diff --git a/trunk/auto/depends.sh b/trunk/auto/depends.sh
index 6429ee4554..d76c72106c 100755
--- a/trunk/auto/depends.sh
+++ b/trunk/auto/depends.sh
@@ -495,9 +495,9 @@ if [[ $SRS_SSL == YES && $SRS_USE_SYS_SSL != YES ]]; then
     if [[ $SRS_OSX == YES ]]; then
         export KERNEL_BITS=64;
     fi
-    # Which openssl we choose, openssl-1.0.* for SRTP with ASM, others we use openssl-1.1.*
+    # Default to openssl 1.1, use 1.0 if required.
     OPENSSL_CANDIDATE="openssl-1.1.0e" && OPENSSL_UNZIP="unzip -q ../../3rdparty/$OPENSSL_CANDIDATE.zip"
-    if [[ $SRS_SRTP_ASM == YES ]]; then
+    if [[ $SRS_SSL_1_0 == YES ]]; then
         OPENSSL_CANDIDATE="openssl-OpenSSL_1_0_2u" && OPENSSL_UNZIP="tar xf ../../3rdparty/$OPENSSL_CANDIDATE.tar.gz"
     fi
     # cross build not specified, if exists flag, need to rebuild for no-arm platform.
diff --git a/trunk/auto/options.sh b/trunk/auto/options.sh
index b562fcbb16..3cfd64eb98 100755
--- a/trunk/auto/options.sh
+++ b/trunk/auto/options.sh
@@ -35,7 +35,8 @@ SRS_GPROF=NO # Performance test: gprof
 SRS_STREAM_CASTER=YES
 SRS_INGEST=YES
 SRS_SSL=YES
-SRS_HTTPS=NO
+SRS_SSL_1_0=NO
+SRS_HTTPS=YES
 SRS_STAT=YES
 SRS_TRANSCODE=YES
 SRS_HTTP_CALLBACK=YES
@@ -275,6 +276,7 @@ function parse_user_option() {
         --with-ssl)                     SRS_SSL=YES                 ;;
         --ssl)                          if [[ $value == off ]]; then SRS_SSL=NO; else SRS_SSL=YES; fi    ;;
         --https)                        if [[ $value == off ]]; then SRS_HTTPS=NO; else SRS_HTTPS=YES; fi ;;
+        --ssl-1-0)                      if [[ $value == off ]]; then SRS_SSL_1_0=NO; else SRS_SSL_1_0=YES; fi ;;
 
         --with-hds)                     SRS_HDS=YES                 ;;
         --without-hds)                  SRS_HDS=NO                  ;;
@@ -513,6 +515,12 @@ function apply_detail_options() {
         SRS_SRTP_ASM=NO
     fi
 
+    # Which openssl we choose, openssl-1.0.* for SRTP with ASM, others we use openssl-1.1.*
+    if [[ $SRS_SRTP_ASM == YES && $SRS_SSL_1_0 == NO ]]; then
+        echo "Use openssl-1.0 for SRTP ASM."
+        SRS_SSL_1_0=YES
+    fi
+
     if [[ $SRS_OSX == YES && $SRS_SENDMMSG == YES ]]; then
         echo "Disable sendmmsg for OSX"
         SRS_SENDMMSG=NO
@@ -530,6 +538,7 @@ function regenerate_options() {
     if [ $SRS_DVR = YES ]; then             SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --dvr=on"; else             SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --dvr=off"; fi
     if [ $SRS_SSL = YES ]; then             SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl=on"; else             SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl=off"; fi
     if [ $SRS_HTTPS = YES ]; then           SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --https=on"; else           SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --https=off"; fi
+    if [ $SRS_SSL_1_0 = YES ]; then         SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl-1-0=on"; else         SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl-1-0=off"; fi
     if [ $SRS_USE_SYS_SSL = YES ]; then     SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --sys-ssl=on"; else         SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --sys-ssl=off"; fi
     if [ $SRS_TRANSCODE = YES ]; then       SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --transcode=on"; else       SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --transcode=off"; fi
     if [ $SRS_INGEST = YES ]; then          SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ingest=on"; else          SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ingest=off"; fi
diff --git a/trunk/src/protocol/srs_service_http_client.cpp b/trunk/src/protocol/srs_service_http_client.cpp
index e09f9470ae..08e72887cf 100644
--- a/trunk/src/protocol/srs_service_http_client.cpp
+++ b/trunk/src/protocol/srs_service_http_client.cpp
@@ -76,7 +76,11 @@ srs_error_t SrsSslClient::handshake()
     srs_error_t err = srs_success;
 
     // For HTTPS, try to connect over security transport.
+#if (OPENSSL_VERSION_NUMBER < 0x10002000L) // v1.0.2
     SSL_CTX* ssl_ctx = SSL_CTX_new(TLS_method());
+#else
+    SSL_CTX* ssl_ctx = SSL_CTX_new(TLSv1_2_method());
+#endif
     SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, srs_verify_callback);
     srs_assert(SSL_CTX_set_cipher_list(ssl_ctx, "ALL") == 1);
 
@@ -461,7 +465,7 @@ srs_error_t SrsHttpClient::connect()
     ssl_transport = new SrsSslClient(transport);
 
     srs_utime_t starttime = srs_update_system_time();
-    
+
     if ((err = ssl_transport->handshake()) != srs_success) {
         disconnect();
         return srs_error_wrap(err, "http: ssl connect %s %s:%d to=%dms, rto=%dms",
diff --git a/trunk/src/protocol/srs_service_http_client.hpp b/trunk/src/protocol/srs_service_http_client.hpp
index 3c61221644..351735f227 100644
--- a/trunk/src/protocol/srs_service_http_client.hpp
+++ b/trunk/src/protocol/srs_service_http_client.hpp
@@ -31,12 +31,6 @@
 
 #include <openssl/ssl.h>
 
-#ifdef SRS_HTTPS
-#if (OPENSSL_VERSION_NUMBER < 0x10002000L) // v1.0.2
-    #error "For https, we requires openssl 1.0.2+"
-#endif
-#endif
-
 #include <srs_service_st.hpp>
 #include <srs_http_stack.hpp>