diff --git a/src/api.go b/src/api.go
index d4af088..eea3047 100644
--- a/src/api.go
+++ b/src/api.go
@@ -74,7 +74,7 @@ func RegisterHTTPProxyAPIs(authRouter *auth.RouterDef) {
 func RegisterTLSAPIs(authRouter *auth.RouterDef) {
 	//Global certificate settings
 	authRouter.HandleFunc("/api/cert/tls", handleToggleTLSProxy)
-	authRouter.HandleFunc("/api/cert/tlsRequireLatest", handleSetTlsRequireLatest)
+	authRouter.HandleFunc("/api/cert/tlsMinVersion", handleSetTlsMinVersion)
 	authRouter.HandleFunc("/api/cert/resolve", handleCertTryResolve)
 	authRouter.HandleFunc("/api/cert/setPreferredCertificate", handleSetDomainPreferredCertificate)
 
diff --git a/src/cert.go b/src/cert.go
index 62b4f66..3a8b52c 100644
--- a/src/cert.go
+++ b/src/cert.go
@@ -45,32 +45,49 @@ func handleToggleTLSProxy(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-// Handle the GET and SET of reverse proxy TLS versions
-func handleSetTlsRequireLatest(w http.ResponseWriter, r *http.Request) {
-	newState, err := utils.PostPara(r, "set")
-	if err != nil {
-		//GET
-		var reqLatestTLS bool = false
-		if sysdb.KeyExists("settings", "forceLatestTLS") {
-			sysdb.Read("settings", "forceLatestTLS", &reqLatestTLS)
-		}
-
-		js, _ := json.Marshal(reqLatestTLS)
-		utils.SendJSONResponse(w, string(js))
-	} else {
-		switch newState {
-		case "true":
-			sysdb.Write("settings", "forceLatestTLS", true)
-			SystemWideLogger.Println("Updating minimum TLS version to v1.2 or above")
-			dynamicProxyRouter.UpdateTLSVersion(true)
-		case "false":
-			sysdb.Write("settings", "forceLatestTLS", false)
-			SystemWideLogger.Println("Updating minimum TLS version to v1.0 or above")
-			dynamicProxyRouter.UpdateTLSVersion(false)
-		default:
-			utils.SendErrorResponse(w, "invalid state given")
-		}
+func minTlsVersionStringToUint16(version string) uint16 {
+	// Update the setting
+	var tlsVersionUint16 uint16
+	switch version {
+	case "1.0":
+		tlsVersionUint16 = 0x0301
+	case "1.1":
+		tlsVersionUint16 = 0x0302
+	case "1.2":
+		tlsVersionUint16 = 0x0303
+	case "1.3":
+		tlsVersionUint16 = 0x0304
 	}
+	return tlsVersionUint16
+}
+
+// Handle the GET and SET of reverse proxy minimum TLS version
+func handleSetTlsMinVersion(w http.ResponseWriter, r *http.Request) {
+	newVersion, err := utils.PostPara(r, "set")
+	if err != nil {
+		// GET
+		var minTLSVersion string = "1.2" // Default to 1.2
+		if sysdb.KeyExists("settings", "minTLSVersion") {
+			sysdb.Read("settings", "minTLSVersion", &minTLSVersion)
+		}
+		js, _ := json.Marshal(minTLSVersion)
+		utils.SendJSONResponse(w, string(js))
+		return
+	}
+
+	// Validate input
+	allowed := map[string]bool{"1.0": true, "1.1": true, "1.2": true, "1.3": true}
+	if !allowed[newVersion] {
+		utils.SendErrorResponse(w, "invalid TLS version")
+		return
+	}
+
+	sysdb.Write("settings", "minTLSVersion", newVersion)
+	tlsVersionUint16 := minTlsVersionStringToUint16(newVersion)
+	// Update the setting
+	SystemWideLogger.PrintAndLog("TLS", "Updating minimum TLS version to v"+newVersion+" or above", nil)
+	dynamicProxyRouter.SetTlsMinVersion(tlsVersionUint16)
+	utils.SendOK(w)
 }
 
 func handleCertTryResolve(w http.ResponseWriter, r *http.Request) {
diff --git a/src/mod/dynamicproxy/dynamicproxy.go b/src/mod/dynamicproxy/dynamicproxy.go
index 39443e5..c4421c1 100644
--- a/src/mod/dynamicproxy/dynamicproxy.go
+++ b/src/mod/dynamicproxy/dynamicproxy.go
@@ -48,8 +48,8 @@ func (router *Router) UpdateTLSSetting(tlsEnabled bool) {
 
 // Update TLS Version in runtime. Will restart proxy server if running.
 // Set this to true to force TLS 1.2 or above
-func (router *Router) UpdateTLSVersion(requireLatest bool) {
-	router.Option.ForceTLSLatest = requireLatest
+func (router *Router) SetTlsMinVersion(minTlsVersion uint16) {
+	router.Option.MinTLSVersion = minTlsVersion
 	router.Restart()
 }
 
@@ -77,9 +77,9 @@ func (router *Router) StartProxyService() error {
 		return errors.New("reverse proxy router root not set")
 	}
 
