diff --git a/apps/restconf/restconf_main_evhtp.c b/apps/restconf/restconf_main_evhtp.c
index 3aeef378..d9c08cdc 100644
--- a/apps/restconf/restconf_main_evhtp.c
+++ b/apps/restconf/restconf_main_evhtp.c
@@ -1026,9 +1026,9 @@ cx_evhtp_init(clicon_handle     h,
 	clicon_err(OE_CFG, ENOENT, "restconf top symbol not found");
 	goto done;
     }
+    /* If at least one socket has ssl then enable global ssl_enable */
+    ssl_enable = xpath_first(xrestconf, nsc, "socket[ssl='true']") != NULL;
     /* get common fields */
-    if ((x = xpath_first(xrestconf, nsc, "ssl-enable")) != NULL)
-	ssl_enable = (strcmp(xml_body(x),"true")==0);
     if ((x = xpath_first(xrestconf, nsc, "auth-type")) != NULL) /* XXX: leaf-list? */
 	auth_type = xml_body(x);
     if (auth_type && strcmp(auth_type, "client-certificate") == 0)
@@ -1065,7 +1065,6 @@ cx_evhtp_init(clicon_handle     h,
 	}
 	//    ssl_verify_mode             = htp_sslutil_verify2opts(optarg);
     }
-    
     /* get the list of socket config-data */
     if (xpath_vec(xrestconf, nsc, "socket", &vec, &veclen) < 0)
 	goto done;
diff --git a/test/restconfig.sh b/test/restconfig.sh
index cf80f27e..825d328e 100644
--- a/test/restconfig.sh
+++ b/test/restconfig.sh
@@ -8,7 +8,6 @@
 
 RESTCONFIG=$(cat <<EOF
 <restconf xmlns="https://clicon.org/restconf">
-   <ssl-enable>false</ssl-enable>
    <auth-type>password</auth-type>
    <socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket>
 </restconf>
diff --git a/test/test_restconf.sh b/test/test_restconf.sh
index f0985fc2..1e705502 100755
--- a/test/test_restconf.sh
+++ b/test/test_restconf.sh
@@ -74,7 +74,6 @@ if $IPv6; then
     # For backend config, create 4 sockets, all combinations IPv4/IPv6 + http/https
     RESTCONFIG=$(cat <<EOF
 <restconf xmlns="https://clicon.org/restconf">
-   <ssl-enable>true</ssl-enable>
    <auth-type>password</auth-type>
    <server-cert-path>$srvcert</server-cert-path>
    <server-key-path>$srvkey</server-key-path>
@@ -90,7 +89,6 @@ else
        # For backend config, create 4 sockets, all combinations IPv4/IPv6 + http/https
     RESTCONFIG=$(cat <<EOF
 <restconf xmlns="https://clicon.org/restconf">
-   <ssl-enable>true</ssl-enable>
    <auth-type>password</auth-type>
    <server-cert-path>$srvcert</server-cert-path>
    <server-key-path>$srvkey</server-key-path>
diff --git a/test/test_ssl_certs.sh b/test/test_ssl_certs.sh
index c4de2921..817e32b0 100755
--- a/test/test_ssl_certs.sh
+++ b/test/test_ssl_certs.sh
@@ -172,7 +172,6 @@ testrun()
     <config>
        <restconf xmlns="https://clicon.org/restconf">
          <auth-type>$authtype</auth-type>
-         <ssl-enable>true</ssl-enable>
          <server-cert-path>$srvcert</server-cert-path>
          <server-key-path>$srvkey</server-key-path>
          <server-ca-cert-path>$cacert</server-ca-cert-path>
diff --git a/yang/clixon/clixon-restconf@2020-10-30.yang b/yang/clixon/clixon-restconf@2020-10-30.yang
index ecb4d6b9..06ec731f 100644
--- a/yang/clixon/clixon-restconf@2020-10-30.yang
+++ b/yang/clixon/clixon-restconf@2020-10-30.yang
@@ -87,17 +87,6 @@ module clixon-restconf {
 	presence "Enables RESTCONF";
 	description
 	    "HTTP daemon configuration.";
-	leaf ssl-enable {
-	    description
-		"Enable ssl server functionality.
-                 Setting to false means the following are invalid: 
-                   - auth-type=client-certificate 
-                   - socket entries with ssl=true
-                  Also, the following are not releveant: server-cert-path, server-key-path, 
-                  server-ca-cert-path";
-	    type boolean;
-	    default false;
-	}
 	leaf-list auth-type {
 	    type http-auth-type;
 	    description