diff --git a/helper/tlsutil/config.go b/helper/tlsutil/config.go
index dfd1ba6ab..07c1e997b 100644
--- a/helper/tlsutil/config.go
+++ b/helper/tlsutil/config.go
@@ -105,14 +105,14 @@ type Config struct {
 	// these values for acceptable safe alternatives.
 	CipherSuites []uint16
 
-	// MinVersion contains the minimum SSL/TLS version that is accepted.
-	MinVersion uint16
-
 	// PreferServerCipherSuites controls whether the server selects the
 	// client's most preferred ciphersuite, or the server's most preferred
 	// ciphersuite. If true then the server's preference, as expressed in
 	// the order of elements in CipherSuites, is used.
 	PreferServerCipherSuites bool
+
+	// MinVersion contains the minimum SSL/TLS version that is accepted.
+	MinVersion uint16
 }
 
 func NewTLSConfiguration(newConf *config.TLSConfig, verifyIncoming, verifyOutgoing bool) (*Config, error) {
diff --git a/website/source/docs/agent/configuration/tls.html.md b/website/source/docs/agent/configuration/tls.html.md
index 8ec43a2ab..07deb14f3 100644
--- a/website/source/docs/agent/configuration/tls.html.md
+++ b/website/source/docs/agent/configuration/tls.html.md
@@ -67,8 +67,8 @@ the [Agent's Gossip and RPC Encryption](/docs/agent/encryption.html).
 - `tls_min_version` - Specifies the minimum supported version of TLS. Accepted
   values are "tls10", "tls11", "tls12". Defaults to TLS 1.2.
 
-- tls_prefer_server_cipher_suites - This option will cause Nomad to prefer the
-  server's ciphersuite over the client ciphersuites.
+- `tls_prefer_server_cipher_suites` - Specifies whether TLS connections should
+   prefer the server's ciphersuites over the client's. Defaults to false.
 
 - `verify_https_client` `(bool: false)` - Specifies agents should require
   client certificates for all incoming HTTPS requests. The client certificates