diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index f95adad34f283521715b6713994a0e875f6efc3f..2b9a05f920482cd57ca4d7b95a9666d7066ef50b 100644
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -601,6 +601,20 @@ read_config( char *fname )
 #endif /*SLAPD_MODULES*/
 
 #ifdef HAVE_TLS
+		} else if ( !strcasecmp( cargv[0], "SSLProtocol" ) ) {
+			rc = ldap_pvt_tls_set_option( NULL,
+						      LDAP_OPT_X_TLS_PROTOCOL,
+						      cargv[1] );
+			if ( rc )
+				return rc;
+
+		} else if ( !strcasecmp( cargv[0], "SSLCipherSuite" ) ) {
+			rc = ldap_pvt_tls_set_option( NULL,
+						      LDAP_OPT_X_TLS_CIPHER_SUITE,
+						      cargv[1] );
+			if ( rc )
+				return rc;
+
 		} else if ( !strcasecmp( cargv[0], "SSLCertificateFile" ) ) {
 			rc = ldap_pvt_tls_set_option( NULL,
 						      LDAP_OPT_X_TLS_CERTFILE,
@@ -614,6 +628,21 @@ read_config( char *fname )
 						      cargv[1] );
 			if ( rc )
 				return rc;
+
+		} else if ( !strcasecmp( cargv[0], "SSLCACertificatePath" ) ) {
+			rc = ldap_pvt_tls_set_option( NULL,
+						      LDAP_OPT_X_TLS_CACERTDIR,
+						      cargv[1] );
+			if ( rc )
+				return rc;
+
+		} else if ( !strcasecmp( cargv[0], "SSLCACertificateFile" ) ) {
+			rc = ldap_pvt_tls_set_option( NULL,
+						      LDAP_OPT_X_TLS_CACERTFILE,
+						      cargv[1] );
+			if ( rc )
+				return rc;
+
 #endif
 
 		/* pass anything else to the current backend info/db config routine */