diff --git a/ftpCommandElaborate.c b/ftpCommandElaborate.c
index 30f2523..3150cd3 100755
--- a/ftpCommandElaborate.c
+++ b/ftpCommandElaborate.c
@@ -46,31 +46,33 @@
 #include "ftpCommandsElaborate.h"
 
 /* Elaborate the User login command */
-int parseCommandUser(ftpDataType *data, int socketId)
+int parseCommandUser(ftpDataType * data, int socketId)
 {
     int returnCode;
     char *theUserName;
     theUserName = getFtpCommandArg("USER", data->clients[socketId].theCommandReceived, 0);
 
-    if (strlen(theUserName) >= 1)
-    {
-        setDynamicStringDataType(&data->clients[socketId].login.name, theUserName, strlen(theUserName), &data->clients[socketId].memoryTable);
-        returnCode = socketPrintf(data, socketId, "s", "331 User ok, Waiting for the password.\r\n");
+	if (data->ftpParameters.forceTLS == 1 && data->clients[socketId].tlsIsEnabled == 0)
+	{
+		returnCode = socketPrintf(data, socketId, "s", "534 Policy Requires SSL.\r\n");
+	}
+	else
+	{
+		if (strlen(theUserName) >= 1)
+		{
+			setDynamicStringDataType(&data->clients[socketId].login.name, theUserName, strlen(theUserName), &data->clients[socketId].memoryTable);
+			returnCode = socketPrintf(data, socketId, "s", "331 User ok, Waiting for the password.\r\n");
+		}
+		else
+		{
+			returnCode = socketPrintf(data, socketId, "s", "430 Invalid username.\r\n");
+		}
+	}
 
-        if (returnCode <= 0)
-            return FTP_COMMAND_PROCESSED_WRITE_ERROR;
+	if (returnCode <= 0)
+		return FTP_COMMAND_PROCESSED_WRITE_ERROR;
 
-        return FTP_COMMAND_PROCESSED;
-    }
-    else
-    {
-        returnCode = socketPrintf(data, socketId, "s", "430 Invalid username.\r\n");
-
-        if (returnCode <= 0)
-            return FTP_COMMAND_PROCESSED_WRITE_ERROR;
-
-        return FTP_COMMAND_PROCESSED;
-    }
+	return FTP_COMMAND_PROCESSED;
 }
 
 /* Elaborate the User login command */
diff --git a/ftpData.h b/ftpData.h
index 6f45d1d..cb0b1d0 100755
--- a/ftpData.h
+++ b/ftpData.h
@@ -92,6 +92,7 @@ struct ftpParameters
     char certificatePath[MAXIMUM_INODE_NAME];
     char privateCertificatePath[MAXIMUM_INODE_NAME];
     int pamAuthEnabled;
+    int forceTLS;
 
     /* If specified, use a port range for pasv connections */
     int connectionPortMin;
diff --git a/library/configRead.c b/library/configRead.c
index 62ad370..c300f76 100755
--- a/library/configRead.c
+++ b/library/configRead.c
@@ -493,6 +493,20 @@ static int parseConfigurationFile(ftpParameters_DataType *ftpParameters, DYNV_Ve
        // printf("\nENABLE_PAM_AUTH parameter not found in the configuration file, using the default value: %d", ftpParameters->pamAuthEnabled);
     }
 
+
+    ftpParameters->forceTLS = 0;
+    searchIndex = searchParameter("FORCE_TLS", parametersVector);
+    if (searchIndex != -1)
+    {
+        if(compareStringCaseInsensitive(((parameter_DataType *) parametersVector->Data[searchIndex])->value, "true", strlen("true")) == 1)
+            ftpParameters->forceTLS = 1;
+    }
+    else
+    {
+        // printf("\FORCE_TLS parameter not found in the configuration file, using the default value: %d", ftpParameters->forceTLS);
+    }
+
+
     ftpParameters->maximumIdleInactivity = 3600;
     searchIndex = searchParameter("IDLE_MAX_TIMEOUT", parametersVector);
     if (searchIndex != -1)
diff --git a/uftpd.cfg b/uftpd.cfg
index b9c0413..5c357cd 100755
--- a/uftpd.cfg
+++ b/uftpd.cfg
@@ -38,6 +38,10 @@ PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem
 #and /etc/shadow
 ENABLE_PAM_AUTH = false
 
+# Force usage of the TLS
+# If enabled, only TLS connections will be allowed
+FORCE_TLS = false
+
 #
 # Random port for passive FTP connections range
 #