diff -r 71e2eed8ea3e -r f61e33ad53eb include/mod_gnutls.h.in
--- a/include/mod_gnutls.h.in	Sun Aug 12 13:22:23 2012 +0200
+++ b/include/mod_gnutls.h.in	Sun Aug 12 14:18:33 2012 +0200
@@ -72,6 +72,7 @@
 typedef struct
 {
     int client_verify_mode;
+    int RequireSSL;
     const char* lua_bytecode;
     apr_size_t lua_bytecode_len;
 } mgs_dirconf_rec;
@@ -200,8 +201,10 @@
 
 int mgs_rehandshake(mgs_handle_t * ctxt);
 
-
-
+const char *mgs_set_requiressl(cmd_parms * parms,
+        void *dummy,
+        const char *arg);
+        
 /**
  * Init the Cache after Configuration is done
  */
diff -r 71e2eed8ea3e -r f61e33ad53eb src/gnutls_config.c
--- a/src/gnutls_config.c	Sun Aug 12 13:22:23 2012 +0200
+++ b/src/gnutls_config.c	Sun Aug 12 14:18:33 2012 +0200
@@ -92,6 +92,24 @@
     return NULL;
 }
 
+const char *mgs_set_requiressl(cmd_parms * parms,
+        void *dummy,
+        const char *arg) {
+    
+    mgs_dirconf_rec *dc = (mgs_dirconf_rec *) dummy;
+   
+    if (strcasecmp(arg, "On") == 0) {
+        dc->RequireSSL = GNUTLS_ENABLED_TRUE;
+    } else if (strcasecmp(arg, "Off") == 0) {
+        dc->RequireSSL = GNUTLS_ENABLED_FALSE;
+    } else {
+        return
+        "GnuTLSRequireSSL must be set to 'On' or 'Off'";
+    }
+
+    return NULL;
+}
+
 const char *mgs_set_rsa_export_file(cmd_parms * parms, void *dummy,
 				    const char *arg)
 {
@@ -628,6 +646,7 @@
 				       add->lua_bytecode_len);
     new->lua_bytecode_len = add->lua_bytecode_len;
     new->client_verify_mode = add->client_verify_mode;
+    new->RequireSSL = add->RequireSSL;
     return new;
 }
 
@@ -636,6 +655,7 @@
     mgs_dirconf_rec *dc = apr_palloc(p, sizeof(*dc));
 
     dc->client_verify_mode = -1;
+    dc->RequireSSL = 0;
     dc->lua_bytecode = NULL;
     dc->lua_bytecode_len = 0;
     return dc;
diff -r 71e2eed8ea3e -r f61e33ad53eb src/gnutls_hooks.c
--- a/src/gnutls_hooks.c	Sun Aug 12 13:22:23 2012 +0200
+++ b/src/gnutls_hooks.c	Sun Aug 12 14:18:33 2012 +0200
@@ -827,12 +827,26 @@
     int rv;
     mgs_handle_t *ctxt;
     mgs_dirconf_rec *dc;
+    mgs_srvconf_rec *sc;
     
     if (r == NULL)
         return DECLINED;
     
     dc = ap_get_module_config(r->per_dir_config,
 					       &gnutls_module);
+    sc =
+	(mgs_srvconf_rec *) ap_get_module_config(r->server->module_config,
+						 &gnutls_module);
+    
+    if(!dc || !sc) {
+    	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 
+    	    "SC or DC not found");
+    	return DECLINED;
+    }
+        
+    if(dc->RequireSSL == GNUTLS_ENABLED_TRUE && 
+       sc->enabled != GNUTLS_ENABLED_TRUE)
+           return HTTP_FORBIDDEN;
 
     _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
     ctxt =
diff -r 71e2eed8ea3e -r f61e33ad53eb src/mod_gnutls.c
--- a/src/mod_gnutls.c	Sun Aug 12 13:22:23 2012 +0200
+++ b/src/mod_gnutls.c	Sun Aug 12 14:18:33 2012 +0200
@@ -103,6 +103,10 @@
                   NULL,
                   RSRC_CONF,
                   "SSL Server PGP Private key file"),
+    AP_INIT_TAKE1("GnuTLSRequireSSL", mgs_set_requiressl,
+                  NULL,
+                  RSRC_CONF | OR_AUTHCFG,
+                  "SSL Server Require Encryption"), 
 #ifdef ENABLE_SRP
     AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file,
                   NULL,