diff --git a/core/src/main/java/com/github/games647/fastlogin/core/shared/FastLoginCore.java b/core/src/main/java/com/github/games647/fastlogin/core/shared/FastLoginCore.java
index a5dfd05d..27ef947b 100644
--- a/core/src/main/java/com/github/games647/fastlogin/core/shared/FastLoginCore.java
+++ b/core/src/main/java/com/github/games647/fastlogin/core/shared/FastLoginCore.java
@@ -211,6 +211,12 @@ public class FastLoginCore<P extends C, C, T extends PlatformPlugin<C>> {
             int port = config.get("port", 3306);
             boolean useSSL = config.get("useSSL", false);
 
+            if (useSSL) {
+                databaseConfig.addDataSourceProperty("allowPublicKeyRetrieval", config.getBoolean("allowPublicKeyRetrieval", false));
+                databaseConfig.addDataSourceProperty("serverRSAPublicKeyFile", config.getString("ServerRSAPublicKeyFile"));
+                databaseConfig.addDataSourceProperty("sslMode", config.getString("sslMode", "Required"));
+            }
+
             databaseConfig.setUsername(config.get("username", ""));
             databaseConfig.setPassword(config.getString("password"));
             storage = new MySQLStorage(this, host, port, database, databaseConfig, useSSL);
diff --git a/core/src/main/java/com/github/games647/fastlogin/core/storage/MySQLStorage.java b/core/src/main/java/com/github/games647/fastlogin/core/storage/MySQLStorage.java
index ce22d79f..b9b513a2 100644
--- a/core/src/main/java/com/github/games647/fastlogin/core/storage/MySQLStorage.java
+++ b/core/src/main/java/com/github/games647/fastlogin/core/storage/MySQLStorage.java
@@ -3,30 +3,35 @@ package com.github.games647.fastlogin.core.storage;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
 import com.zaxxer.hikari.HikariConfig;
 
+import java.util.Map;
+
 public class MySQLStorage extends SQLStorage {
 
-    public MySQLStorage(FastLoginCore<?, ?, ?> core, String host, int port, String database, HikariConfig config, boolean useSSL) {
+    public MySQLStorage(FastLoginCore<?, ?, ?> core, String host, int port, String database, HikariConfig config,
+                        Map<String, Object> sslOptions) {
         super(core,
                 "mysql://" + host + ':' + port + '/' + database,
-                setParams(config, useSSL));
+                setParams(config, sslOptions));
     }
 
-    private static HikariConfig setParams(HikariConfig config, boolean useSSL) {
+    private static HikariConfig setParams(HikariConfig config, Map<String, Object> sslOptions) {
+        boolean useSSL = (boolean) sslOptions.get("useSSL");
+
         // Require SSL on the server if requested in config - this will also verify certificate
         // Those values are deprecated in favor of sslMode
         config.addDataSourceProperty("useSSL", useSSL);
         config.addDataSourceProperty("requireSSL", useSSL);
 
-        if (useSSL) {
-            // require encrypted if possible
-            config.addDataSourceProperty("sslMode", "VerifyFull");
-        }
-
         // adding paranoid hides hostname, username, version and so
         // could be useful for hiding server details
         config.addDataSourceProperty("paranoid", true);
 
         // enable MySQL specific optimizations
+        addPerformanceProperties(config);
+        return config;
+    }
+
+    private static void addPerformanceProperties(HikariConfig config) {
         // disabled by default - will return the same prepared statement instance
         config.addDataSourceProperty("cachePrepStmts", true);
         // default prepStmtCacheSize 25 - amount of cached statements
@@ -55,7 +60,5 @@ public class MySQLStorage extends SQLStorage {
         // performance gems presentation
         // In our case it can be useful to see the time in error messages
         // config.addDataSourceProperty("maintainTimeStats", false);
-
-        return config;
     }
 }
diff --git a/core/src/main/resources/config.yml b/core/src/main/resources/config.yml
index 4c89a7c4..d7cbc502 100644
--- a/core/src/main/resources/config.yml
+++ b/core/src/main/resources/config.yml
@@ -264,9 +264,19 @@ database: '{pluginDir}/FastLogin.db'
 #timeout: 30
 #lifetime: 30
 
-# It's strongly recommended to enable SSL and setup a SSL certificate if the MySQL server isn't running on the same
-# machine
+## It's recommended to enable SSL if the MySQL server isn't running on the same host
+## This will encrypt the connection for secure transportation of the sql server password
 #useSSL: false
+## Verification requirements for the server cert,
+## Values: Required (unchecked SSL connection), VerifyCA (verify CA), VerifyFull (verify CA and matching hostname)
+#sslMode=Required
+## TLS is preferred for this technique, then your host stored certificate store will be used to verify the server cert
+## Similar to HTTPS. If that's not possible RSA can be used with the following options.
+## This allows to request the public RSA key from the server to encrypt the data to it. True would allow machine-in-the-
+## middle attacks.
+#allowPublicKeyRetrieval=false
+## Path to the RSA public key if key retrieval is forbidden
+#ServerRSAPublicKeyFile=
 
 # HTTP proxies for connecting to the Mojang servers in order to check if the username of a player is premium.
 # This is a workaround to prevent rate-limiting by Mojang. These proxies will only be used once your server hit