diff --git a/authd/providers/opm.c b/authd/providers/opm.c
index 832872d6..84784de8 100644
--- a/authd/providers/opm.c
+++ b/authd/providers/opm.c
@@ -33,6 +33,7 @@ typedef enum protocol_t
 	PROTO_SOCKS4,
 	PROTO_SOCKS5,
 	PROTO_HTTP_CONNECT,
+	PROTO_HTTPS_CONNECT,
 } protocol_t;
 
 struct opm_lookup
@@ -45,6 +46,7 @@ struct opm_proxy
 	char note[16];
 	protocol_t proto;
 	uint16_t port;
+	bool ssl;
 
 	rb_dlink_node node;
 };
@@ -97,6 +99,8 @@ get_protocol_from_string(const char *str)
 		return PROTO_SOCKS5;
 	else if(strcasecmp(str, "httpconnect") == 0)
 		return PROTO_HTTP_CONNECT;
+	else if(strcasecmp(str, "httpsconnect") == 0)
+		return PROTO_HTTPS_CONNECT;
 	else
 		return PROTO_NONE;
 }
@@ -426,6 +430,7 @@ establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
 	{
 	case PROTO_SOCKS4:
 #ifdef RB_IPV6
+		/* SOCKS4 is IPv4 only */
 		if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6)
 		{
 			rb_free(scan);
@@ -438,6 +443,7 @@ establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
 		callback = socks5_connected;
 		break;
 	case PROTO_HTTP_CONNECT:
+	case PROTO_HTTPS_CONNECT:
 		callback = http_connect_connected;
 	default:
 		return;
@@ -469,11 +475,19 @@ establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
 	SET_SS_PORT(&c_a, htons(proxy->port));
 
 	rb_dlinkAdd(scan, &scan->node, &lookup->scans);
-	rb_connect_tcp(scan->F,
-			(struct sockaddr *)&c_a,
-			(struct sockaddr *)&l_a,
-			GET_SS_LEN(&l_a),
-			callback, scan, opm_timeout);
+
+	if(!proxy->ssl)
+		rb_connect_tcp(scan->F,
+				(struct sockaddr *)&c_a,
+				(struct sockaddr *)&l_a,
+				GET_SS_LEN(&l_a),
+				callback, scan, opm_timeout);
+	else
+		rb_connect_tcp_ssl(scan->F,
+				(struct sockaddr *)&c_a,
+				(struct sockaddr *)&l_a,
+				GET_SS_LEN(&l_a),
+				callback, scan, opm_timeout);
 }
 
 static bool
@@ -754,12 +768,19 @@ create_opm_scanner(const char *key __unused, int parc __unused, const char **par
 	{
 	case PROTO_SOCKS4:
 		snprintf(proxy->note, sizeof(proxy->note), "socks4:%hu", proxy->port);
+		proxy->ssl = false;
 		break;
 	case PROTO_SOCKS5:
 		snprintf(proxy->note, sizeof(proxy->note), "socks5:%hu", proxy->port);
+		proxy->ssl = false;
 		break;
 	case PROTO_HTTP_CONNECT:
 		snprintf(proxy->note, sizeof(proxy->note), "httpconnect:%hu", proxy->port);
+		proxy->ssl = false;
+		break;
+	case PROTO_HTTPS_CONNECT:
+		snprintf(proxy->note, sizeof(proxy->note), "httpsconnect:%hu", proxy->port);
+		proxy->ssl = true;
 		break;
 	default:
 		warn_opers(L_CRIT, "OPM: got an unknown proxy type: %s (port %hu)", parv[0], proxy->port);
diff --git a/doc/ircd.conf.example b/doc/ircd.conf.example
index 63b6fc65..f54ff128 100644
--- a/doc/ircd.conf.example
+++ b/doc/ircd.conf.example
@@ -489,6 +489,12 @@ opm {
 	 * below.
 	 */
 	httpconnect_ports = 80, 8080, 8000;
+
+	/* These are the ports to scan for HTTPS CONNECT proxies on (SSL).
+	 * They may overlap with other scan types. Sensible defaults are given
+	 * below.
+	 */
+	httpsconnect_ports = 443, 4443;
 };
 
 alias "NickServ" {
diff --git a/doc/reference.conf b/doc/reference.conf
index 71436667..4a451229 100644
--- a/doc/reference.conf
+++ b/doc/reference.conf
@@ -960,11 +960,17 @@ opm {
 	 */
 	socks5_ports = 80, 443, 1080, 8000, 8080, 10800;
 
-	/* These are the ports to scan for HTTP connect proxies on (plaintext).
+	/* These are the ports to scan for HTTP CONNECT proxies on (plaintext).
 	 * They may overlap with other scan types. Sensible defaults are given
 	 * below.
 	 */
 	httpconnect_ports = 80, 8080, 8000;
+
+	/* These are the ports to scan for HTTPS CONNECT proxies on (SSL).
+	 * They may overlap with other scan types. Sensible defaults are given
+	 * below.
+	 */
+	httpsconnect_ports = 443, 4443;
 };
 
 /*
diff --git a/ircd/newconf.c b/ircd/newconf.c
index d605bfdd..0fd55094 100644
--- a/ircd/newconf.c
+++ b/ircd/newconf.c
@@ -2314,6 +2314,12 @@ conf_set_opm_scan_ports_httpconnect(void *data)
 	conf_set_opm_scan_ports_all(data, "opm::httpconnect_ports", "httpconnect");
 }
 
+static void
+conf_set_opm_scan_ports_httpsconnect(void *data)
+{
+	conf_set_opm_scan_ports_all(data, "opm::httpsconnect_ports", "httpsconnect");
+}
+
 /* public functions */
 
 
@@ -2854,4 +2860,5 @@ newconf_init()
 	add_conf_item("opm", "socks4_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks4);
 	add_conf_item("opm", "socks5_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks5);
 	add_conf_item("opm", "httpconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpconnect);
+	add_conf_item("opm", "httpsconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpsconnect);
 }