diff --git a/manifests/compute/libvirt.pp b/manifests/compute/libvirt.pp
index eda807c89..196557001 100644
--- a/manifests/compute/libvirt.pp
+++ b/manifests/compute/libvirt.pp
@@ -180,6 +180,13 @@
 #   https://libvirt.org/logging.html
 #   Defaults to undef
 #
+# [*tls_priority*]
+#   (optional) Override the compile time default TLS priority string. The
+#   default is usually "NORMAL" unless overridden at build time.
+#   Only set this if it is desired for libvirt to deviate from
+#   the global default settings.
+#   Defaults to undef
+#
 class nova::compute::libvirt (
   $ensure_package                             = 'present',
   $libvirt_virt_type                          = 'kvm',
@@ -214,6 +221,7 @@ class nova::compute::libvirt (
   $num_pcie_ports                             = $::os_service_default,
   $mem_stats_period_seconds                   = $::os_service_default,
   $log_filters                                = undef,
+  $tls_priority                               = undef,
 ) inherits nova::params {
 
   include ::nova::deps
@@ -256,6 +264,12 @@ class nova::compute::libvirt (
     }
   }
 
+  if $tls_priority {
+    libvirtd_config {
+      'tls_priority': value => "\"${tls_priority}\"";
+    }
+  }
+
   unless $rx_queue_size == $::os_service_default or $rx_queue_size in [256, 512, 1024] {
     fail("Invalid rx_queue_size parameter: ${rx_queue_size}")
   }
diff --git a/releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml b/releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml
new file mode 100644
index 000000000..4c05686bf
--- /dev/null
+++ b/releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Add tls_priority parameter to nova::compute::libvirt class
+    to override the compile time default TLS priority string. The
+    default is usually "NORMAL" unless overridden at build time.
+    Only set this if it is desired for libvirt to deviate from
+    the global default settings.
diff --git a/spec/classes/nova_compute_libvirt_spec.rb b/spec/classes/nova_compute_libvirt_spec.rb
index ca15c72c8..769c0c076 100644
--- a/spec/classes/nova_compute_libvirt_spec.rb
+++ b/spec/classes/nova_compute_libvirt_spec.rb
@@ -69,6 +69,7 @@ describe 'nova::compute::libvirt' do
       it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_ensure('<SERVICE DEFAULT>')}
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value('<SERVICE DEFAULT>')}
       it { is_expected.to contain_libvirtd_config('log_filters').with_ensure('absent')}
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_ensure('absent')}
     end
 
     describe 'with params' do
@@ -100,6 +101,7 @@ describe 'nova::compute::libvirt' do
           :num_pcie_ports                             => 16,
           :mem_stats_period_seconds                   => 20,
           :log_filters                                => '1:qemu',
+          :tls_priority                               => 'NORMAL:-VERS-SSL3.0',
         }
       end
 
@@ -130,6 +132,7 @@ describe 'nova::compute::libvirt' do
       it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_value(16)}
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value(20)}
       it { is_expected.to contain_libvirtd_config('log_filters').with_value("\"#{params[:log_filters]}\"")}
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_value("\"#{params[:tls_priority]}\"")}
       it {
         is_expected.to contain_service('libvirt').with(
           :name     => 'custom_service',