diff --git a/cmd/manager/main.go b/cmd/manager/main.go
index f5e03212c..5e3117b26 100644
--- a/cmd/manager/main.go
+++ b/cmd/manager/main.go
@@ -153,10 +153,18 @@ func runCertManager() {
 func runKubemacpoolManager() {
 	var logType, metricsAddr string
 	var waitingTime int
+	var tlsMinVersion, tlsCiphers string
 
 	flag.StringVar(&metricsAddr, "metrics-addr", ":8443", "The address the metric endpoint binds to.")
 	flag.StringVar(&logType, "v", "production", "Log type (debug/production).")
 	flag.IntVar(&waitingTime, names.WAIT_TIME_ARG, 600, "waiting time to release the mac if object was not created")
+	flag.StringVar(&tlsMinVersion, "tls-min-version", "VersionTLS13", "Minimum TLS version. "+
+		"Supported values are tls package constants names (e.g. VersionTLS13), please see "+
+		"https://pkg.go.dev/crypto/tls#pkg-constants.")
+	flag.StringVar(&tlsCiphers, "tls-cipher-suites", "", "Comma-separated list of TLS cipher suite names. "+
+		"Supported values are tls package constants names (e.g. TLS_AES_128_GCM_SHA256), please see "+
+		"https://pkg.go.dev/crypto/tls#pkg-constants. "+
+		"When 'min-tls-version' is 'VersionTLS13', cipher suites are selected by the runtime.")
 	flag.Parse()
 
 	ctrl.SetLogger(zap.New(zap.UseDevMode(logType != "production")))
@@ -187,7 +195,7 @@ func runKubemacpoolManager() {
 		os.Exit(1)
 	}
 
-	tlsConfig, err := kmptls.NewConfig(os.Getenv("TLS_MIN_VERSION"), os.Getenv("TLS_CIPHERS"))
+	tlsConfig, err := kmptls.NewConfig(tlsMinVersion, tlsCiphers)
 	if err != nil {
 		log.Error(err, "Failed to create TLS config")
 		os.Exit(1)
diff --git a/config/default/manager/manager.yaml b/config/default/manager/manager.yaml
index 19043dfc4..5c2c6c0d1 100644
--- a/config/default/manager/manager.yaml
+++ b/config/default/manager/manager.yaml
@@ -114,8 +114,6 @@ spec:
                 key: RANGE_END
           - name: KUBEVIRT_CLIENT_GO_SCHEME_REGISTRATION_VERSION
             value: "v1"
-          - name: TLS_MIN_VERSION
-            value: "VersionTLS13"
         resources:
           requests:
             cpu: 100m
diff --git a/config/release/kubemacpool.yaml b/config/release/kubemacpool.yaml
index aa7be4cda..afba418b4 100644
--- a/config/release/kubemacpool.yaml
+++ b/config/release/kubemacpool.yaml
@@ -298,8 +298,6 @@ spec:
               name: kubemacpool-mac-range-config
         - name: KUBEVIRT_CLIENT_GO_SCHEME_REGISTRATION_VERSION
           value: v1
-        - name: TLS_MIN_VERSION
-          value: VersionTLS13
         image: quay.io/kubevirt/kubemacpool:latest
         imagePullPolicy: Always
         livenessProbe:
diff --git a/config/test/kubemacpool.yaml b/config/test/kubemacpool.yaml
index 35bf9baf8..12b70abdf 100644
--- a/config/test/kubemacpool.yaml
+++ b/config/test/kubemacpool.yaml
@@ -299,8 +299,6 @@ spec:
               name: kubemacpool-mac-range-config
         - name: KUBEVIRT_CLIENT_GO_SCHEME_REGISTRATION_VERSION
           value: v1
-        - name: TLS_MIN_VERSION
-          value: VersionTLS13
         image: registry:5000/kubevirt/kubemacpool:latest
         imagePullPolicy: Always
         livenessProbe: