diff --git a/jetty-home/src/main/resources/modules/conscrypt.mod b/jetty-home/src/main/resources/modules/conscrypt.mod
new file mode 100644
index 00000000000..f34ccaf452c
--- /dev/null
+++ b/jetty-home/src/main/resources/modules/conscrypt.mod
@@ -0,0 +1,27 @@
+[description]
+Installs the Conscrypt JSSE provider
+
+[tags]
+3rdparty
+
+[depend]
+ssl
+
+[files]
+maven://org.conscrypt/conscrypt-openjdk-uber/${conscrypt.version}|lib/conscrypt/conscrypt-uber-${conscrypt.version}.jar
+basehome:modules/conscrypt/conscrypt.xml|etc/conscrypt.xml
+
+[lib]
+lib/conscrypt/**.jar
+
+[xml]
+etc/conscrypt.xml
+
+[license]
+Conscrypt is distributed under the Apache Licence 2.0
+https://github.com/google/conscrypt/blob/master/LICENSE
+
+[ini]
+conscrypt.version?=1.0.0.RC8
+jetty.sslContext.provider?=AndroidOpenSSL
+
diff --git a/jetty-home/src/main/resources/modules/conscrypt/conscrypt.xml b/jetty-home/src/main/resources/modules/conscrypt/conscrypt.xml
new file mode 100644
index 00000000000..f3c69bd0953
--- /dev/null
+++ b/jetty-home/src/main/resources/modules/conscrypt/conscrypt.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
+<Configure id="Conscrypt" class="org.conscrypt.OpenSSLProvider">
+  <Call class="java.security.Security" name="addProvider">
+    <Arg><Ref refid="Conscrypt"/></Arg>
+  </Call>
+</Configure>
diff --git a/jetty-server/src/main/config/etc/jetty-ssl-context.xml b/jetty-server/src/main/config/etc/jetty-ssl-context.xml
index 87414a3c58c..e5ed517dee2 100644
--- a/jetty-server/src/main/config/etc/jetty-ssl-context.xml
+++ b/jetty-server/src/main/config/etc/jetty-ssl-context.xml
@@ -11,6 +11,7 @@
 -->
 
 <Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+  <Set name="Provider"><Property name="jetty.sslContext.provider"/></Set>
   <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/keystore"/></Set>
   <Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
   <Set name="KeyStoreType"><Property name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
diff --git a/jetty-server/src/main/config/modules/ssl.mod b/jetty-server/src/main/config/modules/ssl.mod
index cac38448246..109aaba460b 100644
--- a/jetty-server/src/main/config/modules/ssl.mod
+++ b/jetty-server/src/main/config/modules/ssl.mod
@@ -63,6 +63,9 @@ basehome:modules/ssl/keystore|etc/keystore
 ## Note that OBF passwords are not secure, just protected from casual observation
 ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
 
+## SSL JSSE Provider
+# jetty.sslContext.provider=
+
 ## Keystore file path (relative to $jetty.base)
 # jetty.sslContext.keyStorePath=etc/keystore