diff --git a/src/main.rs b/src/main.rs
index 1662981..e33f8f0 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -391,7 +391,7 @@ fn create_ssl_acceptor(cert: &ParsedPkcs12_2) -> SslAcceptorBuilder {
         // Not have AES hardware acceleration, perfer ChaCha20.
         builder
             .set_cipher_list(
-                "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\
+                "@SECLEVEL=0:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\
                 ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
                 ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\
                 DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:\
@@ -413,7 +413,7 @@ fn create_ssl_acceptor(cert: &ParsedPkcs12_2) -> SslAcceptorBuilder {
 
         builder
             .set_cipher_list(
-                "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
+                "@SECLEVEL=0:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
                 ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\
                 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\
                 DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:\
@@ -433,7 +433,7 @@ fn create_ssl_acceptor(cert: &ParsedPkcs12_2) -> SslAcceptorBuilder {
     builder.set_private_key(cert.pkey.as_ref().unwrap()).unwrap();
     builder.set_certificate(cert.cert.as_ref().unwrap()).unwrap();
     if let Some(i) = &cert.ca {
-        i.iter().rev().for_each(|j| builder.add_extra_chain_cert(j.to_owned()).unwrap());
+        i.iter().for_each(|j| builder.add_extra_chain_cert(j.to_owned()).unwrap());
     }
     builder
 }
diff --git a/src/rpc.rs b/src/rpc.rs
index 03c55ab..ac820bd 100644
--- a/src/rpc.rs
+++ b/src/rpc.rs
@@ -16,7 +16,7 @@ use futures::{executor::block_on, TryFutureExt};
 use log::{debug, error, info, warn};
 use openssl::{
     asn1::Asn1Time,
-    pkcs12::{ParsedPkcs12_2, Pkcs12},
+    pkcs12::{ParsedPkcs12_2, Pkcs12}, provider::Provider,
 };
 use parking_lot::{RwLock, RwLockUpgradableReadGuard};
 use rand::prelude::SliceRandom;
@@ -197,6 +197,7 @@ impl RPCClient {
     }
 
     pub async fn get_cert(&self) -> Option<ParsedPkcs12_2> {
+        let _provider = Provider::try_load(None, "legacy", true).unwrap();
         let cert = self
             .reqwest
             .get(self.build_url("get_cert", "", None))