diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/Http2NettyTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/Http2NettyTest.java
index 504c8157c2..23d07d11d0 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/Http2NettyTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/Http2NettyTest.java
@@ -36,6 +36,7 @@ import io.grpc.testing.TestUtils;
 import io.grpc.transport.netty.GrpcSslContexts;
 import io.grpc.transport.netty.NettyChannelBuilder;
 import io.grpc.transport.netty.NettyServerBuilder;
+import io.netty.handler.ssl.SupportedCipherSuiteFilter;
 
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
@@ -56,8 +57,10 @@ public class Http2NettyTest extends AbstractTransportTest {
   public static void startServer() {
     try {
       startStaticServer(NettyServerBuilder.forPort(serverPort)
-          .sslContext(GrpcSslContexts.forServer(
-                  TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key")).build()));
+          .sslContext(GrpcSslContexts
+              .forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"))
+              .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE)
+              .build()));
     } catch (IOException ex) {
       throw new RuntimeException(ex);
     }
@@ -73,8 +76,10 @@ public class Http2NettyTest extends AbstractTransportTest {
     try {
       return NettyChannelBuilder
           .forAddress(TestUtils.testServerAddress(serverPort))
-          .sslContext(GrpcSslContexts.forClient().trustManager(
-                  TestUtils.loadCert("ca.pem")).build())
+          .sslContext(GrpcSslContexts.forClient()
+              .trustManager(TestUtils.loadCert("ca.pem"))
+              .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE)
+              .build())
           .build();
     } catch (Exception ex) {
       throw new RuntimeException(ex);
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java
index b2b8b71421..d3af1b063c 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java
@@ -31,11 +31,16 @@
 
 package io.grpc.testing.integration;
 
+import com.squareup.okhttp.ConnectionSpec;
+import com.squareup.okhttp.TlsVersion;
+
 import io.grpc.ChannelImpl;
 import io.grpc.testing.TestUtils;
 import io.grpc.transport.netty.GrpcSslContexts;
 import io.grpc.transport.netty.NettyServerBuilder;
 import io.grpc.transport.okhttp.OkHttpChannelBuilder;
+import io.grpc.transport.okhttp.OkHttpClientTransport;
+import io.netty.handler.ssl.SupportedCipherSuiteFilter;
 
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
@@ -56,8 +61,10 @@ public class Http2OkHttpTest extends AbstractTransportTest {
   public static void startServer() throws Exception {
     try {
       startStaticServer(NettyServerBuilder.forPort(serverPort)
-          .sslContext(GrpcSslContexts.forServer(
-                  TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key")).build()));
+          .sslContext(GrpcSslContexts
+              .forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"))
+              .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE)
+              .build()));
     } catch (IOException ex) {
       throw new RuntimeException(ex);
     }
@@ -71,6 +78,10 @@ public class Http2OkHttpTest extends AbstractTransportTest {
   @Override
   protected ChannelImpl createChannel() {
     OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress("127.0.0.1", serverPort)
+        .setConnectionSpec(new ConnectionSpec.Builder(OkHttpClientTransport.DEFAULT_CONNECTION_SPEC)
+            .cipherSuites(TestUtils.preferredTestCiphers().toArray(new String[0]))
+            .tlsVersions(ConnectionSpec.MODERN_TLS.tlsVersions().toArray(new TlsVersion[0]))
+            .build())
         .overrideHostForAuthority(TestUtils.TEST_SERVER_HOST);
     try {
       builder.sslSocketFactory(TestUtils.getSslSocketFactoryForCertainCert(
diff --git a/netty/src/test/java/io/grpc/transport/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/transport/netty/NettyClientTransportTest.java
index 73f89f1f20..f8aec9b906 100644
--- a/netty/src/test/java/io/grpc/transport/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/transport/netty/NettyClientTransportTest.java
@@ -58,6 +58,7 @@ import io.netty.channel.nio.NioEventLoopGroup;
 import io.netty.channel.socket.nio.NioServerSocketChannel;
 import io.netty.channel.socket.nio.NioSocketChannel;
 import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SupportedCipherSuiteFilter;
 
 import org.junit.After;
 import org.junit.Before;
@@ -174,7 +175,8 @@ public class NettyClientTransportTest {
   private NettyClientTransport newTransport() throws IOException {
     // Create the protocol negotiator.
     File clientCert = TestUtils.loadCert("ca.pem");
-    SslContext clientContext = GrpcSslContexts.forClient().trustManager(clientCert).build();
+    SslContext clientContext = GrpcSslContexts.forClient().trustManager(clientCert)
+        .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE).build();
     ProtocolNegotiator negotiator = ProtocolNegotiators.tls(clientContext, address);
 
     NettyClientTransport transport = new NettyClientTransport(address, NioSocketChannel.class,
@@ -186,7 +188,8 @@ public class NettyClientTransportTest {
   private void startServer(int maxStreamsPerConnection) throws IOException {
     File serverCert = TestUtils.loadCert("server1.pem");
     File key = TestUtils.loadCert("server1.key");
-    SslContext serverContext = GrpcSslContexts.forServer(serverCert, key).build();
+    SslContext serverContext = GrpcSslContexts.forServer(serverCert, key)
+        .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE).build();
     server = new NettyServer(address, NioServerSocketChannel.class,
             group, group, serverContext, maxStreamsPerConnection,
             DEFAULT_WINDOW_SIZE, DEFAULT_WINDOW_SIZE);
diff --git a/testing/src/main/java/io/grpc/testing/TestUtils.java b/testing/src/main/java/io/grpc/testing/TestUtils.java
index 9efa5ee0ef..8b173a2030 100644
--- a/testing/src/main/java/io/grpc/testing/TestUtils.java
+++ b/testing/src/main/java/io/grpc/testing/TestUtils.java
@@ -50,10 +50,14 @@ import java.net.InetSocketAddress;
 import java.net.ServerSocket;
 import java.net.UnknownHostException;
 import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 
 import javax.net.ssl.SSLContext;
@@ -149,6 +153,30 @@ public class TestUtils {
       throw new RuntimeException(e);
     }
   }
+
+  /**
+   * Returns the ciphers preferred to use during tests. They may be chosen because they are widely
+   * available or because they are fast. There is no requirement that they provide confidentiality
+   * or integrity.
+   */
+  public static List<String> preferredTestCiphers() {
+    String[] ciphers;
+    try {
+      ciphers = SSLContext.getDefault().getDefaultSSLParameters().getCipherSuites();
+    } catch (NoSuchAlgorithmException ex) {
+      throw new RuntimeException(ex);
+    }
+    List<String> ciphersMinusGcm = new ArrayList<String>();
+    for (String cipher : ciphers) {
+      // The GCM implementation in Java is _very_ slow (~1 MB/s)
+      if (cipher.contains("_GCM_")) {
+        continue;
+      }
+      ciphersMinusGcm.add(cipher);
+    }
+    return Collections.unmodifiableList(ciphersMinusGcm);
+  }
+
   /**
    * Load a file from the resources folder.
    *