diff --git a/lib/net/http.rb b/lib/net/http.rb
index f64f7ba7..7b345293 100644
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@@ -660,6 +660,10 @@ class HTTPHeaderSyntaxError < StandardError; end
   #   Sets the minimum SSL version.
   # - {#peer_cert}[rdoc-ref:Net::HTTP#peer_cert]:
   #   Returns the X509 certificate chain for the session's socket peer.
+  # - {:ssl_options}[rdoc-ref:Net::HTTP#ssl_options]:
+  #   Returns the SSL options.
+  # - {:ssl_options=}[rdoc-ref:Net::HTTP#ssl_options=]:
+  #   Sets the SSL options.
   # - {:ssl_version}[rdoc-ref:Net::HTTP#ssl_version]:
   #   Returns the SSL version.
   # - {:ssl_version=}[rdoc-ref:Net::HTTP#ssl_version=]:
@@ -1190,6 +1194,7 @@ def initialize(address, port = nil) # :nodoc:
 
       @use_ssl = false
       @ssl_context = nil
+      @ssl_options = nil
       @ssl_session = nil
       @sspi_enabled = false
       SSL_IVNAMES.each do |ivname|
@@ -1556,6 +1561,10 @@ def use_ssl=(flag)
     # Sets or returns the OpenSSL::PKey::RSA or OpenSSL::PKey::DSA object.
     attr_accessor :key
 
+    # Sets or returns the SSL options.
+    # See {OpenSSL::SSL::SSLContext#options=}[OpenSSL::SSL::SSL::Context#options=].
+    attr_accessor :ssl_options
+
     # Sets or returns the SSL timeout seconds.
     attr_accessor :ssl_timeout
 
@@ -1698,6 +1707,7 @@ def connect
             end
           end
         end
+        @ssl_context.options |= @ssl_options unless @ssl_options.nil?
         @ssl_context.set_params(ssl_parameters)
         unless @ssl_context.session_cache_mode.nil? # a dummy method on JRuby
           @ssl_context.session_cache_mode =
diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb
index e860c874..f4c50fd3 100644
--- a/test/net/http/test_https.rb
+++ b/test/net/http/test_https.rb
@@ -286,6 +286,24 @@ def test_max_version
     assert_match(re_msg, ex.message)
   end
 
+  def test_ssl_options
+    ssl_options = OpenSSL::SSL::OP_NO_TLSv1 |
+                  OpenSSL::SSL::OP_NO_TLSv1_1 |
+                  OpenSSL::SSL::OP_NO_TLSv1_2 |
+                  OpenSSL::SSL::OP_NO_TLSv1_3
+    http = Net::HTTP.new(HOST, config("port"))
+    http.use_ssl = true
+    http.ssl_options = ssl_options
+    http.cert_store = TEST_STORE
+    ex = assert_raise(OpenSSL::SSL::SSLError){
+      http.request_get("/") {|res| }
+    }
+    re_msg = /\ASSL_connect returned=1 errno=0 |no protocols available/
+    assert_match(re_msg, ex.message)
+    ssl_context = http.instance_variable_get(:@ssl_context)
+    assert_equal(ssl_options, ssl_context.options & ssl_options)
+  end
+
 end if defined?(OpenSSL::SSL)
 
 class TestNetHTTPSIdentityVerifyFailure < Test::Unit::TestCase