diff --git a/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java b/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java
index 0568de4497..b79001b426 100644
--- a/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java
+++ b/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java
@@ -95,6 +95,7 @@ public class FragmentOptionsConnection extends FragmentBase implements SharedPre
     private SwitchCompat swStandaloneVpn;
     private SwitchCompat swTcpKeepAlive;
     private TextView tvTcpKeepAliveHint;
+    private SwitchCompat swSslUpdate;
     private SwitchCompat swSslHarden;
     private SwitchCompat swSslHardenStrict;
     private SwitchCompat swCertStrict;
@@ -121,7 +122,7 @@ public class FragmentOptionsConnection extends FragmentBase implements SharedPre
             "download_headers", "download_eml", "download_plain",
             "require_validated", "require_validated_captive", "vpn_only",
             "timeout", "prefer_ip4", "bind_socket", "standalone_vpn", "tcp_keep_alive",
-            "ssl_harden", "ssl_harden_strict", "cert_strict", "open_safe", "http_redirect",
+            "ssl_update", "ssl_harden", "ssl_harden_strict", "cert_strict", "open_safe", "http_redirect",
             "bouncy_castle", "bc_fips"
     };
 
@@ -152,6 +153,7 @@ public class FragmentOptionsConnection extends FragmentBase implements SharedPre
         swStandaloneVpn = view.findViewById(R.id.swStandaloneVpn);
         swTcpKeepAlive = view.findViewById(R.id.swTcpKeepAlive);
         tvTcpKeepAliveHint = view.findViewById(R.id.tvTcpKeepAliveHint);
+        swSslUpdate = view.findViewById(R.id.swSslUpdate);
         swSslHarden = view.findViewById(R.id.swSslHarden);
         swSslHardenStrict = view.findViewById(R.id.swSslHardenStrict);
         swCertStrict = view.findViewById(R.id.swCertStrict);
@@ -332,6 +334,14 @@ public class FragmentOptionsConnection extends FragmentBase implements SharedPre
             }
         });
 
+        swSslUpdate.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener() {
+            @Override
+            public void onCheckedChanged(CompoundButton v, boolean checked) {
+                prefs.edit().putBoolean("ssl_update", checked).commit();
+                ApplicationEx.restart(v.getContext(), "ssl_update");
+            }
+        });
+
         swSslHarden.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener() {
             @Override
             public void onCheckedChanged(CompoundButton compoundButton, boolean checked) {
@@ -665,6 +675,7 @@ public class FragmentOptionsConnection extends FragmentBase implements SharedPre
             swBindSocket.setChecked(prefs.getBoolean("bind_socket", false));
             swStandaloneVpn.setChecked(prefs.getBoolean("standalone_vpn", false));
             swTcpKeepAlive.setChecked(prefs.getBoolean("tcp_keep_alive", false));
+            swSslUpdate.setChecked(prefs.getBoolean("ssl_update", true));
             swSslHarden.setChecked(prefs.getBoolean("ssl_harden", false));
             swSslHardenStrict.setChecked(prefs.getBoolean("ssl_harden_strict", false));
             swSslHardenStrict.setEnabled(swSslHarden.isChecked());
diff --git a/app/src/main/res/layout/fragment_options_connection.xml b/app/src/main/res/layout/fragment_options_connection.xml
index 6755b62ccc..24a6065cde 100644
--- a/app/src/main/res/layout/fragment_options_connection.xml
+++ b/app/src/main/res/layout/fragment_options_connection.xml
@@ -436,6 +436,30 @@
                     app:layout_constraintStart_toStartOf="parent"
                     app:layout_constraintTop_toBottomOf="@id/swTcpKeepAlive" />
 
+                <androidx.appcompat.widget.SwitchCompat
+                    android:id="@+id/swSslUpdate"
+                    android:layout_width="0dp"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="12dp"
+                    android:checked="true"
+                    android:text="@string/title_advanced_ssl_update"
+                    app:layout_constraintEnd_toEndOf="parent"
+                    app:layout_constraintStart_toStartOf="parent"
+                    app:layout_constraintTop_toBottomOf="@id/tvTcpKeepAliveHint"
+                    app:switchPadding="12dp" />
+
+                <TextView
+                    android:id="@+id/tvSslUpdateHint"
+                    android:layout_width="0dp"
+                    android:layout_height="wrap_content"
+                    android:layout_marginEnd="48dp"
+                    android:text="@string/title_advanced_english_hint"
+                    android:textAppearance="@style/TextAppearance.AppCompat.Small"
+                    android:textStyle="italic"
+                    app:layout_constraintEnd_toEndOf="parent"
+                    app:layout_constraintStart_toStartOf="parent"
+                    app:layout_constraintTop_toBottomOf="@id/swSslUpdate" />
+
                 <androidx.appcompat.widget.SwitchCompat
                     android:id="@+id/swSslHarden"
                     android:layout_width="0dp"
@@ -444,7 +468,7 @@
                     android:text="@string/title_advanced_ssl_harden"
                     app:layout_constraintEnd_toEndOf="parent"
                     app:layout_constraintStart_toStartOf="parent"
-                    app:layout_constraintTop_toBottomOf="@id/tvTcpKeepAliveHint"
+                    app:layout_constraintTop_toBottomOf="@id/tvSslUpdateHint"
                     app:switchPadding="12dp" />
 
                 <TextView
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 2bd8c75ec7..c9421867e1 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -515,6 +515,7 @@
     <string name="title_advanced_bind_socket" translatable="false">Bind sockets to the active network</string>
     <string name="title_advanced_standalone_vpn" translatable="false">Standalone VPN</string>
     <string name="title_advanced_tcp_keep_alive" translatable="false">TCP keep alive</string>
+    <string name="title_advanced_ssl_update">Use update SSL provider</string>
     <string name="title_advanced_ssl_harden">Harden SSL connections</string>
     <string name="title_advanced_ssl_harden_strict">Require TLS 1.3</string>
     <string name="title_advanced_cert_strict">Strict certificate checking</string>
diff --git a/app/src/play/java/eu/faircode/email/ApplicationSecure.java b/app/src/play/java/eu/faircode/email/ApplicationSecure.java
index e49e448765..9c849859c1 100644
--- a/app/src/play/java/eu/faircode/email/ApplicationSecure.java
+++ b/app/src/play/java/eu/faircode/email/ApplicationSecure.java
@@ -20,6 +20,9 @@ package eu.faircode.email;
 */
 
 import android.content.Intent;
+import android.content.SharedPreferences;
+
+import androidx.preference.PreferenceManager;
 
 import com.google.android.gms.security.ProviderInstaller;
 
@@ -32,8 +35,13 @@ public class ApplicationSecure extends ApplicationEx implements ProviderInstalle
     @Override
     public void onCreate() {
         super.onCreate();
-        Log.i("Security provider check");
-        ProviderInstaller.installIfNeededAsync(this, this);
+        SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
+        boolean ssl_update = prefs.getBoolean("ssl_update", true);
+        if (ssl_update) {
+            Log.i("Security provider check");
+            ProviderInstaller.installIfNeededAsync(this, this);
+        } else
+            lock.countDown();
     }
 
     @Override