diff --git a/includes/database.mysql.inc b/includes/database.mysql.inc
index 5ad5f3e..1357fcc 100644
--- a/includes/database.mysql.inc
+++ b/includes/database.mysql.inc
@@ -67,13 +67,20 @@
     $url['host'] = $url['host'] .':'. $url['port'];
   }
 
+  // Should we connect using SSL?
+  if (isset($GLOBALS['db_ssl']) && $GLOBALS['ssl']) {
+    $connect_flags = MYSQL_CLIENT_FOUND_ROWS | MYSQL_CLIENT_SSL;
+  } else {
+    $connect_flags = MYSQL_CLIENT_FOUND_ROWS;
+  }
+
   // - TRUE makes mysql_connect() always open a new link, even if
   //   mysql_connect() was called before with the same parameters.
   //   This is important if you are using two databases on the same
   //   server.
   // - 2 means CLIENT_FOUND_ROWS: return the number of found
   //   (matched) rows, not the number of affected rows.
-  $connection = @mysql_connect($url['host'], $url['user'], $url['pass'], TRUE, 2);
+  $connection = @mysql_connect($url['host'], $url['user'], $url['pass'], TRUE, $connect_flags);
   if (!$connection || !mysql_select_db(substr($url['path'], 1))) {
     // Show error screen otherwise
     _db_error_page(mysql_error());

diff --git a/includes/database.mysqli.inc b/includes/database.mysqli.inc
index c6297b7..32205d5 100644
--- a/includes/database.mysqli.inc
+++ b/includes/database.mysqli.inc
@@ -72,7 +72,29 @@
   }
 
   $connection = mysqli_init();
-  @mysqli_real_connect($connection, $url['host'], $url['user'], $url['pass'], substr($url['path'], 1), $url['port'], NULL, MYSQLI_CLIENT_FOUND_ROWS);
+
+  // check for ssl options
+  if (isset($GLOBALS['db_ssl']) && $GLOBALS['db_ssl']) {
+    // set connection flag to indicate SSL connection
+    $connect_flags = MYSQLI_CLIENT_FOUND_ROWS | MYSQLI_CLIENT_SSL;
+
+    // which configuration params should we use?
+    // prefer reading default my.cnf configuration file over specified credentials
+    if (!empty($GLOBALS['db_my_cnf']) && file_exists($GLOBALS['db_my_cnf']) && $creds['driver'] == 'mysqli') {
+      @mysqli_options($connection, MYSQLI_READ_DEFAULT_FILE, $GLOBALS['db_my_cnf']);
+    }
+    // use credentials if specified, and accessible
+    elseif ((!empty($GLOBALS['db_ssl_ca']) && !empty($GLOBALS['db_ssl_key']) && !empty($GLOBALS['db_ssl_cert']))
+        && (file_exists($GLOBALS['db_ssl_ca']) && file_exists($GLOBALS['db_ssl_key']) && file_exists($GLOBALS['db_ssl_cert']))
+        && $creds['driver'] == 'mysqli') {
+      // Set the conenction options for this connection id
+      @mysqli_ssl_set($connection, $GLOBALS['db_ssl_key'], $GLOBALS['db_ssl_cert'], $GLOBALS['db_ssl_ca'], NULL, NULL);
+    }
+  } else {
+    $connect_flags = MYSQLI_CLIENT_FOUND_ROWS;
+  }
+
+  @mysqli_real_connect($connection, $url['host'], $url['user'], $url['pass'], substr($url['path'], 1), $url['port'], NULL, $connect_flags);
 
   if (mysqli_connect_errno() > 0) {
     _db_error_page(mysqli_connect_error());

diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php
index 70c6480..ec2c696 100644
--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -91,6 +91,73 @@
 $db_url = 'mysql://username:password@localhost/databasename';
 $db_prefix = '';
 
+
+/**
+ * Securing the Database Connection
+ *
+ * If you are connecting to your datbase across a network, and need
+ * the data to remain secure, you will want to use an SSL enabled
+ * database connection.
+ *
+ * The following variables can be used to provide the appropriate
+ * Certifcates, Keys and CA for securing you DB connection.
+ *
+ * Example:
+ *   # This will turn on the use of SSL, if you are using the mysql driver,
+ *   # then the driver will read your default my.cnf file for certificate
+ *   # information, and nothing else needs to be configured.
+ *   $db_ssl = true;
+ *
+ * One of the following following configurations should be used when using
+ * the mysqli driver.
+ *
+ *   # Path to the CA certificate used in generating the MySQL Server
+ *   # and client certificates.
+ *   $db_ssl_ca = '/path/to/ca.crt';
+ *   # Path to the MySQL client key for user on this connection
+ *   $db_ssl_key = '/path/to/keyfile.key';
+ *   # Path to the MySQL client certificate for use on this connection
+ *   $db_ssl_cert = '/path/to/certfile.crt';
+ *
+ * Alternately, if you have your ssl certificates setup in a client my.cnf
+ * we can set the $db_my_cnf variable, and this file will be used for the
+ * SSL connection. (NOTE: This is also what the mysql driver needs, but there
+ * is no need to specify its location with the mysql driver)
+ *
+ *   # Path to mysql client configuration file, can also specify the standard
+ *   # my.cnf (/etc/mysql/my.cnf or /etc/my.cnf), as long as it includes the
+ *   # client configuration.
+ *   $db_my_cnf = '/etc/mysql/conf.d/my.cnf';
+ *
+ *   (ex: /etc/mysql/conf.d/my.cnf;
+ *      [client]
+ *      ssl=true
+ *      ssl-ca=/etc/ssl/mariadb/ca.crt
+ *      ssl-cert=/etc/ssl/mariadb/monty-dev.cgraphics.com.crt
+ *      ssl-key=/etc/ssl/mariadb/monty-dev.cgraphics.com.key
+ *   )
+ *
+ * All above files MUST be readable by the web server.
+ *
+ * The following provides instructions for creating the MySQL account, you should
+ * use the REQUIRE X509 option as a minimum.
+ *
+ * @see http://dev.mysql.com/doc/refman/5.5/en/grant.html
+ */
+# $db_ssl = true;
+
+/**
+ * Use these config options OR
+ */
+# $db_ssl_ca = '/etc/ssl/mysql/ca.crt';
+# $db_ssl_key = '/etc/ssl/mysql/keyfile.key';
+# $db_ssl_cert = '/etc/ssl/mysql/certfile.crt';
+
+/**
+ * Use this (preferred) config option. This one will override the above if BOTH are used.
+ */
+# $db_my_cnf = '/etc/mysql/conf.d/my.cnf';
+
 /**
  * Database default collation.
  *