diff --git a/lib/moped/connection.rb b/lib/moped/connection.rb
index 0041867..9120214 100644
--- a/lib/moped/connection.rb
+++ b/lib/moped/connection.rb
@@ -47,7 +47,7 @@ def alive?
     # @since 1.0.0
     def connect
       @sock = if !!options[:ssl]
-        Socket::SSL.connect(host, port, timeout)
+        Socket::SSL.connect(host, port, timeout, options[:ssl])
       else
         Socket::TCP.connect(host, port, timeout)
       end
diff --git a/lib/moped/connection/socket/connectable.rb b/lib/moped/connection/socket/connectable.rb
index 3003a47..98f74d8 100644
--- a/lib/moped/connection/socket/connectable.rb
+++ b/lib/moped/connection/socket/connectable.rb
@@ -139,10 +139,10 @@ module ClassMethods
           # @return [ TCPSocket ] The socket.
           #
           # @since 1.0.0
-          def connect(host, port, timeout)
+          def connect(host, port, timeout, options=nil)
             begin
               Timeout::timeout(timeout) do
-                sock = new(host, port)
+                sock = new(host, port, options)
                 sock.set_encoding('binary')
                 timeout_val = [ timeout, 0 ].pack("l_2")
                 sock.setsockopt(::Socket::IPPROTO_TCP, ::Socket::TCP_NODELAY, 1)
diff --git a/lib/moped/connection/socket/ssl.rb b/lib/moped/connection/socket/ssl.rb
index f252f33..0c3aa04 100644
--- a/lib/moped/connection/socket/ssl.rb
+++ b/lib/moped/connection/socket/ssl.rb
@@ -19,11 +19,30 @@ class SSL < OpenSSL::SSL::SSLSocket
         # @param [ Integer ] port The port.
         #
         # @since 1.2.0
-        def initialize(host, port)
+        def initialize(host, port, options)
           @host, @port = host, port
           handle_socket_errors do
             @socket = TCPSocket.new(host, port)
-            super(socket)
+
+            context = OpenSSL::SSL::SSLContext.new
+            if options.is_a?(Hash)
+              if options['ca_path']
+                context.ca_path = options['ca_path']
+              elsif options['ca_file']
+                context.ca_file = options['ca_file']
+              else
+                store = OpenSSL::X509::Store.new
+                store.set_default_paths
+                context.cert_store = store
+              end
+
+              if options.has_key?('client_cert') && options.has_key?('client_key')
+                context.cert = OpenSSL::X509::Certificate.new(File.read(options['client_cert']))
+                context.key = OpenSSL::PKey::RSA.new(File.read(options['client_key']))
+              end
+            end
+
+            super(socket, context)
             self.sync_close = true
             connect
           end
diff --git a/lib/moped/connection/socket/tcp.rb b/lib/moped/connection/socket/tcp.rb
index f67e579..fcf4d7f 100644
--- a/lib/moped/connection/socket/tcp.rb
+++ b/lib/moped/connection/socket/tcp.rb
@@ -15,7 +15,7 @@ class TCP < ::TCPSocket
         # @param [ Integer ] port The port.
         #
         # @since 1.2.0
-        def initialize(host, port)
+        def initialize(host, port, options)
           @host, @port = host, port
           handle_socket_errors { super }
         end
diff --git a/lib/moped/session.rb b/lib/moped/session.rb
index 1ada2b4..7dabe94 100644
--- a/lib/moped/session.rb
+++ b/lib/moped/session.rb
@@ -225,10 +225,11 @@ def logout
     # @since 2.0.0
     option(:down_interval).allow(Optionable.any(Numeric))
 
-    # Setup validation of allowed ssl options. (Any boolean)
+    # Setup validation of allowed ssl options. (Any boolean or Hash)
     #
     # @since 2.0.0
     option(:ssl).allow(true, false)
+    option(:ssl).allow(Optionable.any(Hash))
 
     # Setup validation of allowed timeout options. (Any numeric)
     #