diff --git a/config/configuration.go b/config/configuration.go
index 317697a37..04a7a76e8 100644
--- a/config/configuration.go
+++ b/config/configuration.go
@@ -20,6 +20,7 @@ const (
 	SocketCertificateFile        string = "SocketCertificateFile"
 	SocketCAFile                 string = "SocketCAFile"
 	SocketInsecureSkipVerify     string = "SocketInsecureSkipVerify"
+	SocketMinimumTLSVersion      string = "SocketMinimumTLSVersion"
 	DefaultApplVerID             string = "DefaultApplVerID"
 	StartTime                    string = "StartTime"
 	EndTime                      string = "EndTime"
diff --git a/config/doc.go b/config/doc.go
index d7ed1108b..31cc60f97 100644
--- a/config/doc.go
+++ b/config/doc.go
@@ -239,6 +239,10 @@ SocketCAFile
 
 Optional root CA to use for secure TLS connections. For acceptors, client certificates will be verified against this CA.  For initiators, clients will use the CA to verify the server certificate. If not configurated, initiators will verify the server certificate using the host's root CA set.
 
+SocketMinimumTLSVersion
+
+Specify the Minimum TLS version to use when creating a secure connection. The valid choices are SSL30, TLS10, TLS11, TLS12. Defaults to TLS12.
+
 FileLogPath
 
 Directory to store logs.	Value must be valid directory for storing files, application must have write access.
diff --git a/tls.go b/tls.go
index 94ff89f8a..48cfe87a0 100644
--- a/tls.go
+++ b/tls.go
@@ -40,6 +40,26 @@ func loadTLSConfig(settings *SessionSettings) (tlsConfig *tls.Config, err error)
 	tlsConfig.Certificates = make([]tls.Certificate, 1)
 	tlsConfig.InsecureSkipVerify = insecureSkipVerify
 
+	minVersion := "TLS12"
+	if settings.HasSetting(config.SocketMinimumTLSVersion) {
+		minVersion, err = settings.Setting(config.SocketMinimumTLSVersion)
+		if err != nil {
+			return
+		}
+
+		switch minVersion {
+		case "SSL30":
+			tlsConfig.MinVersion = tls.VersionSSL30
+		case "TLS10":
+			tlsConfig.MinVersion = tls.VersionTLS10
+		case "TLS11":
+			tlsConfig.MinVersion = tls.VersionTLS11
+		case "TLS12":
+			tlsConfig.MinVersion = tls.VersionTLS12
+		}
+	}
+
+
 	if tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(certificateFile, privateKeyFile); err != nil {
 		return
 	}
diff --git a/tls_test.go b/tls_test.go
index 9a78f587f..322c452c5 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -109,3 +109,40 @@ func (s *TLSTestSuite) TestInsecureSkipVerifyAndCerts() {
 	s.True(tlsConfig.InsecureSkipVerify)
 	s.Len(tlsConfig.Certificates, 1)
 }
+
+func (s *TLSTestSuite) TestMinimumTLSVersion() {
+	s.settings.GlobalSettings().Set(config.SocketPrivateKeyFile, s.PrivateKeyFile)
+	s.settings.GlobalSettings().Set(config.SocketCertificateFile, s.CertificateFile)
+
+	// SSL30
+	s.settings.GlobalSettings().Set(config.SocketMinimumTLSVersion, "SSL30")
+	tlsConfig, err := loadTLSConfig(s.settings.GlobalSettings())
+
+	s.Nil(err)
+	s.NotNil(tlsConfig)
+	s.Equal(tlsConfig.MinVersion, uint16(tls.VersionSSL30))
+
+	// TLS10
+	s.settings.GlobalSettings().Set(config.SocketMinimumTLSVersion, "TLS10")
+	tlsConfig, err = loadTLSConfig(s.settings.GlobalSettings())
+
+	s.Nil(err)
+	s.NotNil(tlsConfig)
+	s.Equal(tlsConfig.MinVersion, uint16(tls.VersionTLS10))
+
+	// TLS11
+	s.settings.GlobalSettings().Set(config.SocketMinimumTLSVersion, "TLS11")
+	tlsConfig, err = loadTLSConfig(s.settings.GlobalSettings())
+
+	s.Nil(err)
+	s.NotNil(tlsConfig)
+	s.Equal(tlsConfig.MinVersion, uint16(tls.VersionTLS11))
+
+	// TLS12
+	s.settings.GlobalSettings().Set(config.SocketMinimumTLSVersion, "TLS12")
+	tlsConfig, err = loadTLSConfig(s.settings.GlobalSettings())
+
+	s.Nil(err)
+	s.NotNil(tlsConfig)
+	s.Equal(tlsConfig.MinVersion, uint16(tls.VersionTLS12))
+}