diff --git a/CMakeLists.txt b/CMakeLists.txt
index 23aafcedb..fc988064f 100755
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -14,6 +14,7 @@ set(CMAKE_CXX_STANDARD 17)
 # they just disappear.
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/helio/cmake" ${CMAKE_MODULE_PATH})
 option(BUILD_SHARED_LIBS "Build shared libraries" OFF)
+option(DF_USE_SSL "Provide support for SSL connections" ON)
 
 include(third_party)
 message(STATUS "after thirdpary")
diff --git a/helio b/helio
index 439b47b13..445ebf76b 160000
--- a/helio
+++ b/helio
@@ -1 +1 @@
-Subproject commit 439b47b13ac5260ce0ba094e8166c2170965387b
+Subproject commit 445ebf76b96b7360982f2b3c4558ec347ba3adb5
diff --git a/patches/lua-v5.4.4.patch b/patches/lua-v5.4.4.patch
index 44094df5a..1d6655c03 100644
--- a/patches/lua-v5.4.4.patch
+++ b/patches/lua-v5.4.4.patch
@@ -27,7 +27,7 @@ index d46e650c..e347e614 100644
  
 +uname_m := $(shell uname -m)
 +ifeq ($(uname_m),x86_64)
-+OPTFLAGS= -march=broadwell
++OPTFLAGS= -march=sandybridge
 +else ifeq ($(uname_m), aarch64)
 +OPTFLAGS= -march=armv8.2-a+fp16+rcpc+dotprod+crypto
 +else
diff --git a/src/core/compact_object.cc b/src/core/compact_object.cc
index 76643c0f8..a5c9706d8 100644
--- a/src/core/compact_object.cc
+++ b/src/core/compact_object.cc
@@ -381,8 +381,10 @@ void RobjWrapper::MakeInnerRoom(size_t current_cap, size_t desired, pmr::memory_
   inner_obj_ = newp;
 }
 
-#pragma GCC push_options
-#pragma GCC optimize("Ofast")
+#if defined(__GNUC__) && !defined(__clang__)
+  #pragma GCC push_options
+  #pragma GCC optimize("Ofast")
+#endif
 
 // len must be at least 16
 void ascii_pack(const char* ascii, size_t len, uint8_t* bin) {
@@ -460,7 +462,9 @@ bool compare_packed(const uint8_t* packed, const char* ascii, size_t ascii_len)
   return true;
 }
 
-#pragma GCC pop_options
+#if defined(__GNUC__) && !defined(__clang__)
+  #pragma GCC pop_options
+#endif
 
 }  // namespace detail
 
diff --git a/src/facade/CMakeLists.txt b/src/facade/CMakeLists.txt
index 1f0e86760..b8907a83a 100644
--- a/src/facade/CMakeLists.txt
+++ b/src/facade/CMakeLists.txt
@@ -1,7 +1,13 @@
 add_library(dfly_facade dragonfly_listener.cc dragonfly_connection.cc facade.cc
             memcache_parser.cc redis_parser.cc reply_builder.cc)
+
+if (DF_USE_SSL)
+  set(TLS_LIB tls_lib)
+  target_compile_definitions(dfly_facade PRIVATE DFLY_USE_SSL)
+endif()
+
 cxx_link(dfly_facade base uring_fiber_lib fibers_ext strings_lib http_server_lib 
-         tls_lib TRDP::mimalloc TRDP::dconv)
+         ${TLS_LIB} TRDP::mimalloc TRDP::dconv)
 
 add_library(facade_test facade_test.cc)
 cxx_link(facade_test dfly_facade gtest_main_ext)
diff --git a/src/facade/dragonfly_connection.cc b/src/facade/dragonfly_connection.cc
index 77ac104ed..e2b77ad3e 100644
--- a/src/facade/dragonfly_connection.cc
+++ b/src/facade/dragonfly_connection.cc
@@ -17,7 +17,11 @@
 #include "facade/redis_parser.h"
 #include "facade/service_interface.h"
 #include "util/fiber_sched_algo.h"
+
+#ifdef DFLY_USE_SSL
 #include "util/tls/tls_socket.h"
+#endif
+
 #include "util/uring/uring_socket.h"
 
 ABSL_FLAG(bool, tcp_nodelay, false,
@@ -181,6 +185,7 @@ void Connection::HandleRequests() {
 
   auto remote_ep = lsb->RemoteEndpoint();
 
+#ifdef DFLY_USE_SSL
   unique_ptr<tls::TlsSocket> tls_sock;
   if (ctx_) {
     tls_sock.reset(new tls::TlsSocket(socket_.get()));
@@ -193,8 +198,11 @@ void Connection::HandleRequests() {
     }
     VLOG(1) << "TLS handshake succeeded";
   }
-
   FiberSocketBase* peer = tls_sock ? (FiberSocketBase*)tls_sock.get() : socket_.get();
+#else
+  FiberSocketBase* peer = socket_.get();
+#endif
+
   io::Result<bool> http_res{false};
   if (absl::GetFlag(FLAGS_http_admin_console))
     http_res = CheckForHttpProto(peer);
diff --git a/src/facade/dragonfly_listener.cc b/src/facade/dragonfly_listener.cc
index 878b0197f..f577a59d2 100644
--- a/src/facade/dragonfly_listener.cc
+++ b/src/facade/dragonfly_listener.cc
@@ -4,7 +4,9 @@
 
 #include "facade/dragonfly_listener.h"
 
+#ifdef DFLY_USE_SSL
 #include <openssl/ssl.h>
+#endif
 
 #include "base/flags.h"
 #include "base/logging.h"
@@ -47,6 +49,8 @@ using namespace util;
 using absl::GetFlag;
 
 namespace {
+
+#ifdef DFLY_USE_SSL
 // To connect: openssl s_client  -cipher "ADH:@SECLEVEL=0" -state -crlf  -connect 127.0.0.1:6380
 static SSL_CTX* CreateSslCntx() {
   SSL_CTX* ctx = SSL_CTX_new(TLS_server_method());
@@ -90,6 +94,7 @@ static SSL_CTX* CreateSslCntx() {
 
   return ctx;
 }
+#endif
 
 bool ConfigureKeepAlive(int fd, unsigned interval_sec) {
   DCHECK_GT(interval_sec, 3u);
@@ -121,17 +126,23 @@ bool ConfigureKeepAlive(int fd, unsigned interval_sec) {
 }  // namespace
 
 Listener::Listener(Protocol protocol, ServiceInterface* si) : service_(si), protocol_(protocol) {
+
+#ifdef DFLY_USE_SSL
   if (GetFlag(FLAGS_tls)) {
     OPENSSL_init_ssl(OPENSSL_INIT_SSL_DEFAULT, NULL);
     ctx_ = CreateSslCntx();
   }
+#endif
+
   http_base_.reset(new HttpListener<>);
   http_base_->set_resource_prefix("https://romange.s3.eu-west-1.amazonaws.com/static");
   si->ConfigureHttpHandlers(http_base_.get());
 }
 
 Listener::~Listener() {
+#ifdef DFLY_USE_SSL
   SSL_CTX_free(ctx_);
+#endif
 }
 
 util::Connection* Listener::NewConnection(ProactorBase* proactor) {