diff --git a/examples/asio-cl.cc b/examples/asio-cl.cc
index e130a55a..7fa7ce44 100644
--- a/examples/asio-cl.cc
+++ b/examples/asio-cl.cc
@@ -64,6 +64,8 @@ int main(int argc, char *argv[]) {
     boost::asio::io_service io_service;
 
     boost::asio::ssl::context tls_ctx(boost::asio::ssl::context::sslv23);
+    tls_ctx.set_default_verify_paths();
+    tls_ctx.set_verify_mode(boost::asio::ssl::verify_peer);
     configure_tls_context(tls_ctx);
 
     session sess(io_service, tls_ctx, "localhost", "3000");
diff --git a/src/asio_client_session_tls_impl.cc b/src/asio_client_session_tls_impl.cc
index c8f3b9ca..3a5182f1 100644
--- a/src/asio_client_session_tls_impl.cc
+++ b/src/asio_client_session_tls_impl.cc
@@ -33,6 +33,11 @@ session_tls_impl::session_tls_impl(boost::asio::io_service &io_service,
                                    const std::string &host,
                                    const std::string &service)
     : session_impl(io_service), socket_(io_service, tls_ctx) {
+  // this callback setting is no effect is
+  // ssl::context::set_verify_mode(boost::asio::ssl::verify_peer) is
+  // not used, which is what we want.
+  socket_.set_verify_callback(boost::asio::ssl::rfc2818_verification(host));
+
   start_resolve(host, service);
 }
 
diff --git a/src/asio_client_tls_context.cc b/src/asio_client_tls_context.cc
index 95e3c063..7eaef8d4 100644
--- a/src/asio_client_tls_context.cc
+++ b/src/asio_client_tls_context.cc
@@ -50,15 +50,6 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out,
 void configure_tls_context(boost::asio::ssl::context &tls_ctx) {
   auto ctx = tls_ctx.native_handle();
 
-  SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
-                               SSL_OP_NO_COMPRESSION |
-                               SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
-
-  SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
-  SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
-
-  SSL_CTX_set_cipher_list(ctx, ssl::DEFAULT_CIPHER_LIST);
-
   SSL_CTX_set_next_proto_select_cb(ctx, client_select_next_proto_cb, nullptr);
 }
 
diff --git a/src/includes/nghttp2/asio_http2.h b/src/includes/nghttp2/asio_http2.h
index ac08aa65..5f029145 100644
--- a/src/includes/nghttp2/asio_http2.h
+++ b/src/includes/nghttp2/asio_http2.h
@@ -372,6 +372,8 @@ private:
   std::unique_ptr<session_impl> impl_;
 };
 
+// configure |tls_ctx| for client use.  Currently, we just set NPN
+// callback for HTTP/2.
 void configure_tls_context(boost::asio::ssl::context &tls_ctx);
 
 } // namespace client