diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index bd9f645d1..03f9ad4ec 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -8,6 +8,7 @@
  - fixed #12328: invalid wgaccess file in uploads
  - RFE: 9730 (actually missing documentation)
  - fixed: Crud updateFromFormPost
+ - fixed: encryptLogin and sslEnabled both need to be true
 
 7.10.24
  - fixed #12318: asset error causes asset manager to fail
diff --git a/lib/WebGUI/Auth.pm b/lib/WebGUI/Auth.pm
index bfc57518f..777bea15b 100644
--- a/lib/WebGUI/Auth.pm
+++ b/lib/WebGUI/Auth.pm
@@ -589,7 +589,7 @@ sub displayLogin {
     my $i18n = WebGUI::International->new($self->session);
     $vars->{title} = $i18n->get(66);
     my $action;
-    if ($self->session->setting->get("encryptLogin")) {
+    if ($self->session->config->get('sslEnabled') && $self->session->setting->get("encryptLogin")) {
         my $uri = URI->new($self->session->url->page(undef,1));
         $uri->scheme('https');
         $uri->host_port($uri->host);
@@ -924,7 +924,7 @@ sub login {
         $self->session->http->setRedirect($self->session->setting->get("redirectAfterLoginUrl"));
         $self->session->scratch->delete("redirectAfterLogin");
     }
-	elsif ($self->session->setting->get('encryptLogin')) {
+	elsif ($self->session->config->get('sslEnabled') && $self->session->setting->get('encryptLogin')) {
 		my $currentUrl = URI->new($self->session->url->page(undef,1));
         $currentUrl->scheme('http');
         $currentUrl->port($self->session->config->get('webServerPort') || 80);
@@ -1109,7 +1109,7 @@ sub showMessageOnLogin {
                     || $session->url->getBackToSiteURL
                     ;
 
-    if ($session->setting->get('encryptLogin') && ( ! $redirectUrl =~ /^http/)) {
+    if ($self->session->config->get('sslEnabled') && $session->setting->get('encryptLogin') && ( ! $redirectUrl =~ /^http/)) {
         ##A scheme-less URL has been supplied.  We need to make it an absolute one
         ##with a non-encrypted scheme.  Otherwise the user will stay in SSL mode.
         ##We assume that the user put the gateway URL into their URL.
diff --git a/lib/WebGUI/Macro/L_loginBox.pm b/lib/WebGUI/Macro/L_loginBox.pm
index 359941965..8c4a03741 100644
--- a/lib/WebGUI/Macro/L_loginBox.pm
+++ b/lib/WebGUI/Macro/L_loginBox.pm
@@ -96,7 +96,7 @@ sub process {
         }
 
 	my $action;
-        if ($session->setting->get("encryptLogin")) {
+        if ($session->config->get('sslEnabled') && $session->setting->get("encryptLogin")) {
                 my $uri = URI->new($session->url->page(undef,1));
                 $uri->scheme('https');
                 $uri->host_port($uri->host);
diff --git a/t/Macro/L_loginBox.t b/t/Macro/L_loginBox.t
index 78c7c6c87..71772c773 100644
--- a/t/Macro/L_loginBox.t
+++ b/t/Macro/L_loginBox.t
@@ -150,6 +150,8 @@ is($url2, $session->url->page("op=auth;method=logout"), "templated custom text,
 
 ##Change settings to use encrypt login and verify which links use https.
 $session->setting->set("encryptLogin", 1);
+WebGUI::Test->originalConfig('sslEnabled');
+$session->config->set('sslEnabled', 1);
 
 $output = WebGUI::Macro::L_loginBox::process($session,'','',$template->getId);
 %vars = simpleTextParser($output);