diff --git a/webserver/webserver/src/main/java/io/helidon/webserver/WebServerTls.java b/webserver/webserver/src/main/java/io/helidon/webserver/WebServerTls.java
index f049b30d0c5..e6c902bb70d 100644
--- a/webserver/webserver/src/main/java/io/helidon/webserver/WebServerTls.java
+++ b/webserver/webserver/src/main/java/io/helidon/webserver/WebServerTls.java
@@ -174,6 +174,12 @@ public WebServerTls build() {
          * @return this builder
          */
         public Builder config(Config config) {
+            config.get("enabled").asBoolean().ifPresent(this::enabled);
+
+            if (explicitEnabled != null && !explicitEnabled) {
+                return this;
+            }
+
             config.get("client-auth").asString().ifPresent(this::clientAuth);
             config.get("private-key")
                     .ifExists(it -> privateKey(KeyConfig.create(it)));
@@ -188,8 +194,6 @@ public Builder config(Config config) {
                     .asLong()
                     .ifPresent(this::sessionTimeoutSeconds);
 
-            config.get("enabled").asBoolean().ifPresent(this::enabled);
-
             return this;
         }
 
diff --git a/webserver/webserver/src/test/java/io/helidon/webserver/WebServerTlsTest.java b/webserver/webserver/src/test/java/io/helidon/webserver/WebServerTlsTest.java
new file mode 100644
index 00000000000..5569824489f
--- /dev/null
+++ b/webserver/webserver/src/test/java/io/helidon/webserver/WebServerTlsTest.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2022 Oracle and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.helidon.webserver;
+
+import io.helidon.config.Config;
+import io.helidon.config.ConfigSources;
+
+import org.junit.jupiter.api.Test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.nullValue;
+import static org.hamcrest.MatcherAssert.assertThat;
+
+public class WebServerTlsTest {
+
+    @Test
+    public void sslFromConfig() {
+        Config config = Config.builder().sources(ConfigSources.classpath("config-with-disabled-tls.conf")).build();
+        WebServerTls tls = WebServerTls.builder()
+                .config(config.get("tls"))
+                .build();
+
+        assertThat(tls.enabled(), is(false));
+        assertThat(tls.sslContext(), nullValue());
+    }
+
+}
diff --git a/webserver/webserver/src/test/resources/config-with-disabled-tls.conf b/webserver/webserver/src/test/resources/config-with-disabled-tls.conf
new file mode 100644
index 00000000000..3893a9ca249
--- /dev/null
+++ b/webserver/webserver/src/test/resources/config-with-disabled-tls.conf
@@ -0,0 +1,27 @@
+#
+# Copyright (c) 2022 Oracle and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+tls: {
+  enabled: false
+  private-key: {
+    keystore: {
+      resource {
+        resource-path: "invalid.p12"
+      }
+      passphrase: "invalid"
+    }
+  }
+}