diff --git a/lib/connection-parameters.js b/lib/connection-parameters.js
index d6c1a234..f21da1fc 100644
--- a/lib/connection-parameters.js
+++ b/lib/connection-parameters.js
@@ -35,6 +35,19 @@ var parse = function(str) {
   return config;
 };
 
+var useSsl = function() {
+  switch(process.env.PGSSLMODE) {
+  case "disable":
+    return false;
+  case "prefer":
+  case "require":
+  case  "verify-ca":
+  case "verify-full":
+    return true;
+  }
+  return defaults.ssl;
+};
+
 var ConnectionParameters = function(config) {
   config = typeof config == 'string' ? parse(config) : (config || {});
   this.user = val('user', config);
@@ -43,7 +56,7 @@ var ConnectionParameters = function(config) {
   this.host = val('host', config);
   this.password = val('password', config);
   this.binary = val('binary', config);
-  this.ssl = config.ssl || defaults.ssl;
+  this.ssl = config.ssl || useSsl();
   this.client_encoding = val("client_encoding", config);
   //a domain socket begins with '/'
   this.isDomainSocket = (!(this.host||'').indexOf('/'));
diff --git a/lib/defaults.js b/lib/defaults.js
index e49006ff..bb23dbac 100644
--- a/lib/defaults.js
+++ b/lib/defaults.js
@@ -36,7 +36,9 @@ var defaults = module.exports = {
   //pool log function / boolean
   poolLog: false,
 
-  client_encoding: ""
+  client_encoding: "",
+
+  ssl: false
 };
 
 //parse int8 so you can get your count values as actual numbers
diff --git a/test/unit/connection-parameters/creation-tests.js b/test/unit/connection-parameters/creation-tests.js
index f0d5228d..43420284 100644
--- a/test/unit/connection-parameters/creation-tests.js
+++ b/test/unit/connection-parameters/creation-tests.js
@@ -151,11 +151,14 @@ test('libpq connection string building', function() {
   });
 
   test('password contains weird characters', function() {
+    var defaults = require('../../../lib/defaults');
+    defaults.ssl = true;
     var strang = 'postgres://my first name:is&%awesome!@localhost:9000';
     var subject = new ConnectionParameters(strang);
     assert.equal(subject.user, 'my first name');
     assert.equal(subject.password, 'is&%awesome!');
     assert.equal(subject.host, 'localhost');
+    assert.equal(subject.ssl, true);
   });
 
 });
diff --git a/test/unit/connection-parameters/environment-variable-tests.js b/test/unit/connection-parameters/environment-variable-tests.js
index a5fa5d68..5481915f 100644
--- a/test/unit/connection-parameters/environment-variable-tests.js
+++ b/test/unit/connection-parameters/environment-variable-tests.js
@@ -76,6 +76,38 @@ test('connection string parsing - ssl', function(t) {
   assert.equal(!!subject.ssl, false, 'ssl');
 });
 
+//clear process.env
+for(var key in process.env) {
+  delete process.env[key];
+}
+
+
+test('ssl is false by default', function() {
+  var subject = new ConnectionParameters()
+  assert.equal(subject.ssl, false)
+})
+
+var testVal = function(mode, expected) {
+  //clear process.env
+  for(var key in process.env) {
+    delete process.env[key];
+  }
+  process.env.PGSSLMODE = mode;
+  test('ssl is ' + expected + ' when $PGSSLMODE=' + mode, function() {
+    var subject = new ConnectionParameters();
+    assert.equal(subject.ssl, expected);
+  });
+};
+
+testVal('', false);
+testVal('disable', false);
+testVal('allow', false);
+testVal('prefer', true);
+testVal('require', true);
+testVal('verify-ca', true);
+testVal('verify-full', true);
+
+
 //restore process.env
 for(var key in realEnv) {
   process.env[key] = realEnv[key];