diff --git a/proftpd/lang/en b/proftpd/lang/en
index 3ccacbdf2..8a3923d36 100644
--- a/proftpd/lang/en
+++ b/proftpd/lang/en
@@ -39,6 +39,7 @@ type_3=Access Control
 type_4=Miscellaneous
 type_5=User and Group
 type_6=Authentication
+type_7=SSL Options
 
 virt_title=Virtual Server Options
 virt_header1=For $1
@@ -383,6 +384,17 @@ mod_readme_none=None
 mod_readme_edisplay=Missing readme files pattern
 
 mod_tls_engine=Enable SSL encryption?
+mod_tls_required=SSL required?
+mod_tls_ctrl=For control channel
+mod_tls_auth=For authentication
+mod_tls_authdata=For authentication and data
+mod_tls_file=SSL certificate file
+mod_tls_efile=SSL certificate file does not exist!
+mod_tls_key=SSL key file
+mod_tls_ekey=SSL key file does not exist!
+mod_tls_ca=SSL CA certificate file
+mod_tls_eca=SSL CA certificate file does not exist!
+mod_tls_none=None set
 
 start_err=Failed to start FTP server
 start_einetd=You cannot start the server daemon when in inetd mode.
diff --git a/proftpd/mod_tls.pl b/proftpd/mod_tls.pl
index cbff7b132..4d8eded83 100644
--- a/proftpd/mod_tls.pl
+++ b/proftpd/mod_tls.pl
@@ -2,7 +2,11 @@
 sub mod_tls_directives
 {
 local $rv = [
-	[ 'TLSEngine', 0, 0, 'virtual global', 1.27 ],
+	[ 'TLSEngine', 0, 7, 'virtual global', 1.27, 10 ],
+	[ 'TLSRequired', 0, 7, 'virtual global', 1.27, 1 ],
+	[ 'TLSRSACertificateFile', 0, 7, 'virtual global', 1.27, 8 ],
+	[ 'TLSRSACertificateKeyFile', 0, 7, 'virtual global', 1.27, 7 ],
+	[ 'TLSCACertificateFile', 0, 7, 'virtual global', 1.27, 6 ],
 	];
 return &make_directives($rv, $_[0], "mod_tls");
 }
@@ -18,3 +22,77 @@ sub save_TLSEngine
 {
 return &parse_choice("TLSEngine", "");
 }
+
+sub edit_TLSRequired
+{
+return (2, $text{'mod_tls_required'},
+	&select_input($_[0]->{'value'}, "TLSRequired", "",
+		      "$text{'yes'},on", "$text{'no'},off",
+		      "$text{'mod_tls_ctrl'},ctrl",
+		      "$text{'mod_tls_auth'},auth",
+		      "$text{'mod_tls_authdata'},auth+data",
+		      "$text{'default'},"));
+}
+sub save_TLSRequired
+{
+return &parse_choice("TLSRequired", "");
+}
+
+sub edit_TLSRSACertificateFile
+{
+my $n = $_[0]->{'name'};
+return (2, $text{'mod_tls_file'},
+	&ui_opt_textbox($n, $_[0]->{'value'}, 60, $text{'mod_tls_none'})." ".
+	&file_chooser_button($n));
+}
+sub save_TLSRSACertificateFile
+{
+my $n = $_[0]->{'name'};
+if ($in{$n."_def"}) {
+	return ( [ ] );
+	}
+else {
+	-r $in{$n} || &error($text{'mod_tls_efile'});
+	return ( [ $in{$n} ] );
+	}
+}
+
+sub edit_TLSRSACertificateKeyFile
+{
+my $n = $_[0]->{'name'};
+return (2, $text{'mod_tls_key'},
+	&ui_opt_textbox($n, $_[0]->{'value'}, 60, $text{'mod_tls_none'})." ".
+	&file_chooser_button($n));
+}
+sub save_TLSRSACertificateKeyFile
+{
+my $n = $_[0]->{'name'};
+if ($in{$n."_def"}) {
+	return ( [ ] );
+	}
+else {
+	-r $in{$n} || &error($text{'mod_tls_ekey'});
+	return ( [ $in{$n} ] );
+	}
+}
+
+sub edit_TLSCACertificateFile
+{
+my $n = $_[0]->{'name'};
+return (2, $text{'mod_tls_ca'},
+	&ui_opt_textbox($n, $_[0]->{'value'}, 60, $text{'mod_tls_none'})." ".
+	&file_chooser_button($n));
+}
+sub save_TLSCACertificateFile
+{
+my $n = $_[0]->{'name'};
+if ($in{$n."_def"}) {
+	return ( [ ] );
+	}
+else {
+	-r $in{$n} || &error($text{'mod_tls_eca'});
+	return ( [ $in{$n} ] );
+	}
+}
+
+1;