diff --git a/src/plugins/SSLPlugin/my_ssl.c b/src/plugins/SSLPlugin/my_ssl.c
index 9ad421a..ce31591 100644
--- a/src/plugins/SSLPlugin/my_ssl.c
+++ b/src/plugins/SSLPlugin/my_ssl.c
@@ -92,6 +92,8 @@ static int add_ext(X509 *cert, int nid, char *value)
 }
 
 extern char *cert_path;
+extern char *ssl_ciphers;
+extern int certcache_on;
 
 void del_ext(X509 *dst_cert, int nid, int where){
 	int ex;
@@ -176,7 +178,8 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert)
 	}
 
 	/* write to cache */
-
+        fcache = NULL;
+	if (certcache_on % 2)
 	fcache = BIO_new_file(cache_name, "wb");
 	if ( fcache != NULL ) {
 #ifndef _WIN32
@@ -222,6 +225,12 @@ SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CERT *server_cer
 		return NULL;
 	}
 
+        SSL_set_mode(conn->ssl,SSL_MODE_SEND_FALLBACK_SCSV);
+        SSL_clear_mode(conn->ssl,SSL_MODE_AUTO_RETRY);
+        SSL_set_verify(conn->ssl,SSL_VERIFY_NONE,NULL);
+        SSL_set_security_level(conn->ssl,0);
+        SSL_set_cipher_list(conn->ssl,ssl_ciphers);
+
 	if(!SSL_set_fd(conn->ssl, s)){
 		ssl_conn_free(conn);
 		return NULL;
@@ -299,6 +308,13 @@ SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CERT server_cert, char** errSSL)
 		return NULL;
 	}
 
+        SSL_set_mode(conn->ssl,SSL_MODE_SEND_FALLBACK_SCSV);
+        SSL_clear_mode(conn->ssl,SSL_MODE_AUTO_RETRY);
+        SSL_set_verify(conn->ssl,SSL_VERIFY_NONE,NULL);
+        SSL_set_security_level(conn->ssl,0);
+        SSL_set_cipher_list(conn->ssl,ssl_ciphers);
+
+
 	SSL_set_fd(conn->ssl, (int)s);
 	err = SSL_accept(conn->ssl);
 	if ( err <= 0 ) {
diff --git a/src/plugins/SSLPlugin/ssl_plugin.c b/src/plugins/SSLPlugin/ssl_plugin.c
index 1365821..f97ad04 100644
--- a/src/plugins/SSLPlugin/ssl_plugin.c
+++ b/src/plugins/SSLPlugin/ssl_plugin.c
@@ -336,6 +336,21 @@ static struct filter ssl_filter = {
 
 int mitm = 0;
 int ssl_inited = 0;
+int certcache_on = 1;
+char *ssl_ciphers = "DEFAULT";
+
+
+static int h_certcache(int argc, unsigned char **argv){
+	certcache_on ++;
+	return 0;
+}
+
+static int h_ciphers(int argc, unsigned char **argv){
+	if(ssl_ciphers && *ssl_ciphers) free(ssl_ciphers);
+	ssl_ciphers = strdup(argv[1]);
+	return 0;
+}
+
 
 static int h_mitm(int argc, unsigned char **argv){
 	if(!ssl_inited) {
@@ -377,7 +392,9 @@ static int h_certpath(int argc, unsigned char **argv){
 static struct commands ssl_commandhandlers[] = {
 	{ssl_commandhandlers+1, "ssl_mitm", h_mitm, 1, 1},
 	{ssl_commandhandlers+2, "ssl_nomitm", h_nomitm, 1, 1},
-	{NULL, "ssl_certcache", h_certpath, 2, 2},
+	{ssl_commandhandlers+3, "ssl_certcache", h_certpath, 2, 2},
+        {ssl_commandhandlers+4, "ssl_ciphers", h_ciphers, 2, 2},
+        {NULL, "toggle_certstore", h_certcache, 1, 1},
 };
 
 
@@ -401,7 +418,7 @@ PLUGINAPI int PLUGINCALL ssl_plugin (struct pluginlink * pluginlink,
 		pl->so->_recvfrom = ssl_recvfrom;
 		pl->so->_closesocket = ssl_closesocket;
 		pl->so->_poll = ssl_poll;
-		ssl_commandhandlers[2].next = pl->commandhandlers->next;
+		ssl_commandhandlers[4].next = pl->commandhandlers->next;
 		pl->commandhandlers->next = ssl_commandhandlers;
 	}
 	else {