-	minVersion := tls.VersionTLS10
-	if router.Option.ForceTLSLatest {
-		minVersion = tls.VersionTLS12
+	minVersion := tls.VersionTLS12 //Default to TLS 1.2
+	if router.Option.MinTLSVersion != 0 {
+		minVersion = int(router.Option.MinTLSVersion)
 	}
 
 	config := &tls.Config{
diff --git a/src/mod/dynamicproxy/typedef.go b/src/mod/dynamicproxy/typedef.go
index 2f6528d..3caf5b3 100644
--- a/src/mod/dynamicproxy/typedef.go
+++ b/src/mod/dynamicproxy/typedef.go
@@ -49,7 +49,7 @@ type RouterOption struct {
 	HostVersion        string //The version of Zoraxy, use for heading mod
 	Port               int    //Incoming port
 	UseTls             bool   //Use TLS to serve incoming requsts
-	ForceTLSLatest     bool   //Force TLS1.2 or above
+	MinTLSVersion      uint16 //Minimum TLS version
 	NoCache            bool   //Force set Cache-Control: no-store
 	ListenOnPort80     bool   //Enable port 80 http listener
 	ForceHttpsRedirect bool   //Force redirection of http to https endpoint
diff --git a/src/reverseproxy.go b/src/reverseproxy.go
index 86d5dc5..9eea778 100644
--- a/src/reverseproxy.go
+++ b/src/reverseproxy.go
@@ -58,13 +58,9 @@ func ReverseProxyInit() {
 		SystemWideLogger.Println("TLS mode disabled. Serving proxy request with plain http")
 	}
 
-	forceLatestTLSVersion := false
-	sysdb.Read("settings", "forceLatestTLS", &forceLatestTLSVersion)
-	if forceLatestTLSVersion {
-		SystemWideLogger.Println("Force latest TLS mode enabled. Minimum TLS LS version is set to v1.2")
-	} else {
-		SystemWideLogger.Println("Force latest TLS mode disabled. Minimum TLS version is set to v1.0")
-	}
+	minTLSVersion := "1.2" // default
+	sysdb.Read("settings", "minTLSVersion", &minTLSVersion)
+	SystemWideLogger.Println("Minimum TLS version set to v" + minTLSVersion)
 
 	developmentMode := false
 	sysdb.Read("settings", "devMode", &developmentMode)
@@ -106,7 +102,7 @@ func ReverseProxyInit() {
 		HostVersion:        SYSTEM_VERSION,
 		Port:               inboundPort,
 		UseTls:             useTls,
-		ForceTLSLatest:     forceLatestTLSVersion,
+		MinTLSVersion:      minTlsVersionStringToUint16(minTLSVersion),
 		NoCache:            developmentMode,
 		ListenOnPort80:     listenOnPort80,
 		ForceHttpsRedirect: forceHttpsRedirect,
@@ -125,6 +121,7 @@ func ReverseProxyInit() {
 		DevelopmentMode: *development_build,
 		Logger:          SystemWideLogger,
 	})
+
 	if err != nil {
 		SystemWideLogger.PrintAndLog("proxy-config", "Unable to create dynamic proxy router", err)
 		return
diff --git a/src/web/components/status.html b/src/web/components/status.html
index 09910ea..b91fa1d 100644
--- a/src/web/components/status.html
+++ b/src/web/components/status.html
@@ -110,10 +110,19 @@
                 Advance Settings
             </div>
             <div class="content">
-                <div id="tlsMinVer" class="ui toggle notloopbackOnly tlsEnabledOnly checkbox" style="margin-top: 0.6em;">
-                    <input type="checkbox">
-                    <label>Force TLS v1.2 or above<br>
-                    <small>(Enhance security, but not compatible with legacy browsers)</small></label>
+                <div id="tlsMinVer" class="ui notloopbackOnly tlsEnabledOnly" style="margin-top: 0.6em;">
+                    <div style="display: flex; align-items: center; gap: 1em;">
+                        <select id="tlsVersionSelect" class="ui dropdown">
+                            <option value="1.0">TLS v1.0</option>
+                            <option value="1.1">TLS v1.1</option>
+                            <option value="1.2">TLS v1.2</option>
+                            <option value="1.3">TLS v1.3</option>
+                        </select>
+                        <p for="tlsVersionSelect" style="margin: 0;">
+                            Minimum TLS Version<br>
+                            <small>(Enhance security, but may not be compatible with legacy browsers)</small>
+                        </p>
+                    </div>
                 </div>
                 <br>
                 <div id="developmentMode" class="ui toggle checkbox" style="margin-top: 0.6em;">
@@ -466,31 +475,28 @@
     initHTTPtoHTTPSRedirectSetting();
 
     function initTlsVersionSetting(){
-        $.get("/api/cert/tlsRequireLatest", function(data){
-            if (data == true){
-                $("#tlsMinVer").checkbox("set checked");
-            }else{
-                $("#tlsMinVer").checkbox("set unchecked");
+        $.get("/api/cert/tlsMinVersion", function(data){
+            // Set dropdown value
+            if (data && typeof data === "string") {
+                $("#tlsVersionSelect").val(data);
             }
-
-            //Bind events to the checkbox
-            $("#tlsMinVer").find("input").on("change", function(){
-                let thisValue = $("#tlsMinVer").checkbox("is checked");
+            // Bind change event
+            $("#tlsVersionSelect").off("change").on("change", function(){
+                var selectedVersion = $(this).val();
                 $.cjax({
-                    url: "/api/cert/tlsRequireLatest",
-                    data: {"set": thisValue},
+                    url: "/api/cert/tlsMinVersion",
                     method: "POST",
+                    data: {set: selectedVersion},
                     success: function(data){
                         if (data.error != undefined){
                             msgbox(data.error, false, 5000);
                         }else{
-                            msgbox("TLS Version Setting Updated");
+                            msgbox("TLS minimum version updated");
                         }
                     }
-                })
+                });
             });
         });
-        
     }
     initTlsVersionSetting();