diff --git a/state/cassandra/cassandra.go b/state/cassandra/cassandra.go
index 7191accd9..b2706220f 100644
--- a/state/cassandra/cassandra.go
+++ b/state/cassandra/cassandra.go
@@ -62,15 +62,16 @@ type Cassandra struct {
 }
 
 type cassandraMetadata struct {
-	Hosts             []string
-	Port              int
-	ProtoVersion      int
-	ReplicationFactor int
-	Username          string
-	Password          string
-	Consistency       string
-	Table             string
-	Keyspace          string
+	Hosts                  []string
+	Port                   int
+	ProtoVersion           int
+	ReplicationFactor      int
+	Username               string
+	Password               string
+	Consistency            string
+	Table                  string
+	Keyspace               string
+	EnableHostVerification bool
 }
 
 // NewCassandraStateStore returns a new cassandra state store.
@@ -136,6 +137,11 @@ func (c *Cassandra) createClusterConfig(metadata *cassandraMetadata) (*gocql.Clu
 	if metadata.Username != "" && metadata.Password != "" {
 		clusterConfig.Authenticator = gocql.PasswordAuthenticator{Username: metadata.Username, Password: metadata.Password}
 	}
+	if metadata.EnableHostVerification {
+		clusterConfig.SslOpts = &gocql.SslOptions{
+			EnableHostVerification: true,
+		}
+	}
 	clusterConfig.Port = metadata.Port
 	clusterConfig.ProtoVersion = metadata.ProtoVersion
 	cons, err := c.getConsistency(metadata.Consistency)
diff --git a/state/cassandra/metadata.yaml b/state/cassandra/metadata.yaml
index 55e5bd96d..cc7b14dfb 100644
--- a/state/cassandra/metadata.yaml
+++ b/state/cassandra/metadata.yaml
@@ -38,6 +38,11 @@ metadata:
     description: "Port for communication."
     default: "9042"
     example: "8080"
+  - name: enableHostVerification
+    type: bool
+    description: "Enables host verification. Secures the traffic between client server with TLS."
+    default: "false"
+    example: "true"
   - name: table
     type: string
     description: "The name of the table to use."