diff --git a/doc/06-config.md b/doc/06-config.md
index 603de014a..4e027b9b1 100644
--- a/doc/06-config.md
+++ b/doc/06-config.md
@@ -96,7 +96,8 @@ gitlab.com the domain names must be also specified with the
 Defaults to `false`. If set to true all HTTPS URLs will be tried with HTTP
 instead and no network level encryption is performed. Enabling this is a
 security risk and is NOT recommended. The better way is to enable the
-php_openssl extension in php.ini.
+php_openssl extension in php.ini. Enabling this will implicitly disable the
+`secure-http` option.
 
 ## secure-http
 
diff --git a/src/Composer/Config.php b/src/Composer/Config.php
index e57d21cab..b305fe371 100644
--- a/src/Composer/Config.php
+++ b/src/Composer/Config.php
@@ -328,6 +328,10 @@ class Config
             case 'disable-tls':
                 return $this->config[$key] !== 'false' && (bool) $this->config[$key];
             case 'secure-http':
+                if ($this->get('disable-tls') === true) {
+                    return false;
+                }
+
                 return $this->config[$key] !== 'false' && (bool) $this->config[$key];
             case 'use-github-api':
                 return $this->config[$key] !== 'false' && (bool) $this->config[$key];