diff --git a/miniserv.pl b/miniserv.pl
index fb7912505..751661990 100755
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -1704,7 +1704,7 @@ if ($header{'user-agent'} =~ /webmin/i ||
 	}
 
 # Check for SSL authentication
-my $trust_ssl = $config{'trust_real_ip'} == 2;
+my $trust_ssl = $config{'trust_real_ip'} && !$config{'no_trust_ssl'};
 if ($use_ssl && $verified_client ||
     $trust_ssl && $header{'x-ssl-client-dn'}) {
 	if ($use_ssl && $verified_client) {
diff --git a/webmin/change_access.cgi b/webmin/change_access.cgi
index f0d9fe5ac..74a49e438 100755
--- a/webmin/change_access.cgi
+++ b/webmin/change_access.cgi
@@ -38,7 +38,18 @@ if ($in{"access"} == 1) { $miniserv{"allow"} = join(' ', @hosts); }
 elsif ($in{"access"} == 2) { $miniserv{"deny"} = join(' ', @hosts); }
 $miniserv{'libwrap'} = $in{'libwrap'};
 $miniserv{'alwaysresolve'} = $in{'alwaysresolve'};
-$miniserv{'trust_real_ip'} = $in{'trust'};
+if ($in{'trust'} == 2) {
+	$miniserv{'trust_real_ip'} = 1;
+	$miniserv{'no_trust_ssl'} = 0;
+	}
+elsif ($in{'trust'} == 1) {
+	$miniserv{'trust_real_ip'} = 1;
+	$miniserv{'no_trust_ssl'} = 1;
+	}
+else {
+	$miniserv{'trust_real_ip'} = 0;
+	$miniserv{'no_trust_ssl'} = 1;
+	}
 &put_miniserv_config(\%miniserv);
 &unlock_file($ENV{'MINISERV_CONFIG'});
 &show_restart_page();
diff --git a/webmin/edit_access.cgi b/webmin/edit_access.cgi
index f5c433358..dd8290968 100755
--- a/webmin/edit_access.cgi
+++ b/webmin/edit_access.cgi
@@ -27,8 +27,10 @@ print &ui_table_row($text{'access_ip'},
 print &ui_table_row($text{'access_always'},
 	&ui_yesno_radio("alwaysresolve", int($miniserv{'alwaysresolve'})));
 
+$mode = $miniserv{'trust_real_ip'} && !$miniserv{'no_trust_ssl'} ? 2 :
+	$miniserv{'trust_real_ip'} ? 1 : 0;
 print &ui_table_row(&hlink($text{'access_trust_lvl'}, "access_trust_lvl"),
-	&ui_radio("trust", int($miniserv{'trust_real_ip'}),
+	&ui_radio("trust", $mode,
 		  [ [ 0, $text{'access_trust_lvl0'} ],
 		    [ 1, $text{'access_trust_lvl1'} ],
 		    [ 2, $text{'access_trust_lvl2'} ] ]));
diff --git a/webmin/postinstall.pl b/webmin/postinstall.pl
index 094046049..b520b1b5c 100755
--- a/webmin/postinstall.pl
+++ b/webmin/postinstall.pl
@@ -46,8 +46,8 @@ if (!-r $first_install_file || $miniserv{'login_script'} eq $record_login_cmd) {
 	}
 
 # Disable trusting SSL certs unless already enabled
-if ($miniserv{'trust_real_ip'} == 1 && &get_webmin_version() <= 2.300) {
-	$miniserv{'trust_real_ip'} = 2;
+if (!$miniserv{'trust_real_ip'} && !defined($miniserv{'no_trust_ssl'})) {
+	$miniserv{'no_trust_ssl'} = 1;
 	}
 
 &put_miniserv_config(\%miniserv);