diff --git a/README.md b/README.md
index 42c3c78e..59bca979 100644
--- a/README.md
+++ b/README.md
@@ -955,6 +955,8 @@ Below is the complete list of available options that can be used to customize yo
 | `LDAP_UID` | LDAP UID. Defaults to `sAMAccountName` |
 | `LDAP_METHOD` | LDAP method, Possible values are `simple_tls`, `start_tls` and `plain`. Defaults to `plain` |
 | `LDAP_VERIFY_SSL` | LDAP verify ssl certificate for installations that are using `LDAP_METHOD: 'simple_tls'` or `LDAP_METHOD: 'start_tls'`. Defaults to `true` |
+| `LDAP_CA_FILE` | Specifies the path to a file containing a PEM-format CA certificate. Defaults to `` |
+| `LDAP_SSL_VERSION` | Specifies the SSL version for OpenSSL to use, if the OpenSSL default is not appropriate. Example: 'TLSv1_1'. Defaults to `` |
 | `LDAP_BIND_DN` | No default. |
 | `LDAP_PASS` | LDAP password |
 | `LDAP_TIMEOUT` | Timeout, in seconds, for LDAP queries. Defaults to `10`. |
diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml
index b2415c83..246b9e3f 100644
--- a/assets/runtime/config/gitlabhq/gitlab.yml
+++ b/assets/runtime/config/gitlabhq/gitlab.yml
@@ -268,6 +268,8 @@ production: &base
 
         encryption: '{{LDAP_METHOD}}' # "start_tls" or "simple_tls" or "plain"
         verify_certificates: {{LDAP_VERIFY_SSL}}
+        ca_file: '{{LDAP_CA_FILE}}'
+        ssl_version: '{{LDAP_SSL_VERSION}}'
 
         bind_dn: '{{LDAP_BIND_DN}}'
         password: '{{LDAP_PASS}}'
diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults
index 09571ee9..257a2e6e 100644
--- a/assets/runtime/env-defaults
+++ b/assets/runtime/env-defaults
@@ -246,6 +246,8 @@ LDAP_PORT=${LDAP_PORT:-389}
 LDAP_UID=${LDAP_UID:-sAMAccountName}
 LDAP_METHOD=${LDAP_METHOD:-plain}
 LDAP_VERIFY_SSL=${LDAP_VERIFY_SSL:-true}
+LDAP_CA_FILE=${LDAP_CA_FILE:-}
+LDAP_SSL_VERSION=${LDAP_SSL_VERSION:-}
 LDAP_BIND_DN=${LDAP_BIND_DN:-}
 LDAP_PASS=${LDAP_PASS:-}
 LDAP_TIMEOUT=${LDAP_TIMEOUT:-10}
diff --git a/assets/runtime/functions b/assets/runtime/functions
index 554c5fa7..21490e85 100644
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@@ -445,6 +445,8 @@ gitlab_configure_ldap() {
     LDAP_UID \
     LDAP_METHOD \
     LDAP_VERIFY_SSL \
+    LDAP_CA_FILE \
+    LDAP_SSL_VERSION \
     LDAP_BIND_DN \
     LDAP_PASS \
     LDAP_TIMEOUT \