diff --git a/src/main/java/org/opensearch/security/auth/http/jwt/keybyoidc/KeySetRetriever.java b/src/main/java/org/opensearch/security/auth/http/jwt/keybyoidc/KeySetRetriever.java
index 72ae72a4ea..6026d674e9 100644
--- a/src/main/java/org/opensearch/security/auth/http/jwt/keybyoidc/KeySetRetriever.java
+++ b/src/main/java/org/opensearch/security/auth/http/jwt/keybyoidc/KeySetRetriever.java
@@ -29,7 +29,10 @@
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
 import org.apache.hc.client5.http.io.HttpClientConnectionManager;
 import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
+import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.client5.http.ssl.TlsSocketStrategy;
 import org.apache.hc.core5.http.HttpEntity;
+import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
@@ -323,8 +326,18 @@ private CloseableHttpClient createHttpClient(HttpCacheStorage httpCacheStorage)
         builder.useSystemProperties();
 
         if (sslConfig != null) {
+            TlsSocketStrategy tlsStrategy = sslConfig.isHostnameVerificationEnabled()
+                ? new DefaultClientTlsStrategy(sslConfig.getSslContext())
+                : new DefaultClientTlsStrategy(
+                    sslConfig.getSslContext(),
+                    sslConfig.getSupportedProtocols(),
+                    sslConfig.getSupportedCipherSuites(),
+                    SSLBufferMode.STATIC,
+                    NoopHostnameVerifier.INSTANCE
+                );
+
             final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create()
-                .setTlsSocketStrategy(new DefaultClientTlsStrategy(sslConfig.getSslContext()))
+                .setTlsSocketStrategy(tlsStrategy)
                 .build();
 
             builder.setConnectionManager(cm);