diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index de306462d79062a7fcd7ba876a9e8e624936dc06..85169e6a1d099d46389de25fd771c40dcabfc209 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -36,14 +36,6 @@ class Hooks {
 	 */
 	public static function login($params) {
 		$l = new \OC_L10N('files_encryption');
-		//check if all requirements are met
-		if(!Helper::checkRequirements() || !Helper::checkConfiguration() ) {
-			$error_msg = $l->t("Missing requirements.");
-			$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
-			\OC_App::disable('files_encryption');
-			\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
-			\OCP\Template::printErrorPage($error_msg, $hint);
-		}
 
 		$view = new \OC_FilesystemView('/');
 
@@ -54,6 +46,15 @@ class Hooks {
 
 		$util = new Util($view, $params['uid']);
 
+		//check if all requirements are met
+		if(!$util->ready() && (!Helper::checkRequirements() || !Helper::checkConfiguration())) {
+			$error_msg = $l->t("Missing requirements.");
+			$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
+			\OC_App::disable('files_encryption');
+			\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
+			\OCP\Template::printErrorPage($error_msg, $hint);
+		}
+
 		// setup user, if user not ready force relogin
 		if (Helper::setupUser($util, $params['password']) === false) {
 			return false;
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php
index e129bc9313ef3836b0ff3709e26d8428efaf35ca..c009718160ae360d47b4abce3822d9c9fea6fcde 100755
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@@ -52,14 +52,14 @@ class Crypt {
 
 		$return = false;
 
-		$res = openssl_pkey_new(array('private_key_bits' => 4096));
+		$res = Helper::getOpenSSLPkey();
 
 		if ($res === false) {
 			\OCP\Util::writeLog('Encryption library', 'couldn\'t generate users key-pair for ' . \OCP\User::getUser(), \OCP\Util::ERROR);
 			while ($msg = openssl_error_string()) {
 				\OCP\Util::writeLog('Encryption library', 'openssl_pkey_new() fails:  ' . $msg, \OCP\Util::ERROR);
 			}
-		} elseif (openssl_pkey_export($res, $privateKey)) {
+		} elseif (openssl_pkey_export($res, $privateKey, null, Helper::getOpenSSLConfig())) {
 			// Get public key
 			$keyDetails = openssl_pkey_get_details($res);
 			$publicKey = $keyDetails['key'];
@@ -70,7 +70,9 @@ class Crypt {
 			);
 		} else {
 			\OCP\Util::writeLog('Encryption library', 'couldn\'t export users private key, please check your servers openSSL configuration.' . \OCP\User::getUser(), \OCP\Util::ERROR);
-			\OCP\Util::writeLog('Encryption library', openssl_error_string(), \OCP\Util::ERROR);
+			while($errMsg = openssl_error_string()) {
+				\OCP\Util::writeLog('Encryption library', $errMsg, \OCP\Util::ERROR);
+			}
 		}
 
 		return $return;
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 0209a5d18b78a555bfd17397428aed58cded46e1..445d7ff8ca796ed911833df22685935578d2b316 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -265,7 +265,7 @@ class Helper {
 	 * @return bool true if configuration seems to be OK
 	 */
 	public static function checkConfiguration() {
-		if(openssl_pkey_new(array('private_key_bits' => 4096))) {
+		if(self::getOpenSSLPkey()) {
 			return true;
 		} else {
 			while ($msg = openssl_error_string()) {
@@ -275,6 +275,26 @@ class Helper {
 		}
 	}
 
+	/**
+	 * Create an openssl pkey with config-supplied settings
+	 * WARNING: This initializes a new private keypair, which is computationally expensive
+	 * @return resource The pkey resource created
+	 */
+	public static function getOpenSSLPkey() {
+		return openssl_pkey_new(self::getOpenSSLConfig());
+	}
+
+	/**
+	 * Return an array of OpenSSL config options, default + config
+	 * Used for multiple OpenSSL functions
+	 * @return array The combined defaults and config settings
+	 */
+	public static function getOpenSSLConfig() {
+		$config = array('private_key_bits' => 4096);
+		$config = array_merge(\OCP\Config::getSystemValue('openssl', array()), $config);
+		return $config;
+	}
+
 	/**
 	 * @brief glob uses different pattern than regular expressions, escape glob pattern only
 	 * @param unescaped path
diff --git a/config/config.sample.php b/config/config.sample.php
index 5f748438bc7ab605623ad85c70a171255a48b437..51ef60588d61297c79fa59c707b1f0543d412fe4 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -214,4 +214,9 @@ $CONFIG = array(
 'preview_libreoffice_path' => '/usr/bin/libreoffice',
 /* cl parameters for libreoffice / openoffice */
 'preview_office_cl_parameters' => '',
+
+// Extra SSL options to be used for configuration
+'openssl' => array(
+	//'config' => '/absolute/location/of/openssl.cnf',
+),
 );