diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index de306462d79..85169e6a1d0 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -36,14 +36,6 @@ class Hooks {
 	 */
 	public static function login($params) {
 		$l = new \OC_L10N('files_encryption');
-		//check if all requirements are met
-		if(!Helper::checkRequirements() || !Helper::checkConfiguration() ) {
-			$error_msg = $l->t("Missing requirements.");
-			$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
-			\OC_App::disable('files_encryption');
-			\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
-			\OCP\Template::printErrorPage($error_msg, $hint);
-		}
 
 		$view = new \OC_FilesystemView('/');
 
@@ -54,6 +46,15 @@ class Hooks {
 
 		$util = new Util($view, $params['uid']);
 
+		//check if all requirements are met
+		if(!$util->ready() && (!Helper::checkRequirements() || !Helper::checkConfiguration())) {
+			$error_msg = $l->t("Missing requirements.");
+			$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
+			\OC_App::disable('files_encryption');
+			\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
+			\OCP\Template::printErrorPage($error_msg, $hint);
+		}
+
 		// setup user, if user not ready force relogin
 		if (Helper::setupUser($util, $params['password']) === false) {
 			return false;
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php
index e129bc9313e..c009718160a 100755
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@@ -52,14 +52,14 @@ class Crypt {
 
 		$return = false;
 
-		$res = openssl_pkey_new(array('private_key_bits' => 4096));
+		$res = Helper::getOpenSSLPkey();
 
 		if ($res === false) {
 			\OCP\Util::writeLog('Encryption library', 'couldn\'t generate users key-pair for ' . \OCP\User::getUser(), \OCP\Util::ERROR);
 			while ($msg = openssl_error_string()) {
 				\OCP\Util::writeLog('Encryption library', 'openssl_pkey_new() fails:  ' . $msg, \OCP\Util::ERROR);
 			}
-		} elseif (openssl_pkey_export($res, $privateKey)) {
+		} elseif (openssl_pkey_export($res, $privateKey, null, Helper::getOpenSSLConfig())) {
 			// Get public key
 			$keyDetails = openssl_pkey_get_details($res);
 			$publicKey = $keyDetails['key'];
@@ -70,7 +70,9 @@ class Crypt {
 			);
 		} else {
 			\OCP\Util::writeLog('Encryption library', 'couldn\'t export users private key, please check your servers openSSL configuration.' . \OCP\User::getUser(), \OCP\Util::ERROR);
-			\OCP\Util::writeLog('Encryption library', openssl_error_string(), \OCP\Util::ERROR);
+			while($errMsg = openssl_error_string()) {
+				\OCP\Util::writeLog('Encryption library', $errMsg, \OCP\Util::ERROR);
+			}
 		}
 
 		return $return;
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 0209a5d18b7..445d7ff8ca7 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -265,7 +265,7 @@ class Helper {
 	 * @return bool true if configuration seems to be OK
 	 */
 	public static function checkConfiguration() {
-		if(openssl_pkey_new(array('private_key_bits' => 4096))) {
+		if(self::getOpenSSLPkey()) {
 			return true;
 		} else {
 			while ($msg = openssl_error_string()) {
@@ -275,6 +275,26 @@ class Helper {
 		}
 	}
 
+	/**
+	 * Create an openssl pkey with config-supplied settings
+	 * WARNING: This initializes a new private keypair, which is computationally expensive
+	 * @return resource The pkey resource created
+	 */
+	public static function getOpenSSLPkey() {
+		return openssl_pkey_new(self::getOpenSSLConfig());
+	}
+
+	/**
+	 * Return an array of OpenSSL config options, default + config
+	 * Used for multiple OpenSSL functions
+	 * @return array The combined defaults and config settings
+	 */
+	public static function getOpenSSLConfig() {
+		$config = array('private_key_bits' => 4096);
+		$config = array_merge(\OCP\Config::getSystemValue('openssl', array()), $config);
+		return $config;
+	}
+
 	/**
 	 * @brief glob uses different pattern than regular expressions, escape glob pattern only
 	 * @param unescaped path
diff --git a/config/config.sample.php b/config/config.sample.php
index 5f748438bc7..51ef60588d6 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -214,4 +214,9 @@ $CONFIG = array(
 'preview_libreoffice_path' => '/usr/bin/libreoffice',
 /* cl parameters for libreoffice / openoffice */
 'preview_office_cl_parameters' => '',
+
+// Extra SSL options to be used for configuration
+'openssl' => array(
+	//'config' => '/absolute/location/of/openssl.cnf',
+),
 );