diff --git a/config/configuration.go b/config/configuration.go
index 317697a37018644bb9d07c201d25c020a4fff00c..04a7a76e858b6ef2e2e4962bf2a4c8b0e65dd807 100644
--- a/config/configuration.go
+++ b/config/configuration.go
@@ -20,6 +20,7 @@ const (
 	SocketCertificateFile        string = "SocketCertificateFile"
 	SocketCAFile                 string = "SocketCAFile"
 	SocketInsecureSkipVerify     string = "SocketInsecureSkipVerify"
+	SocketMinimumTLSVersion      string = "SocketMinimumTLSVersion"
 	DefaultApplVerID             string = "DefaultApplVerID"
 	StartTime                    string = "StartTime"
 	EndTime                      string = "EndTime"
diff --git a/config/doc.go b/config/doc.go
index d7ed1108b98bcfca83607c6700b6f90fec04e3d3..31cc60f973a102bc40ec431ade1c729ceae0efe3 100644
--- a/config/doc.go
+++ b/config/doc.go
@@ -239,6 +239,10 @@ SocketCAFile
 
 Optional root CA to use for secure TLS connections. For acceptors, client certificates will be verified against this CA.  For initiators, clients will use the CA to verify the server certificate. If not configurated, initiators will verify the server certificate using the host's root CA set.
 
+SocketMinimumTLSVersion
+
+Specify the Minimum TLS version to use when creating a secure connection. The valid choices are SSL30, TLS10, TLS11, TLS12. Defaults to TLS12.
+
 FileLogPath
 
 Directory to store logs.	Value must be valid directory for storing files, application must have write access.
diff --git a/tls.go b/tls.go
index 94ff89f8a553c464bcec106eace0d2e797943dc6..48cfe87a04ab76c2d034f46dd30bad45271c498e 100644
--- a/tls.go
+++ b/tls.go
@@ -40,6 +40,26 @@ func loadTLSConfig(settings *SessionSettings) (tlsConfig *tls.Config, err error)
 	tlsConfig.Certificates = make([]tls.Certificate, 1)
 	tlsConfig.InsecureSkipVerify = insecureSkipVerify
 
+	minVersion := "TLS12"
+	if settings.HasSetting(config.SocketMinimumTLSVersion) {
+		minVersion, err = settings.Setting(config.SocketMinimumTLSVersion)
+		if err != nil {
+			return
+		}
+
+		switch minVersion {
+		case "SSL30":
+			tlsConfig.MinVersion = tls.VersionSSL30
+		case "TLS10":
+			tlsConfig.MinVersion = tls.VersionTLS10
+		case "TLS11":
+			tlsConfig.MinVersion = tls.VersionTLS11
+		case "TLS12":
+			tlsConfig.MinVersion = tls.VersionTLS12
+		}
+	}
+
+
 	if tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(certificateFile, privateKeyFile); err != nil {
 		return
 	}
diff --git a/tls_test.go b/tls_test.go
index 9a78f587f26afaf0f27138a1ab5e0a84510d93f1..322c452c58e73611eae42923938b312b06ab7df8 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -109,3 +109,40 @@ func (s *TLSTestSuite) TestInsecureSkipVerifyAndCerts() {
 	s.True(tlsConfig.InsecureSkipVerify)
 	s.Len(tlsConfig.Certificates, 1)
 }
+
+func (s *TLSTestSuite) TestMinimumTLSVersion() {
+	s.settings.GlobalSettings().Set(config.SocketPrivateKeyFile, s.PrivateKeyFile)
+	s.settings.GlobalSettings().Set(config.SocketCertificateFile, s.CertificateFile)
+
+	// SSL30
+	s.settings.GlobalSettings().Set(config.SocketMinimumTLSVersion, "SSL30")
+	tlsConfig, err := loadTLSConfig(s.settings.GlobalSettings())
+
+	s.Nil(err)
+	s.NotNil(tlsConfig)
+	s.Equal(tlsConfig.MinVersion, uint16(tls.VersionSSL30))
+
+	// TLS10
+	s.settings.GlobalSettings().Set(config.SocketMinimumTLSVersion, "TLS10")
+	tlsConfig, err = loadTLSConfig(s.settings.GlobalSettings())
+
+	s.Nil(err)
+	s.NotNil(tlsConfig)
+	s.Equal(tlsConfig.MinVersion, uint16(tls.VersionTLS10))
+
+	// TLS11
+	s.settings.GlobalSettings().Set(config.SocketMinimumTLSVersion, "TLS11")
+	tlsConfig, err = loadTLSConfig(s.settings.GlobalSettings())
+
+	s.Nil(err)
+	s.NotNil(tlsConfig)
+	s.Equal(tlsConfig.MinVersion, uint16(tls.VersionTLS11))
+
+	// TLS12
+	s.settings.GlobalSettings().Set(config.SocketMinimumTLSVersion, "TLS12")
+	tlsConfig, err = loadTLSConfig(s.settings.GlobalSettings())
+
+	s.Nil(err)
+	s.NotNil(tlsConfig)
+	s.Equal(tlsConfig.MinVersion, uint16(tls.VersionTLS12))
+}