diff -Nur zabbix-2.2.13/include/db.h zabbix-2.2.13_tlspatch/include/db.h
--- zabbix-2.2.13/include/db.h	2016-05-18 12:57:51.000000000 +0000
+++ zabbix-2.2.13_tlspatch/include/db.h	2016-06-14 22:23:47.000000000 +0000
@@ -31,6 +31,10 @@
 extern char	*CONFIG_DBUSER;
 extern char	*CONFIG_DBPASSWORD;
 extern char	*CONFIG_DBSOCKET;
+extern char *CONFIG_DBTLSKEY;
+extern char *CONFIG_DBTLSCERT;
+extern char *CONFIG_DBTLSCAFILE;
+extern char *CONFIG_DBTLSCADIR;
 extern int	CONFIG_DBPORT;
 extern int	CONFIG_NODEID;
 extern int	CONFIG_MASTER_NODEID;
diff -Nur zabbix-2.2.13/include/zbxdb.h zabbix-2.2.13_tlspatch/include/zbxdb.h
--- zabbix-2.2.13/include/zbxdb.h	2016-05-18 12:57:51.000000000 +0000
+++ zabbix-2.2.13_tlspatch/include/zbxdb.h	2016-06-14 22:25:29.000000000 +0000
@@ -162,6 +162,10 @@
 #endif
 
 int	zbx_db_connect(char *host, char *user, char *password, char *dbname, char *dbschema, char *dbsocket, int port);
+#ifdef HAVE_MYSQL
+int	zbx_db_connect_tls(char *host, char *user, char *password, char *dbname, char *dbschema, char *dbsocket, int port, char* dbtlskey, char* dbtlscert, char* dbtlscafile, char* dbtlscadir);
+#endif /* HAVE_MYSQL */
+
 #ifdef HAVE_SQLITE3
 void	zbx_create_sqlite3_mutex(void);
 void	zbx_remove_sqlite3_mutex(void);
Binary files zabbix-2.2.13/misc/images/png_classic/Thumbs.db and zabbix-2.2.13_tlspatch/misc/images/png_classic/Thumbs.db differ
Binary files zabbix-2.2.13/misc/images/png_modern/Thumbs.db and zabbix-2.2.13_tlspatch/misc/images/png_modern/Thumbs.db differ
diff -Nur zabbix-2.2.13/src/libs/zbxdb/db.c zabbix-2.2.13_tlspatch/src/libs/zbxdb/db.c
--- zabbix-2.2.13/src/libs/zbxdb/db.c	2016-05-18 12:57:51.000000000 +0000
+++ zabbix-2.2.13_tlspatch/src/libs/zbxdb/db.c	2016-06-14 22:25:52.000000000 +0000
@@ -523,6 +523,72 @@
 	return ret;
 }
 
