diff --git a/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf b/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf
index db59270c0..f92ef042b 100644
--- a/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf
+++ b/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf
@@ -114,6 +114,17 @@ bridge.mqtt.aws.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
 ## Value: String
 bridge.mqtt.aws.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
 
+## SSL peer validation with verify_peer or verify_none
+## More information at: http://erlang.org/doc/man/ssl.html
+##
+## Value: true | false
+#bridge.mqtt.aws.verify = false
+
+## SSL hostname to be used in TLS Server Name Indication extension
+##
+## Value: String | disable
+#bridge.mqtt.aws.server_name_indication = disable
+
 ## Ciphers for TLS PSK.
 ## Note that 'bridge.${BridgeName}.ciphers' and 'bridge.${BridgeName}.psk_ciphers' cannot
 ## be configured at the same time.
diff --git a/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema b/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema
index 3168bfc14..12a571f45 100644
--- a/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema
+++ b/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema
@@ -75,6 +75,14 @@
   {datatype, string}
 ]}.
 
+{mapping, "bridge.mqtt.$name.verify", "emqx_bridge_mqtt.bridges", [
+  {datatype, {enum, [true, false]}}
+]}.
+
+{mapping, "bridge.mqtt.$name.server_name_indication", "emqx_bridge_mqtt.bridges", [
+  {datatype, string}
+]}.
+
 {mapping, "bridge.mqtt.$name.ciphers", "emqx_bridge_mqtt.bridges", [
   {datatype, string}
 ]}.
@@ -144,6 +152,8 @@
                (ciphers)      -> true;
                (psk_ciphers)  -> true;
                (tls_versions) -> true;
+               (verify)       -> true;
+               (server_name_indication) -> true;
                (_Opt)         -> false
             end,
 
@@ -153,6 +163,14 @@
                     [{ciphers, Split(Ciphers)}];
                (psk_ciphers, Ciphers) ->
                     [{ciphers, MapPSKCiphers(Split(Ciphers))}, {user_lookup_fun, {fun emqx_psk:lookup/3, <<>>}}];
+               (verify, true) ->
+                    [{verify, verify_peer}];
+               (verify, false) ->
+                    [{verify, verify_none}];
+               (server_name_indication, "disabled") ->
+                    [{server_name_indication, disabled}];
+               (server_name_indication, Hostname) ->
+                    [{server_name_indication, Hostname}];
                (Opt, Val) ->
                     [{Opt, Val}]
             end,