diff --git a/core/od_be.c b/core/od_be.c
index 95928565..63456979 100644
--- a/core/od_be.c
+++ b/core/od_be.c
@@ -61,6 +61,10 @@ int od_beclose(od_server_t *server)
 		machine_close(server->io);
 		server->io = NULL;
 	}
+	if (server->tls) {
+		machine_free_tls(server->tls);
+		server->tls = NULL;
+	}
 	server->is_transaction = 0;
 	server->idle_time = 0;
 	so_keyinit(&server->key);
@@ -277,9 +281,51 @@ od_bepop(od_pooler_t *pooler, od_route_t *route, od_client_t *client)
 		od_serverfree(server);
 		return NULL;
 	}
+
+	/* set network options */
 	machine_set_nodelay(server->io, pooler->od->scheme.nodelay);
 	if (pooler->od->scheme.keepalive > 0)
 		machine_set_keepalive(server->io, 1, pooler->od->scheme.keepalive);
+
+	/* set tls options */
+	od_schemeserver_t *server_scheme;
+	server_scheme = route->scheme->server;
+	if (server_scheme->tls_verify != OD_TDISABLE) {
+		server->tls = machine_create_tls(pooler->env);
+		if (server->tls == NULL) {
+			od_serverfree(server);
+			return NULL;
+		}
+		if (server_scheme->tls_verify == OD_TALLOW)
+			machine_tls_set_verify(server->tls, "none");
+		else
+		if (server_scheme->tls_verify == OD_TREQUIRE)
+			machine_tls_set_verify(server->tls, "peer");
+		else
+			machine_tls_set_verify(server->tls, "peer_strict");
+		if (server_scheme->tls_ca_file) {
+			rc = machine_tls_set_ca_file(server->tls, server_scheme->tls_ca_file);
+			if (rc == -1) {
+				od_serverfree(server);
+				return NULL;
+			}
+		}
+		if (server_scheme->tls_cert_file) {
+			rc = machine_tls_set_cert_file(server->tls, server_scheme->tls_cert_file);
+			if (rc == -1) {
+				od_serverfree(server);
+				return NULL;
+			}
+		}
+		if (server_scheme->tls_key_file) {
+			rc = machine_tls_set_key_file(server->tls, server_scheme->tls_key_file);
+			if (rc == -1) {
+				od_serverfree(server);
+				return NULL;
+			}
+		}
+	}
+
 	server->pooler = pooler;
 	server->route = route;
 	rc = od_beconnect(pooler, server);
diff --git a/core/od_server.h b/core/od_server.h
index a9d8adf0..e8b8f6cc 100644
--- a/core/od_server.h
+++ b/core/od_server.h
@@ -23,6 +23,7 @@ struct od_server_t {
 	od_serverstate_t  state;
 	so_stream_t       stream;
 	machine_io_t      io;
+	machine_tls_t     tls;
 	int               is_transaction;
 	int               is_copy;
 	int64_t           count_request;
@@ -46,6 +47,7 @@ od_serverinit(od_server_t *s)
 	s->state          = OD_SUNDEF;
 	s->route          = NULL;
 	s->io             = NULL;
+	s->tls            = NULL;
 	s->pooler         = NULL;
 	s->idle_time      = 0;
 	s->is_transaction = 0;