diff --git a/src/Config.php b/src/Config.php
index 1602a0d..eae1b35 100644
--- a/src/Config.php
+++ b/src/Config.php
@@ -32,11 +32,44 @@ class Config implements ConfigInterface
     public const PORT_SSL = 8729;
 
     /**
-     * Do not use SSL by default
+     * If true then use API in SSL mode
+     *
+     * @see https://wiki.mikrotik.com/wiki/Manual:API-SSL
      */
     public const SSL = false;
 
     /**
+     * List of additional options for work with SSL context
+     *
+     * @see https://www.php.net/manual/en/context.ssl.php
+     */
+    public const SSL_OPTIONS = [
+        /*
+         * Sets the list of available ciphers. By default RouterOS available via 'ADH:ALL'.
+         *
+         * @example 'ADH:ALL'             // Alias to ADH:ALL@SECLEVEL=1
+         *          'ADH:ALL@SECLEVEL=0'  // Everything is permitted. This retains compatibility with previous versions of OpenSSL.
+         *          'ADH:ALL@SECLEVEL=1'  // The security level corresponds to a minimum of 80 bits of security.
+         *          'ADH:ALL@SECLEVEL=2'  // Security level set to 112 bits of security.
+         *          'ADH:ALL@SECLEVEL=3'  // Security level set to 128 bits of security.
+         *          'ADH:ALL@SECLEVEL=4'  // Security level set to 192 bits of security.
+         *          'ADH:ALL@SECLEVEL=5'  // Security level set to 256 bits of security.
+         *
+         * @link https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
+         */
+        'ciphers'           => 'ADH:ALL', // ADH:ALL, ADH:ALL@SECLEVEL=0, ADH:ALL@SECLEVEL=1 ... ADH:ALL@SECLEVEL=5
+
+        // Require verification of SSL certificate used.
+        'verify_peer'       => false,
+
+        // Require verification of peer name.
+        'verify_peer_name'  => false,
+
+        // Allow self-signed certificates. Requires verify_peer.
+        'allow_self_signed' => false,
+    ];
+
+    /**
      * Max timeout for answer from router
      */
     public const TIMEOUT = 10;
@@ -60,16 +93,17 @@ class Config implements ConfigInterface
      * List of allowed parameters of config
      */
     public const ALLOWED = [
-        'host'     => 'string',  // Address of Mikrotik RouterOS
-        'user'     => 'string',  // Username
-        'pass'     => 'string',  // Password
-        'port'     => 'integer', // RouterOS API port number for access (if not set use default or default with SSL if SSL enabled)
-        'ssl'      => 'boolean', // Enable ssl support (if port is not set this parameter must change default port to ssl port)
-        'legacy'   => 'boolean', // Support of legacy login scheme (true - pre 6.43, false - post 6.43)
-        'timeout'  => 'integer', // Max timeout for answer from RouterOS
-        'attempts' => 'integer', // Count of attempts to establish TCP session
-        'delay'    => 'integer', // Delay between attempts in seconds
-        'ssh_port' => 'integer', // Number of SSH port
+        'host'        => 'string',  // Address of Mikrotik RouterOS
+        'user'        => 'string',  // Username
+        'pass'        => 'string',  // Password
+        'port'        => 'integer', // RouterOS API port number for access (if not set use default or default with SSL if SSL enabled)
+        'ssl'         => 'boolean', // Enable ssl support (if port is not set this parameter must change default port to ssl port)
+        'ssl_options' => 'array', // Enable ssl support (if port is not set this parameter must change default port to ssl port)
+        'legacy'      => 'boolean', // Support of legacy login scheme (true - pre 6.43, false - post 6.43)
+        'timeout'     => 'integer', // Max timeout for answer from RouterOS
+        'attempts'    => 'integer', // Count of attempts to establish TCP session
+        'delay'       => 'integer', // Delay between attempts in seconds
+        'ssh_port'    => 'integer', // Number of SSH port
     ];
 
     /**
@@ -78,12 +112,13 @@ class Config implements ConfigInterface
      * @var array
      */
     private $_parameters = [
-        'legacy'   => self::LEGACY,
-        'ssl'      => self::SSL,
-        'timeout'  => self::TIMEOUT,
-        'attempts' => self::ATTEMPTS,
-        'delay'    => self::ATTEMPTS_DELAY,
-        'ssh_port' => self::SSH_PORT,
+        'legacy'      => self::LEGACY,
+        'ssl'         => self::SSL,
+        'ssl_options' => self::SSL_OPTIONS,
+        'timeout'     => self::TIMEOUT,
+        'attempts'    => self::ATTEMPTS,
+        'delay'       => self::ATTEMPTS_DELAY,
+        'ssh_port'    => self::SSH_PORT,
     ];
 
     /**
@@ -102,7 +137,7 @@ class Config implements ConfigInterface
     }
 
     /**
-     * @inheritDoc
+     * {@inheritdoc}
      *
      * @throws \RouterOS\Exceptions\ConfigException when name of configuration key is invalid or not allowed
      */
@@ -134,17 +169,18 @@ class Config implements ConfigInterface
     private function getPort(string $parameter)
     {
         // If client need port number and port is not set
-        if ($parameter === 'port' && (!isset($this->_parameters['port']) || null === $this->_parameters['port'])) {
+        if ('port' === $parameter && (!isset($this->_parameters['port']) || null === $this->_parameters['port'])) {
             // then use default with or without ssl encryption
             return (isset($this->_parameters['ssl']) && $this->_parameters['ssl'])
                 ? self::PORT_SSL
                 : self::PORT;
         }
+
         return null;
     }
 
     /**
-     * @inheritDoc
+     * {@inheritdoc}
      *
      * @throws \RouterOS\Exceptions\ConfigException when parameter is not allowed
      */
@@ -162,7 +198,7 @@ class Config implements ConfigInterface
     }
 
     /**
-     * @inheritDoc
+     * {@inheritdoc}
      *
      * @throws \RouterOS\Exceptions\ConfigException when parameter is not allowed
      */
@@ -177,7 +213,7 @@ class Config implements ConfigInterface
     }
 
     /**
-     * @inheritDoc
+     * {@inheritdoc}
      */
     public function getParameters(): array
     {