diff --git a/exec/binkit.js b/exec/binkit.js
index 0efd5aae72928576846caf586193fe20852e2452..5c87a981a54eb5165c9852073fe0475492b86102 100644
--- a/exec/binkit.js
+++ b/exec/binkit.js
@@ -596,6 +596,7 @@ function callout(addr, scfg, locks, bicfg)
 	var bp = new BinkP(version_notice, undefined, rx_callback, tx_callback);
 	var port;
 	var host;
+	var tls = false;
 	var f;
 	var success = false;
 	var src_addr;
@@ -618,6 +619,7 @@ function callout(addr, scfg, locks, bicfg)
 		bp.cb_data.binkitpw = bp.cb_data.binkitcfg.node[addr].pass;
 		port = bp.cb_data.binkitcfg.node[addr].port;
 		host = bp.cb_data.binkitcfg.node[addr].host;
+		tls = bp.cb_data.binkitcfg.node[addr].tls;
 		if (bp.plain_auth_only) {
 			bp.require_md5 = false;
 			bp.require_crypt = false;
@@ -657,7 +659,7 @@ function callout(addr, scfg, locks, bicfg)
 
 	log(LOG_DEBUG, format("connecting to %s at %s", addr, host));
 	// We won't add files until the auth finishes...
-	success = bp.connect(addr, bp.cb_data.binkitpw, callout_auth_cb, port, host);
+	success = bp.connect(addr, bp.cb_data.binkitpw, callout_auth_cb, port, host, tls);
 	// Statistics
 	update_stats(stats.callout[success], addr, bp, host);
 	update_totals(stats.totals, addr, bp, true, success);
diff --git a/exec/load/binkp.js b/exec/load/binkp.js
index 42e2217c4334ff60e49551937f54e03bc2e4bc42..06844aa117267e017ede453c418da6f7d99ab633 100644
--- a/exec/load/binkp.js
+++ b/exec/load/binkp.js
@@ -402,7 +402,7 @@ BinkP.prototype.parseArgs = function(data)
  * parameter string send with the M_OK message... hopefully either "secure"
  * or "non-secure"
  */
-BinkP.prototype.connect = function(addr, password, auth_cb, port, inet_host)
+BinkP.prototype.connect = function(addr, password, auth_cb, port, inet_host, tls)
 {
 	var pkt;
 	var i;
@@ -455,6 +455,11 @@ BinkP.prototype.connect = function(addr, password, auth_cb, port, inet_host)
 
 	log(LOG_DEBUG, "Connection to "+inet_host+":"+port+" successful");
 
+	if(tls === true) {
+		log(LOG_INFO, "Negotiating TLS");
+		this.sock.ssl_session = true;
+	}
+
 	this.authenticated = undefined;
 	if (this.crypt_support && !this.plain_auth_only && password !== '-')
 		this.sendCmd(this.command.M_NUL, "OPT CRYPT");
diff --git a/exec/load/fidocfg.js b/exec/load/fidocfg.js
index 0b5a61a57f28841abde9d3a6961bf98f8521bfbd..905e5d3e636d4434f01ec050fda9e70fbc77b1f3 100644
--- a/exec/load/fidocfg.js
+++ b/exec/load/fidocfg.js
@@ -387,6 +387,7 @@ function BinkITCfg()
 			this.node[sec].host = f.iniGetValue(section, 'BinkpHost');
 			this.node[sec].inbox = f.iniGetValue(section, 'inbox');
 			this.node[sec].outbox = f.iniGetValue(section, 'outbox');
+			this.node[sec].tls = f.iniGetValue(section, 'BinkpTLS', false);
 		}, this);
 		f.close();
 	}