e, CheckNoOverridesPresent.class);
 
     boolean foundReturnRequested = false;
     for (Property p : e.getProperties()) {
diff --git a/src/main/java/caosdb/server/permissions/EntityPermission.java b/src/main/java/caosdb/server/permissions/EntityPermission.java
index 7fae8a76a8cc87cbfb2525c34102d5418d58e94e..1747a55810cf9718abc9627cad8102f88b2a5cac 100644
--- a/src/main/java/caosdb/server/permissions/EntityPermission.java
+++ b/src/main/java/caosdb/server/permissions/EntityPermission.java
@@ -65,7 +65,7 @@ public class EntityPermission extends Permission {
           "This bitNumber is too big. This implementation only handles bitNumbers up to 61.");
     }
     if (instances.contains(this)) {
-      throw new CaosDBException("This EntityPermission is defined yet.");
+      throw new CaosDBException("This EntityPermission is defined already.");
     } else {
       instances.add(this);
     }