diff --git a/config/configuration.go b/config/configuration.go
index cc4d4230a..06ad4a2e0 100644
--- a/config/configuration.go
+++ b/config/configuration.go
@@ -22,6 +22,7 @@ const (
 	SocketInsecureSkipVerify     string = "SocketInsecureSkipVerify"
 	SocketMinimumTLSVersion      string = "SocketMinimumTLSVersion"
 	SocketTimeout                string = "SocketTimeout"
+	SocketUseSSL                 string = "SocketUseSSL"
 	DefaultApplVerID             string = "DefaultApplVerID"
 	StartTime                    string = "StartTime"
 	EndTime                      string = "EndTime"
diff --git a/config/doc.go b/config/doc.go
index 041baf745..abfa7c9b5 100644
--- a/config/doc.go
+++ b/config/doc.go
@@ -284,6 +284,10 @@ SocketMinimumTLSVersion
 
 Specify the Minimum TLS version to use when creating a secure connection. The valid choices are SSL30, TLS10, TLS11, TLS12. Defaults to TLS12.
 
+SocketUseSSL
+
+Use SSL for initiators even if client certificates are not present. If set to N or omitted, TLS will not be used if SocketPrivateKeyFile or SocketCertificateFile are not supplied.
+
 PersistMessages
 
 If set to N, no messages will be persisted. This will force QuickFIX/Go to always send GapFills instead of resending messages. Use this if you know you never want to resend a message. Useful for market data streams.  Valid Values:
diff --git a/tls.go b/tls.go
index 0184fc7f4..ef6846f61 100644
--- a/tls.go
+++ b/tls.go
@@ -10,6 +10,14 @@ import (
 )
 
 func loadTLSConfig(settings *SessionSettings) (tlsConfig *tls.Config, err error) {
+	allowSkipClientCerts := false
+	if settings.HasSetting(config.SocketUseSSL) {
+		allowSkipClientCerts, err = settings.BoolSetting(config.SocketUseSSL)
+		if err != nil {
+			return
+		}
+	}
+
 	insecureSkipVerify := false
 	if settings.HasSetting(config.SocketInsecureSkipVerify) {
 		insecureSkipVerify, err = settings.BoolSetting(config.SocketInsecureSkipVerify)
@@ -19,9 +27,9 @@ func loadTLSConfig(settings *SessionSettings) (tlsConfig *tls.Config, err error)
 	}
 
 	if !settings.HasSetting(config.SocketPrivateKeyFile) && !settings.HasSetting(config.SocketCertificateFile) {
-		if insecureSkipVerify {
+		if allowSkipClientCerts {
 			tlsConfig = defaultTLSConfig()
-			tlsConfig.InsecureSkipVerify = true
+			tlsConfig.InsecureSkipVerify = insecureSkipVerify
 		}
 		return
 	}
diff --git a/tls_test.go b/tls_test.go
index 322c452c5..3ddbddeaf 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -90,6 +90,15 @@ func (s *TLSTestSuite) TestLoadTLSWithCA() {
 func (s *TLSTestSuite) TestInsecureSkipVerify() {
 	s.settings.GlobalSettings().Set(config.SocketInsecureSkipVerify, "Y")
 
+	tlsConfig, err := loadTLSConfig(s.settings.GlobalSettings())
+	s.Nil(err)
+	s.Nil(tlsConfig)
+}
+
+func (s *TLSTestSuite) TestInsecureSkipVerifyWithUseSSL() {
+	s.settings.GlobalSettings().Set(config.SocketUseSSL, "Y")
+	s.settings.GlobalSettings().Set(config.SocketInsecureSkipVerify, "Y")
+
 	tlsConfig, err := loadTLSConfig(s.settings.GlobalSettings())
 	s.Nil(err)
 	s.NotNil(tlsConfig)