+
+/******************************************************************************
+ *                                                                            *
+ * Function: zbx_db_connect_tls                                               *
+ *                                                                            *
+ * Purpose: connect to the database using TLS                                 *
+ *                                                                            *
+ * Return value: ZBX_DB_OK - successfully connected                           *
+ *               ZBX_DB_DOWN - database is down                               *
+ *               ZBX_DB_FAIL - failed to connect                              *
+ *                                                                            *
+ ******************************************************************************/
+#ifdef HAVE_MYSQL
+int	zbx_db_connect_tls(char *host, char *user, char *password, char *dbname, char *dbschema, char *dbsocket, int port, char* dbtlskey, char* dbtlscert, char* dbtlscafile, char* dbtlscadir)
+{
+	int		ret = ZBX_DB_OK, last_txn_error, last_txn_level;
+
+	/* Allow executing statements during a connection initialization. Make sure to mark transaction as failed. */
+	if (0 != txn_level)
+		txn_error = 1;
+
+	last_txn_error = txn_error;
+	last_txn_level = txn_level;
+
+	txn_error = 0;
+	txn_level = 0;
+
+	if (NULL == (conn = mysql_init(NULL)))
+	{
+		zabbix_log(LOG_LEVEL_CRIT, "cannot allocate or initialize MYSQL database connection object");
+		exit(EXIT_FAILURE);
+	}
+
+	mysql_ssl_set(conn, dbtlskey, dbtlscert, dbtlscafile, dbtlscadir, NULL);
+
+	if (NULL == mysql_real_connect(conn, host, user, password, dbname, port, dbsocket, CLIENT_MULTI_STATEMENTS))
+	{
+		zabbix_errlog(ERR_Z3001, dbname, mysql_errno(conn), mysql_error(conn));
+		ret = ZBX_DB_FAIL;
+	}
+
+	if (ZBX_DB_OK == ret && 0 != mysql_select_db(conn, dbname))
+	{
+		zabbix_errlog(ERR_Z3001, dbname, mysql_errno(conn), mysql_error(conn));
+		ret = ZBX_DB_FAIL;
+	}
+
+	if (ZBX_DB_FAIL == ret && SUCCEED == is_recoverable_mysql_error())
+		ret = ZBX_DB_DOWN;
+
+	if (ZBX_DB_OK == ret)
+	{
+		if (0 < (ret = zbx_db_execute("%s", "set names utf8")))
+			ret = ZBX_DB_OK;
+	}
+
+	if (ZBX_DB_OK != ret)
+		zbx_db_close();
+
+	txn_error = last_txn_error;
+	txn_level = last_txn_level;
+
+	return ret;
+}
+#endif /* HAVE_MYSQL */
+
 #if defined(HAVE_SQLITE3)
 void	zbx_create_sqlite3_mutex(void)
 {
diff -Nur zabbix-2.2.13/src/libs/zbxdbhigh/db.c zabbix-2.2.13_tlspatch/src/libs/zbxdbhigh/db.c
--- zabbix-2.2.13/src/libs/zbxdbhigh/db.c	2016-05-18 12:57:51.000000000 +0000
+++ zabbix-2.2.13_tlspatch/src/libs/zbxdbhigh/db.c	2016-06-14 22:30:31.000000000 +0000
@@ -124,21 +124,46 @@
 
 	zabbix_log(LOG_LEVEL_DEBUG, "In %s() flag:%d", __function_name, flag);
 
-	while (ZBX_DB_OK != (err = zbx_db_connect(CONFIG_DBHOST, CONFIG_DBUSER, CONFIG_DBPASSWORD,
-			CONFIG_DBNAME, CONFIG_DBSCHEMA, CONFIG_DBSOCKET, CONFIG_DBPORT)))
+#ifdef HAVE_MYSQL
+	if (CONFIG_DBTLSKEY != NULL || CONFIG_DBTLSCERT != NULL || CONFIG_DBTLSCAFILE != NULL || CONFIG_DBTLSCADIR != NULL)
 	{
-		if (ZBX_DB_CONNECT_ONCE == flag)
-			break;
-
-		if (ZBX_DB_FAIL == err || ZBX_DB_CONNECT_EXIT == flag)
+		while (ZBX_DB_OK != (err = zbx_db_connect_tls(CONFIG_DBHOST, CONFIG_DBUSER, CONFIG_DBPASSWORD,
+			CONFIG_DBNAME, CONFIG_DBSCHEMA, CONFIG_DBSOCKET, CONFIG_DBPORT, CONFIG_DBTLSKEY, CONFIG_DBTLSCERT, CONFIG_DBTLSCAFILE, CONFIG_DBTLSCADIR)))
 		{
-			zabbix_log(LOG_LEVEL_CRIT, "Cannot connect to the database. Exiting...");
-			exit(FAIL);
+			if (ZBX_DB_CONNECT_ONCE == flag)
+				break;
+
+			if (ZBX_DB_FAIL == err || ZBX_DB_CONNECT_EXIT == flag)
+			{
+				zabbix_log(LOG_LEVEL_CRIT, "Cannot connect to the database. Exiting...");
+				exit(FAIL);
+			}
+
+			zabbix_log(LOG_LEVEL_WARNING, "Database is down. Reconnecting in %d seconds.", ZBX_DB_WAIT_DOWN);
+			zbx_sleep(ZBX_DB_WAIT_DOWN);
 		}
+	}
+	else
+	{
+#endif /* HAVE_MYSQL */
+		while (ZBX_DB_OK != (err = zbx_db_connect(CONFIG_DBHOST, CONFIG_DBUSER, CONFIG_DBPASSWORD,
+			CONFIG_DBNAME, CONFIG_DBSCHEMA, CONFIG_DBSOCKET, CONFIG_DBPORT)))
+		{
+			if (ZBX_DB_CONNECT_ONCE == flag)
+				break;
 
