diff --git a/networking/wget.c b/networking/wget.c
index 8c68185a9..ebffabf94 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -735,24 +735,25 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
 
 /* See networking/ssl_helper/README how to build one */
 #if ENABLE_FEATURE_WGET_SSL_HELPER
-static void spawn_https_helper_small(int network_fd)
+static void spawn_https_helper_small(const char *host, int network_fd)
 {
 	int sp[2];
 	int pid;
+	char *servername, *p;
 
-#if ENABLE_FEATURE_WGET_LONG_OPTIONS
-	if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT))
-		bb_error_msg("WARNING: SSL/TLS certificate is not being validated!");
-#endif
+	servername = xstrdup(host);
+	p = strrchr(servername, ':');
+	if (p) *p = '\0';
 
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
 		/* Kernel can have AF_UNIX support disabled */
 		bb_perror_msg_and_die("socketpair");
 
+	fflush_all();
 	pid = BB_MMU ? xfork() : xvfork();
 	if (pid == 0) {
 		/* Child */
-		char *argv[3];
+		char *argv[6];
 
 		close(sp[0]);
 		xmove_fd(sp[1], 0);
@@ -761,15 +762,22 @@ static void spawn_https_helper_small(int network_fd)
 		/*
 		 * A simple ssl/tls helper
 		 */
-		argv[0] = (char*)"ssl_helper";
-		argv[1] = (char*)"-d3";
-		argv[2] = NULL;
+		argv[0] = (char*)"ssl_client";
+		argv[1] = (char*)"-s3";
+		argv[2] = (char*)"-n";
+		argv[3] = servername;
+		if (option_mask32 & WGET_OPT_NO_CHECK_CERT) {
+			argv[4] = (char*)"-I";
+			argv[5] = NULL;
+		} else
+			argv[4] = NULL;
 		BB_EXECVP(argv[0], argv);
 		bb_perror_msg_and_die("can't execute '%s'", argv[0]);
 		/* notreached */
 	}
 
 	/* Parent */
+	free(servername);
 	close(sp[1]);
 	xmove_fd(sp[0], network_fd);
 }
@@ -1027,7 +1035,7 @@ static void download_one_url(const char *url)
 # if ENABLE_FEATURE_WGET_SSL_HELPER
 			if (fd < 0) { /* no openssl? try ssl_helper */
 				sfp = open_socket(lsa);
-				spawn_https_helper_small(fileno(sfp));
+				spawn_https_helper_small(server.host, fileno(sfp));
 				goto socket_opened;
 			}
 # else
@@ -1044,7 +1052,7 @@ static void download_one_url(const char *url)
 		/* Only ssl_helper support is configured */
 		sfp = open_socket(lsa);
 		if (target.protocol == P_HTTPS)
-			spawn_https_helper_small(fileno(sfp));
+			spawn_https_helper_small(server.host, fileno(sfp));
 #else
 		/* ssl (https) support is not configured */
 		sfp = open_socket(lsa);