diff --git a/include/villas/nodes/mqtt.hpp b/include/villas/nodes/mqtt.hpp
index 75a4ee2f3..261e35f9f 100644
--- a/include/villas/nodes/mqtt.hpp
+++ b/include/villas/nodes/mqtt.hpp
@@ -54,12 +54,16 @@ struct mqtt {
 	char *subscribe;	/**< Subscribe topic. */
 
 	struct {
-		int enabled;	/**< Enable SSL encrypted connection to broker. */
-		int insecure;	/**< Allow insecure SSL connections. */
-		char *cafile;	/**< SSL CA file. */
-		char *capath;	/**< SSL CA path. */
-		char *certfile;	/**< SSL certificate. */
-		char *keyfile;	/**< SSL private key. */
+		int enabled;	   /**< Enable SSL encrypted connection to broker. */
+		int insecure;	   /**< Allow insecure SSL connections. */
+		char *cafile;	   /**< SSL CA file. */
+		char *capath;	   /**< SSL CA path. */
+		char *certfile;	   /**< SSL certificate. */
+		char *keyfile;	   /**< SSL private key. */
+		int cert_reqs;	   /**< SSL_VERIFY_NONE(0) or SSL_VERIFY_PEER(1) */
+		char *tls_version; /**< SSL tls verion */
+		char *ciphers;      /**< SSL chipher list. */
+
 	} ssl;
 
 	villas::node::Format *formatter;
diff --git a/lib/nodes/mqtt.cpp b/lib/nodes/mqtt.cpp
index 600f55b7a..6f166b2ed 100644
--- a/lib/nodes/mqtt.cpp
+++ b/lib/nodes/mqtt.cpp
@@ -210,6 +210,9 @@ int mqtt_init(struct vnode *n)
 	m->ssl.capath = nullptr;
 	m->ssl.certfile = nullptr;
 	m->ssl.keyfile = nullptr;
+	m->ssl.cert_reqs = SSL_VERIFY_PEER;
+	m->ssl.tls_version = nullptr;
+	m->ssl.ciphers = nullptr;
 
 	return 0;
 
@@ -268,14 +271,19 @@ int mqtt_parse(struct vnode *n, json_t *json)
 		const char *capath = nullptr;
 		const char *certfile = nullptr;
 		const char *keyfile = nullptr;
+		const char *tls_version = nullptr;
+		const char *ciphers = nullptr;
 
-		ret = json_unpack_ex(json_ssl, &err, 0, "{ s?: b, s?: b, s?: s, s?: s, s?: s, s?: s }",
+		ret = json_unpack_ex(json_ssl, &err, 0, "{ s?: b, s?: b, s?: s, s?: s, s?: s, s?: s, s?: s, s?: b}",
 			"enabled", &m->ssl.enabled,
 			"insecure", &m->ssl.insecure,
 			"cafile", &cafile,
 			"capath", &capath,
 			"certfile", &certfile,
-			"keyfile", &keyfile
+			"keyfile", &keyfile,
+			"cipher", &ciphers,
+			"verify", &m->ssl.cert_reqs,
+			"tls_version", &tls_version
 		);
 		if (ret)
 			throw ConfigError(json_ssl, err, "node-config-node-mqtt-ssl", "Failed to parse SSL configuration of node {}", *n);
@@ -287,6 +295,7 @@ int mqtt_parse(struct vnode *n, json_t *json)
 		m->ssl.capath = capath ? strdup(capath) : nullptr;
 		m->ssl.certfile = certfile ? strdup(certfile) : nullptr;
 		m->ssl.keyfile = keyfile ? strdup(keyfile) : nullptr;
+		m->ssl.ciphers = ciphers ? strdup(ciphers) : nullptr;
 	}
 
 	/* Format */
@@ -408,6 +417,10 @@ int mqtt_start(struct vnode *n)
 		ret = mosquitto_tls_insecure_set(m->client, m->ssl.insecure);
 		if (ret != MOSQ_ERR_SUCCESS)
 			goto mosquitto_error;
+
+		ret = mosquitto_tls_opts_set(m->client, m->ssl.cert_reqs, m->ssl.tls_version, m->ssl.ciphers);
+		if (ret != MOSQ_ERR_SUCCESS)
+			goto mosquitto_error;
 	}
 
 	ret = mosquitto_connect(m->client, m->host, m->port, m->keepalive);