diff --git a/docker-compose.test.yml b/docker-compose.test.yml
index 9e4dbed..8d0aece 100644
--- a/docker-compose.test.yml
+++ b/docker-compose.test.yml
@@ -16,10 +16,11 @@ lb:
     KONTENA_LB_SSL_CIPHERS: ECDHE-RSA-AES128-GCM-SHA256
     KONTENA_LB_CUSTOM_SETTINGS: |
       option dontlognull
-
+    KONTENA_LB_GLOBAL_SETTINGS: |
+      ssl-default-bind-options force-tlsv12
     ACME_CHALLENGE_LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0: |
       LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0.9jg46WB3rR_AHD-EBXdN7cBkH1WOu0tA3M9fm21mqTI
-      
+
     SSL_CERT_test1: |
       -----BEGIN CERTIFICATE-----
       MIIC9TCCAd2gAwIBAgIJAK94fUzfHt1pMA0GCSqGSIb3DQEBCwUAMBExDzANBgNV
diff --git a/lib/kontena/templates/haproxy/main.text.erb b/lib/kontena/templates/haproxy/main.text.erb
index 285b250..8408b61 100644
--- a/lib/kontena/templates/haproxy/main.text.erb
+++ b/lib/kontena/templates/haproxy/main.text.erb
@@ -7,6 +7,11 @@ global
     tune.ssl.default-dh-param 2048
     ssl-default-bind-ciphers <%= ENV['KONTENA_LB_SSL_CIPHERS'] || 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA' %>
     stats socket <%= Kontena::Actors::HaproxySpawner::ADMIN_SOCK %> mode 660 level admin expose-fd listeners
+    <% if ENV['KONTENA_LB_GLOBAL_SETTINGS'] %>
+    <% ENV['KONTENA_LB_GLOBAL_SETTINGS'].split("\n").each do |setting| %>
+    <%= setting %>
+    <% end %>
+    <% end %>
 
 defaults
     log                     global
diff --git a/test/global_settings_test.bats b/test/global_settings_test.bats
new file mode 100644
index 0000000..cc97351
--- /dev/null
+++ b/test/global_settings_test.bats
@@ -0,0 +1,10 @@
+#!/usr/bin/env bats
+
+load "common"
+
+@test "supports custom global settings via env" {
+
+  run config
+  assert_output_contains "ssl-default-bind-options force-tlsv12"
+
+}