diff --git a/lib/omniauth-ldap/adaptor.rb b/lib/omniauth-ldap/adaptor.rb
index 415023c..fd1a333 100644
--- a/lib/omniauth-ldap/adaptor.rb
+++ b/lib/omniauth-ldap/adaptor.rb
@@ -49,7 +49,6 @@ def initialize(configuration={})
         config = {
           :host => @host,
           :port => @port,
-          :encryption => method,
           :base => @base
         }
         @bind_method = @try_sasl ? :sasl : (@allow_anonymous||!@bind_dn||!@password ? :anonymous : :simple)
@@ -62,6 +61,7 @@ def initialize(configuration={})
                   }
         config[:auth] = @auth
         @connection = Net::LDAP.new(config)
+        @connection.encryption(method)
       end
 
       #:base => "dc=yourcompany, dc=com",
diff --git a/spec/omniauth-ldap/adaptor_spec.rb b/spec/omniauth-ldap/adaptor_spec.rb
index e6a304f..37ec663 100644
--- a/spec/omniauth-ldap/adaptor_spec.rb
+++ b/spec/omniauth-ldap/adaptor_spec.rb
@@ -52,6 +52,11 @@
       adaptor.connection.instance_variable_get('@auth')[:initial_credential].should =~ /^NTLMSSP/
       adaptor.connection.instance_variable_get('@auth')[:challenge_response].should_not be_nil
     end
+
+    it 'should set the encryption method correctly' do
+      adaptor = OmniAuth::LDAP::Adaptor.new({host: "192.168.1.145", method: 'tls', base: 'dc=intridea, dc=com', port: 389, uid: 'sAMAccountName'})
+      adaptor.connection.instance_variable_get('@encryption').should include method: :start_tls
+    end
   end
 
   describe 'bind_as' do