-		zabbix_log(LOG_LEVEL_WARNING, "Database is down. Reconnecting in %d seconds.", ZBX_DB_WAIT_DOWN);
-		zbx_sleep(ZBX_DB_WAIT_DOWN);
+			if (ZBX_DB_FAIL == err || ZBX_DB_CONNECT_EXIT == flag)
+			{
+				zabbix_log(LOG_LEVEL_CRIT, "Cannot connect to the database. Exiting...");
+				exit(FAIL);
+			}
+
+			zabbix_log(LOG_LEVEL_WARNING, "Database is down. Reconnecting in %d seconds.", ZBX_DB_WAIT_DOWN);
+			zbx_sleep(ZBX_DB_WAIT_DOWN);
+		}
+#ifdef HAVE_MYSQL
 	}
+#endif /* HAVE_MYSQL */
 
 	zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%d", __function_name, err);
 
diff -Nur zabbix-2.2.13/src/zabbix_proxy/proxy.c zabbix-2.2.13_tlspatch/src/zabbix_proxy/proxy.c
--- zabbix-2.2.13/src/zabbix_proxy/proxy.c	2016-05-18 12:57:51.000000000 +0000
+++ zabbix-2.2.13_tlspatch/src/zabbix_proxy/proxy.c	2016-06-18 00:19:18.000000000 +0000
@@ -171,6 +171,10 @@
 char	*CONFIG_DBUSER			= NULL;
 char	*CONFIG_DBPASSWORD		= NULL;
 char	*CONFIG_DBSOCKET		= NULL;
+char	*CONFIG_DBTLSKEY		= NULL;
+char	*CONFIG_DBTLSCERT		= NULL;
+char	*CONFIG_DBTLSCAFILE		= NULL;
+char	*CONFIG_DBTLSCADIR		= NULL;
 int	CONFIG_DBPORT			= 0;
 int	CONFIG_ENABLE_REMOTE_COMMANDS	= 0;
 int	CONFIG_LOG_REMOTE_COMMANDS	= 0;
@@ -327,6 +331,18 @@
 		exit(EXIT_FAILURE);
 	}
 
