diff --git a/src/conf.c b/src/conf.c
index 2b7ade7..8b4ecff 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -16,6 +16,10 @@
 static struct acl *
 conf_parse_acls(json_t *jtab);
 
+#if HAVE_SSL
+void conf_parse_ssl(struct conf *conf, json_t *jssl, const char *filename);
+#endif
+
 #define ACL_ERROR_PREFIX "Config error with 'redis_auth': "
 #define ACL_ERROR_SUFFIX ". Starting with auth disabled.\n"
 
@@ -200,6 +204,10 @@ conf_read(const char *filename) {
 			conf->pool_size_per_thread = atoi_free(conf_string_or_envvar(json_string_value(jtmp)));
 		} else if(strcmp(json_object_iter_key(kv), "default_root") == 0 && json_typeof(jtmp) == JSON_STRING) {
 			conf->default_root = conf_string_or_envvar(json_string_value(jtmp));
+#if HAVE_SSL
+		} else if(strcmp(json_object_iter_key(kv), "ssl") == 0 && json_typeof(jtmp) == JSON_OBJECT) {
+			conf_parse_ssl(conf, jtmp, filename);
+#endif
 		} else {
 			fprintf(stderr, "Warning! Unexpected key or incorrect value in %s: '%s'\n", filename, json_object_iter_key(kv));
 		}
@@ -210,6 +218,31 @@ conf_read(const char *filename) {
 	return conf;
 }
 
+#if HAVE_SSL
+void
+conf_parse_ssl(struct conf *conf, json_t *jssl, const char *filename) {
+	for(void *kv = json_object_iter(jssl); kv; kv = json_object_iter_next(jssl, kv)) {
+		json_t *jtmp = json_object_iter_value(kv);
+		if(strcmp(json_object_iter_key(kv), "enabled") == 0 && (json_typeof(jtmp) == JSON_TRUE || json_typeof(jtmp) == JSON_FALSE)) {
+			conf->ssl.enabled = (json_typeof(jtmp) == JSON_TRUE) ? 1 : 0;
+		} else if(strcmp(json_object_iter_key(kv), "ca_cert_bundle") == 0 && json_typeof(jtmp) == JSON_STRING) {
+			conf->ssl.ca_cert_bundle = conf_string_or_envvar(json_string_value(jtmp));
+		} else if(strcmp(json_object_iter_key(kv), "path_to_certs") == 0 && json_typeof(jtmp) == JSON_STRING) {
+			conf->ssl.path_to_certs = conf_string_or_envvar(json_string_value(jtmp));
+		} else if(strcmp(json_object_iter_key(kv), "client_cert") == 0 && json_typeof(jtmp) == JSON_STRING) {
+			conf->ssl.client_cert_pem = conf_string_or_envvar(json_string_value(jtmp));
+		} else if(strcmp(json_object_iter_key(kv), "client_key") == 0 && json_typeof(jtmp) == JSON_STRING) {
+			conf->ssl.client_key_pem = conf_string_or_envvar(json_string_value(jtmp));
+		} else if(strcmp(json_object_iter_key(kv), "redis_sni") == 0 && json_typeof(jtmp) == JSON_STRING) {
+			conf->ssl.redis_sni = conf_string_or_envvar(json_string_value(jtmp));
+		} else {
+			fprintf(stderr, "Warning! Unexpected key or incorrect value under 'ssl', in %s: '%s'\n",
+				filename, json_object_iter_key(kv));
+		}
+	}
+}
+#endif
+
 void
 acl_read_commands(json_t *jlist, struct acl_commands *ac) {
 
diff --git a/src/conf.h b/src/conf.h
index 5d9f44a..f4c851c 100644
--- a/src/conf.h
+++ b/src/conf.h
@@ -55,6 +55,7 @@ struct conf {
 #ifdef HAVE_SSL
 	/* SSL */
 	struct {
+		int enabled;
 		char *ca_cert_bundle;  /* File name of trusted CA/ca bundle file, optional */
 		char *path_to_certs;   /* Path of trusted certificates, optional */
 		char *client_cert_pem; /* File name of client certificate file, optional */
diff --git a/src/pool.c b/src/pool.c
index b439a36..3e7e76e 100644
--- a/src/pool.c
+++ b/src/pool.c
@@ -46,19 +46,6 @@ pool_on_connect(const redisAsyncContext *ac, int status) {
 	}
 	/* connected to redis! */
 
-#ifdef HAVE_SSL
-/* Negotiate SSL/TLS */
-if (redisInitiateSSLWithContext((redisContext*)&ac->c, p->w->s->ssl_context) != REDIS_OK) {
-    /* Handle error, in c->err / c->errstr */
-	slog(p->w->s, WEBDIS_ERROR, "SSL negotiation failed", 0);
-	if (ac->c.err) { /* non-zero on error */
-		slog(p->w->s, WEBDIS_ERROR, ac->c.errstr, 0);
-	}
-	pool_schedule_reconnect(p);
-	return;
-}
-#endif
-
 	/* add to pool */
 	for(i = 0; i < p->count; ++i) {
 		if(p->ac[i] == NULL) {
@@ -206,6 +193,21 @@ pool_connect(struct pool *p, int db_num, int attach) {
 		return NULL;
 	}
 
+#ifdef HAVE_SSL
+/* Negotiate SSL/TLS */
+	if(p->w->s->cfg->ssl.enabled) {
+		if (redisInitiateSSLWithContext((redisContext*)&ac->c, p->w->s->ssl_context) != REDIS_OK) {
+			/* Handle error, in c->err / c->errstr */
+			slog(p->w->s, WEBDIS_ERROR, "SSL negotiation failed", 0);
+			if(ac->c.err) { /* non-zero on error */
+				slog(p->w->s, WEBDIS_ERROR, ac->c.errstr, 0);
+			}
+			pool_schedule_reconnect(p);
+			return NULL;
+		}
+	}
+#endif
+
 	redisLibeventAttach(ac, p->w->base);
 	redisAsyncSetConnectCallback(ac, pool_on_connect);
 	redisAsyncSetDisconnectCallback(ac, pool_on_disconnect);
diff --git a/src/server.c b/src/server.c
index b785f5e..03fa3b9 100644
--- a/src/server.c
+++ b/src/server.c
@@ -125,7 +125,9 @@ server_new(const char *cfg_file) {
 	s->cfg = conf_read(cfg_file);
 
 #ifdef HAVE_SSL
-	server_init_ssl(s);
+	if(s->cfg->ssl.enabled) {
+		server_init_ssl(s);
+	}
 #endif
 
 	/* workers */