diff --git a/keystone/common/config.py b/keystone/common/config.py
index f21d460dde..73028b1529 100644
--- a/keystone/common/config.py
+++ b/keystone/common/config.py
@@ -133,7 +133,7 @@ FILE_OPTIONS = {
                          'with an HTTP 403 Forbidden error. If set to false, '
                          'passwords are automatically truncated to the '
                          'maximum length.'),
-        cfg.StrOpt('secure_proxy_ssl_header', default="HTTP_X_FORWARDED_PROTO",
+        cfg.StrOpt('secure_proxy_ssl_header', default='HTTP_X_FORWARDED_PROTO',
                    help='The HTTP header used to determine the scheme for the '
                         'original request, even if it was removed by an SSL '
                         'terminating proxy.'),
diff --git a/keystone/common/wsgi.py b/keystone/common/wsgi.py
index 8b07db96b7..04528a0c0c 100644
--- a/keystone/common/wsgi.py
+++ b/keystone/common/wsgi.py
@@ -210,8 +210,7 @@ class Application(BaseApplication):
 
         context['headers'] = dict(req.headers.items())
         context['path'] = req.environ['PATH_INFO']
-        scheme = (None if not CONF.secure_proxy_ssl_header
-                  else req.environ.get(CONF.secure_proxy_ssl_header))
+        scheme = req.environ.get(CONF.secure_proxy_ssl_header)
         if scheme:
             # NOTE(andrey-mp): "wsgi.url_scheme" contains the protocol used
             # before the proxy removed it ('https' usually). So if