+	if (NULL != CONFIG_DBTLSKEY && NULL == CONFIG_DBTLSCERT)
+	{
+		zabbix_log(LOG_LEVEL_CRIT, "configuration parameter DBTLSKey requires DBTLSCert to be specified as well.");
+		exit(EXIT_FAILURE);
+	}
+
+	if (NULL != CONFIG_DBTLSCERT && NULL == CONFIG_DBTLSKEY)
+	{
+		zabbix_log(LOG_LEVEL_CRIT, "configuration parameter DBTLSCert requires DBTLSKey to be specified as well.");
+		exit(EXIT_FAILURE);
+	}
+	
 #if !defined(HAVE_LIBXML2) || !defined(HAVE_LIBCURL)
 	if (0 != CONFIG_VMWARE_FORKS)
 	{
@@ -456,6 +472,14 @@
 			PARM_OPT,	0,			0},
 		{"DBPort",			&CONFIG_DBPORT,				TYPE_INT,
 			PARM_OPT,	1024,			65535},
+		{"DBTLSKey",			&CONFIG_DBTLSKEY,			TYPE_STRING,
+			PARM_OPT,	0,			0},
+		{"DBTLSCert",			&CONFIG_DBTLSCERT,			TYPE_STRING,
+			PARM_OPT,	0,			0},
+		{"DBTLSCAFile",			&CONFIG_DBTLSCAFILE,			TYPE_STRING,
+			PARM_OPT,	0,			0},
+		{"DBTLSCADir",			&CONFIG_DBTLSCADIR,			TYPE_STRING,
+			PARM_OPT,	0,			0},
 		{"SSHKeyLocation",		&CONFIG_SSH_KEY_LOCATION,		TYPE_STRING,
 			PARM_OPT,	0,			0},
 		{"LogSlowQueries",		&CONFIG_LOG_SLOW_QUERIES,		TYPE_INT,
diff -Nur zabbix-2.2.13/src/zabbix_server/server.c zabbix-2.2.13_tlspatch/src/zabbix_server/server.c
--- zabbix-2.2.13/src/zabbix_server/server.c	2016-05-18 12:57:51.000000000 +0000
+++ zabbix-2.2.13_tlspatch/src/zabbix_server/server.c	2016-06-18 00:19:03.000000000 +0000
@@ -171,6 +171,10 @@
 char	*CONFIG_DBUSER			= NULL;
 char	*CONFIG_DBPASSWORD		= NULL;
 char	*CONFIG_DBSOCKET		= NULL;
+char	*CONFIG_DBTLSKEY		= NULL;
+char	*CONFIG_DBTLSCERT		= NULL;
+char	*CONFIG_DBTLSCAFILE		= NULL;
+char	*CONFIG_DBTLSCADIR		= NULL;
 int	CONFIG_DBPORT			= 0;
 int	CONFIG_ENABLE_REMOTE_COMMANDS	= 0;
 int	CONFIG_LOG_REMOTE_COMMANDS	= 0;
@@ -285,6 +289,19 @@
 		zabbix_log(LOG_LEVEL_CRIT, "invalid \"SourceIP\" configuration parameter: '%s'", CONFIG_SOURCE_IP);
 		exit(EXIT_FAILURE);
 	}
+
+	if (NULL != CONFIG_DBTLSKEY && NULL == CONFIG_DBTLSCERT)
+	{
+		zabbix_log(LOG_LEVEL_CRIT, "configuration parameter DBTLSKey requires DBTLSCert to be specified as well.");
+		exit(EXIT_FAILURE);
+	}
+
+	if (NULL != CONFIG_DBTLSCERT && NULL == CONFIG_DBTLSKEY)
+	{
+		zabbix_log(LOG_LEVEL_CRIT, "configuration parameter DBTLSCert requires DBTLSKey to be specified as well.");
+		exit(EXIT_FAILURE);
+	}
+
 #if !defined(HAVE_LIBXML2) || !defined(HAVE_LIBCURL)
 	if (0 != CONFIG_VMWARE_FORKS)
 	{
@@ -412,6 +429,14 @@
 			PARM_OPT,	0,			0},
 		{"DBPort",			&CONFIG_DBPORT,				TYPE_INT,
 			PARM_OPT,	1024,			65535},
+		{"DBTLSKey",			&CONFIG_DBTLSKEY,			TYPE_STRING,
+			PARM_OPT,	0,			0},
+		{"DBTLSCert",			&CONFIG_DBTLSCERT,			TYPE_STRING,
+			PARM_OPT,	0,			0},
+		{"DBTLSCAFile",			&CONFIG_DBTLSCAFILE,			TYPE_STRING,
+			PARM_OPT,	0,			0},
+		{"DBTLSCADir",			&CONFIG_DBTLSCADIR,			TYPE_STRING,
+			PARM_OPT,	0,			0},
 		{"NodeID",			&CONFIG_NODEID,				TYPE_INT,
 			PARM_OPT,	0,			999},
 		{"NodeNoEvents",		&CONFIG_NODE_NOEVENTS,			TYPE_INT,