diff --git a/src/mqtt/ssl_options.h b/src/mqtt/ssl_options.h
index 422b6493..d1dd17d1 100644
--- a/src/mqtt/ssl_options.h
+++ b/src/mqtt/ssl_options.h
@@ -87,6 +87,15 @@ class ssl_options
 	/** Path to a directory containing CA certificates in PEM format */
 	string caPath_;
 
+	/** Key mode "ENG" for engine or "PEM" for pem format */
+	string keyType_;
+
+	/** ssl engine id */
+	string engineId_;
+
+    /** engine config file inorder to load engine*/
+    string engineConfFile_;
+
 	/**
 	 * The list of cipher suites that the client will present to the
 	 * server during the SSL handshake.
@@ -146,11 +155,15 @@ class ssl_options
 	 * will present to the server during the SSL handshake.
 	 * @param enableServerCertAuth True/False option to enable verification of
 	 * the server certificate
+	 * @param keyType privateKey mode ,choose "ENG" for engine, "PEM" for pem.
+     * @param engineId The SSL engine ID.
+     * @param engineConfFile  engine config file for load engine.
 	 * @param alpnProtos The ALPN protocols to try.
 	 */
 	ssl_options(const string& trustStore, const string& keyStore,
 				const string& privateKey, const string& privateKeyPassword,
 				const string& enabledCipherSuites, bool enableServerCertAuth,
+				const string& keyType, const string& engineId, const string& engineConfFile,
 				const std::vector<string> alpnProtos=std::vector<string>());
 	/**
 	 * Argument constructor.
@@ -168,12 +181,16 @@ class ssl_options
 	 *  						  handshake.
 	 * @param enableServerCertAuth True/False option to enable verification
 	 *  						   of the server certificate
+	 * @param keyType privateKey mode ,choose "ENG" for engine, "PEM" for pem.
+     * @param engineId The SSL engine ID.
+     * @param engineConfFile  engine config file for load engine.
 	 * @param alpnProtos The ALPN protocols to try.
 	 */
 	ssl_options(const string& trustStore, const string& keyStore,
 				const string& privateKey, const string& privateKeyPassword,
 				const string& caPath,
 				const string& enabledCipherSuites, bool enableServerCertAuth,
+				const string& keyType, const string& engineId, const string& engineConfFile,
 				const std::vector<string> alpnProtos=std::vector<string>());
 	/**
 	 * Copy constructor.
@@ -257,6 +274,21 @@ class ssl_options
 	 *  				 file in PEM format containing the client's private
 	 *  				 key.
 	 */
+    void set_key_mode(const string& keyType);
+	/**
+	 * Sets the key mode for client's private key.
+	 * @param keyType choose "ENG" for engine, "PEM" for pem.
+	 */
+    void set_engine_id(const string& engineId);
+	/**
+	 * Sets the engine ID for SSL.
+	 * @param engineId engineId for SSL.
+	 */
+    void set_engine_conf(const string& engineConfFile);
+	/**
+	 * Sets the engine config file for SSL.
+	 * @param engineConfFile engine config file for SSL.
+	 */
 	void set_private_key(const string& privateKey);
 	/**
 	 * Sets the password to load the client's privateKey if encrypted.
diff --git a/src/ssl_options.cpp b/src/ssl_options.cpp
index 8e265673..afbc2d54 100644
--- a/src/ssl_options.cpp
+++ b/src/ssl_options.cpp
@@ -33,13 +33,16 @@ ssl_options::ssl_options() : opts_(DFLT_C_STRUCT)
 ssl_options::ssl_options(const string& trustStore, const string& keyStore,
 						 const string& privateKey, const string& privateKeyPassword,
 						 const string& enabledCipherSuites, bool enableServerCertAuth,
+						 const string& keyType, const string& engineId, const string& engineConfFile,
 						 const std::vector<string> alpnProtos /*=std::vector<string>()*/)
 			: opts_(DFLT_C_STRUCT),
                 trustStore_(trustStore),
                 keyStore_(keyStore),
 				privateKey_(privateKey),
 				privateKeyPassword_(privateKeyPassword),
-				enabledCipherSuites_(enabledCipherSuites)
+				enabledCipherSuites_(enabledCipherSuites),
+				keyType_(keyType), engineId_(engineId),
+                engineConfFile_(engineConfFile)
 {
 	set_alpn_protos(alpnProtos);
 	update_c_struct();
@@ -50,6 +53,7 @@ ssl_options::ssl_options(const string& trustStore, const string& keyStore,
 						 const string& privateKey, const string& privateKeyPassword,
 						 const string& caPath,
 						 const string& enabledCipherSuites, bool enableServerCertAuth,
+                         const string& keyType, const string& engineId, const string& engineConfFile,
 						 const std::vector<string> alpnProtos /*=std::vector<string>()*/)
 			: opts_(DFLT_C_STRUCT),
                 trustStore_(trustStore),
@@ -57,7 +61,9 @@ ssl_options::ssl_options(const string& trustStore, const string& keyStore,
 				privateKey_(privateKey),
 				privateKeyPassword_(privateKeyPassword),
 				caPath_(caPath),
-				enabledCipherSuites_(enabledCipherSuites)
+				enabledCipherSuites_(enabledCipherSuites),
+				keyType_(keyType), engineId_(engineId),
+                engineConfFile_(engineConfFile)
 {
 	set_alpn_protos(alpnProtos);
 	update_c_struct();
@@ -72,6 +78,8 @@ ssl_options::ssl_options(const ssl_options& other)
 			privateKeyPassword_(other.privateKeyPassword_),
 			caPath_(other.caPath_),
 			enabledCipherSuites_(other.enabledCipherSuites_),
+			keyType_(other.keyType_), engineId_(other.engineId_),
+            engineConfFile_(other.engineConfFile_),
 			errHandler_(other.errHandler_),
 			pskHandler_(other.pskHandler_),
 			protos_(other.protos_)
@@ -87,6 +95,8 @@ ssl_options::ssl_options(ssl_options&& other)
 			privateKeyPassword_(std::move(other.privateKeyPassword_)),
 			caPath_(std::move(other.caPath_)),
 			enabledCipherSuites_(std::move(other.enabledCipherSuites_)),
+			keyType_(std::move(other.keyType_)), engineId_(std::move(other.engineId_)),
+            engineConfFile_(std::move(other.engineConfFile_)),
 			errHandler_(std::move(other.errHandler_)),
 			pskHandler_(std::move(other.pskHandler_)),
 			protos_(std::move(other.protos_))
@@ -102,7 +112,9 @@ void ssl_options::update_c_struct()
 	opts_.privateKeyPassword = c_str(privateKeyPassword_);
 	opts_.CApath = c_str(caPath_);
 	opts_.enabledCipherSuites = c_str(enabledCipherSuites_);
-
+    opts_.keyType = c_str(keyType_);
+    opts_.engineId = c_str(engineId_);
+    opts_.engineConfFile = c_str(engineConfFile_);
 	if (errHandler_) {
 		opts_.ssl_error_cb = &ssl_options::on_error;
 		opts_.ssl_error_context = this;
@@ -196,6 +208,9 @@ ssl_options& ssl_options::operator=(const ssl_options& rhs)
 	pskHandler_ = rhs.pskHandler_;
 
