diff --git a/perl-xCAT/xCAT/Client.pm b/perl-xCAT/xCAT/Client.pm
index 2fa624ba3..422e32acc 100644
--- a/perl-xCAT/xCAT/Client.pm
+++ b/perl-xCAT/xCAT/Client.pm
@@ -237,6 +237,10 @@ if (ref($request) eq 'HASH') { # the request is an array, not pure XML
      }
   }
   my $client;
+  my %sslargs;
+  if (defined($ENV{'XCATSSLVER'})) {
+    $sslargs{SSL_version} = $ENV{'XCATSSLVER'};
+  }
   if (-r $keyfile and -r $certfile and -r $cafile) {
     $client = IO::Socket::SSL->start_SSL($pclient,
     SSL_key_file => $keyfile,
@@ -245,6 +249,7 @@ if (ref($request) eq 'HASH') { # the request is an array, not pure XML
     SSL_verify_mode => SSL_VERIFY_PEER,
     SSL_use_cert => 1,
     Timeout => 0,
+    %sslargs,
    );
   } else {
     $client =  IO::Socket::SSL->start_SSL($pclient,
diff --git a/xCAT-client/xCAT-client.spec b/xCAT-client/xCAT-client.spec
index fc7ffcbb8..116e4d369 100644
--- a/xCAT-client/xCAT-client.spec
+++ b/xCAT-client/xCAT-client.spec
@@ -294,6 +294,14 @@ export XCATROOT PATH MANPATH
 export PERL_BADLANG=0
 EOF
 
+# export XCATSSLVER for sles11. Others OS can work without this setting.
+if [ -r /etc/SuSE-release ]; then
+  ver=`grep 'VERSION' /etc/SuSE-release | awk -F= '{print $2}' | sed 's/ //g'`
+  if [ "$ver" = "11" ]; then
+    echo 'export XCATSSLVER=TLSv1' >> /etc/profile.d/xcat.sh
+  fi
+fi
+
 cat << EOF > /etc/profile.d/xcat.csh
 setenv XCATROOT "$RPM_INSTALL_PREFIX0"
 setenv PATH \${XCATROOT}/bin:\${XCATROOT}/sbin:\${XCATROOT}/share/xcat/tools:\${PATH}
diff --git a/xCAT-server/sbin/xcatconfig b/xCAT-server/sbin/xcatconfig
index 4440a7753..3dcc2c344 100755
--- a/xCAT-server/sbin/xcatconfig
+++ b/xCAT-server/sbin/xcatconfig
@@ -1250,6 +1250,7 @@ sub initDB
         $chtabcmds .= "$::XCATROOT/sbin/chtab key=cleanupxcatpost site.value=no;";
         $chtabcmds .= "$::XCATROOT/sbin/chtab key=dhcplease site.value=43200;";
         $chtabcmds .= "$::XCATROOT/sbin/chtab key=auditnosyslog site.value=0;";
+        $chtabcmds .= "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1;";
         #$chtabcmds .= "$::XCATROOT/sbin/chtab key=useflowcontrol site.value=yes;"; # need to fix 4031
 
         if ($::osname eq 'AIX')
@@ -1504,6 +1505,16 @@ sub initDB
             }
         }
 
+        # add default value to site.xcatsslversion
+        $cmds = "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1;";
+        $outref = xCAT::Utils->runcmd("$cmds", 0);
+        if ($::RUNCMD_RC != 0)
+        {
+            xCAT::MsgUtils->message('E',"Could not add default value for site.xcatsslversion.");
+        }
+
+
+
    } 
    # remove xcatserver,xcatclient
    # from the postscripts. They are now called by servicenode