diff --git a/Dockerfile b/Dockerfile
index c2d5396..8825550 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -62,6 +62,13 @@ LABEL org.opencontainers.image.title="docker-php-alpine" \
       org.opencontainers.image.source="https://git.najihu.net/zdenek/docker-php-alpine" \
       org.opencontainers.image.licenses="MIT"
 
+# --- OpenSSL: povol legacy TLS a sniž security level ---
+RUN set -eux; \
+  cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.bak || true; \
+  awk 'BEGIN{print "openssl_conf = openssl_init"}{print}END{print "\n[openssl_init]\nssl_conf = ssl_sect\n\n[ssl_sect]\nsystem_default = system_default_sect\n\n[system_default_sect]\nMinProtocol = TLSv1\nCipherString = DEFAULT:@SECLEVEL=0"}' \
+    /etc/ssl/openssl.cnf.bak > /etc/ssl/openssl.cnf
+
+
 # Entrypoint spustí FPM a Apache (root → Apache si sám shodí práva)
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 RUN chmod +x /docker-entrypoint.sh