 	protos_ = rhs.protos_;
+    keyType_ = rhs.keyType_;
+    engineId_ = rhs.engineId_;
+    engineConfFile_ = rhs.engineConfFile_;
 
 	update_c_struct();
 	return *this;
@@ -219,6 +234,9 @@ ssl_options& ssl_options::operator=(ssl_options&& rhs)
 	pskHandler_ = std::move(rhs.pskHandler_);
 
 	protos_ = std::move(rhs.protos_);
+    keyType_ = std::move(rhs.keyType_);
+    engineId_ = std::move(rhs.engineId_);
+    engineConfFile_ = std::move(rhs.engineConfFile_);
 
 	update_c_struct();
 	return *this;
@@ -238,6 +256,24 @@ void ssl_options::set_key_store(const string& keyStore)
 	opts_.keyStore = c_str(keyStore_);
 }
 
+void ssl_options::set_key_mode(const string& keyType)
+{
+	keyType_ = keyType;
+	opts_.keyType = c_str(keyType_);
+}
+
+void ssl_options::set_engine_id(const string& engineId)
+{
+	engineId_ = engineId;
+	opts_.engineId = c_str(engineId_);
+}
+
+void ssl_options::set_engine_conf(const string& engineConfFile)
+{
+	engineConfFile_ = engineConfFile;
+	opts_.engineConfFile = c_str(engineConfFile_);
+}
+
 void ssl_options::set_private_key(const string& privateKey)
 {
 	privateKey_ = privateKey;