diff --git a/CHANGELOG b/CHANGELOG
index 4d2aa37c..c076b3de 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,10 +2,13 @@
 
 ## 0.9.0
 
+Release date: 2018-06-27
+
 * Change default charset from latin1 to utf8mb4.  (because MySQL 8 changed) (#692)
+* Support sha256_password and caching_sha2_password auth method (#682)
+* Add cryptography dependency, because it's needed for new auth methods.
 * Remove deprecated `no_delay` option (#694)
 * Support connection attributes (#679)
-* Support sha256_password and caching_sha2_password auth method (#682)
 * Map LOCK_DEADLOCK to OperationalError (#693)
 
 ## 0.8.1
diff --git a/pymysql/__init__.py b/pymysql/__init__.py
index 1a6ecc09..9fcfcd30 100644
--- a/pymysql/__init__.py
+++ b/pymysql/__init__.py
@@ -35,7 +35,7 @@
     DateFromTicks, TimeFromTicks, TimestampFromTicks)
 
 
-VERSION = (0, 8, 1, None)
+VERSION = (0, 9, 0, None)
 if VERSION[3] is not None:
     VERSION_STRING = "%d.%d.%d_%s" % VERSION
 else:
diff --git a/pymysql/_auth.py b/pymysql/_auth.py
index ddf6e4e5..8c3e6cd9 100644
--- a/pymysql/_auth.py
+++ b/pymysql/_auth.py
@@ -142,7 +142,7 @@ def sha2_rsa_encrypt(password, salt, public_key):
 
 
 def sha256_password_auth(conn, pkt):
-    if conn.ssl and conn.server_capabilities & CLIENT.SSL:
+    if conn._secure:
         if DEBUG:
             print("sha256: Sending plain password")
         data = conn.password + b'\0'
@@ -232,9 +232,9 @@ def caching_sha2_password_auth(conn, pkt):
     if DEBUG:
         print("caching sha2: Trying full auth...")
 
-    if conn.ssl and conn.server_capabilities & CLIENT.SSL:
+    if conn._secure:
         if DEBUG:
-            print("caching sha2: Sending plain password via SSL")
+            print("caching sha2: Sending plain password via secure connection")
         return _roundtrip(conn, conn.password + b'\0')
 
     if not conn.server_public_key:
diff --git a/pymysql/connections.py b/pymysql/connections.py
index 615c6146..1e580d21 100644
--- a/pymysql/connections.py
+++ b/pymysql/connections.py
@@ -179,6 +179,7 @@ class Connection(object):
     _sock = None
     _auth_plugin_name = ''
     _closed = False
+    _secure = False
 
     def __init__(self, host=None, user=None, password="",
                  database=None, port=0, unix_socket=None,
@@ -563,11 +564,12 @@ def connect(self, sock=None):
         self._closed = False
         try:
             if sock is None:
-                if self.unix_socket and self.host in ('localhost', '127.0.0.1'):
+                if self.unix_socket:
                     sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
                     sock.settimeout(self.connect_timeout)
                     sock.connect(self.unix_socket)
                     self.host_info = "Localhost via UNIX socket"
+                    self._secure = True
                     if DEBUG: print('connected using unix_socket')
                 else:
                     kwargs = {}
@@ -795,6 +797,7 @@ def _request_authentication(self):
 
             self._sock = self.ctx.wrap_socket(self._sock, server_hostname=self.host)
             self._rfile = _makefile(self._sock, 'rb')
+            self._secure = True
 
         data = data_init + self.user + b'\0'