diff --git a/app/lnd/lib/grpcInit.js b/app/lnd/lib/grpcInit.js
deleted file mode 100644
index ac0ec319..00000000
--- a/app/lnd/lib/grpcInit.js
+++ /dev/null
@@ -1,24 +0,0 @@
-import fs from 'fs'
-import path from 'path'
-import grpc from 'grpc'
-import config from '../config'
-
-const grpcInit = (rpcpath, host) => {
-  process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
-  process.env.GRPC_SSL_CIPHER_SUITES = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384'
-  
-  const lndCert = fs.readFileSync(config.cert)
-  const credentials = grpc.credentials.createSsl(lndCert)
-  const rpc = grpc.load(path.join(__dirname, 'rpc.proto'))
-
-
-  const lightning = new rpc.lnrpc.Lightning(host, credentials)
-  const walletUnlocker = new rpc.lnrpc.WalletUnlocker(host, credentials)
-
-  return {
-    lightning,
-    walletUnlocker
-  }
-}
-
-export default grpcInit
diff --git a/app/lnd/lib/lightning.js b/app/lnd/lib/lightning.js
index a6d9f7b4..224d7352 100644
--- a/app/lnd/lib/lightning.js
+++ b/app/lnd/lib/lightning.js
@@ -19,8 +19,6 @@ process.env.GRPC_SSL_CIPHER_SUITES = process.env.GRPC_SSL_CIPHER_SUITES || [
 ].join(':')
 
 const lightning = (rpcpath, host) => {
-  process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
-  process.env.GRPC_SSL_CIPHER_SUITES = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384'
   const lndCert = fs.readFileSync(config.cert)
   const credentials = grpc.credentials.createSsl(lndCert)
   const rpc = grpc.load(path.join(__dirname, 'rpc.proto'))
diff --git a/app/lnd/lib/walletUnlocker.js b/app/lnd/lib/walletUnlocker.js
index 334ebadd..55ddef4f 100644
--- a/app/lnd/lib/walletUnlocker.js
+++ b/app/lnd/lib/walletUnlocker.js
@@ -3,9 +3,22 @@ import path from 'path'
 import grpc from 'grpc'
 import config from '../config'
 
+// Default is ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384
+// https://github.com/grpc/grpc/blob/master/doc/environment_variables.md
+//
+// Current LND cipher suites here:
+// https://github.com/lightningnetwork/lnd/blob/master/lnd.go#L80
+//
+// We order the suites by priority, based on the recommendations provided by SSL Labs here:
+// https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#23-use-secure-cipher-suites
+process.env.GRPC_SSL_CIPHER_SUITES = process.env.GRPC_SSL_CIPHER_SUITES || [
+  'ECDHE-ECDSA-AES128-GCM-SHA256',
+  'ECDHE-ECDSA-AES256-GCM-SHA384',
+  'ECDHE-ECDSA-AES128-CBC-SHA256',
+  'ECDHE-ECDSA-CHACHA20-POLY1305'
+].join(':')
+
 const walletUnlocker = (rpcpath, host) => {
-  process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
-  process.env.GRPC_SSL_CIPHER_SUITES = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384'
   const lndCert = fs.readFileSync(config.cert)
   const credentials = grpc.credentials.createSsl(lndCert)
   const rpc = grpc.load(path.join(__dirname, 'rpc.proto'))