diff --git a/eclair-core/pom.xml b/eclair-core/pom.xml
index 21478aa0ea..8655ac291d 100644
--- a/eclair-core/pom.xml
+++ b/eclair-core/pom.xml
@@ -147,7 +147,7 @@
         <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-all</artifactId>
-            <version>4.1.32.Final</version>
+            <version>4.1.42.Final</version>
         </dependency>
         <!-- BITCOIN -->
         <dependency>
diff --git a/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala b/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
index b60662583d..2da34e01f0 100644
--- a/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
+++ b/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala
@@ -67,7 +67,12 @@ class ElectrumClient(serverAddress: InetSocketAddress, ssl: SSL)(implicit val ec
         case SSL.OFF => ()
         case SSL.STRICT =>
           val sslCtx = SslContextBuilder.forClient.build
-          ch.pipeline.addLast(sslCtx.newHandler(ch.alloc(), serverAddress.getHostName, serverAddress.getPort))
+          val handler = sslCtx.newHandler(ch.alloc(), serverAddress.getHostName, serverAddress.getPort)
+          val sslParameters = handler.engine().getSSLParameters
+          sslParameters.setEndpointIdentificationAlgorithm("HTTPS")
+          handler.engine().setSSLParameters(sslParameters)
+          handler.engine().setEnabledProtocols(Array[String]("TLSv1.2", "TLSv1.3"))
+          ch.pipeline.addLast(handler)
         case SSL.LOOSE =>
           // INSECURE VERSION THAT DOESN'T CHECK CERTIFICATE
           val sslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build()