2 files changed, 15 insertions, 5 deletions

diff --git a/src/client/QXmppConfiguration.h b/src/client/QXmppConfiguration.h
index 513075c3..0de57e79 100644
--- a/src/client/QXmppConfiguration.h
+++ b/src/client/QXmppConfiguration.h
@@ -53,10 +53,11 @@ public:
     /// Depending upon all this user can specify following options.
     enum StreamSecurityMode
     {
-        TLSEnabled = 0, ///< Encryption is used if available (default)
-        TLSDisabled,    ///< No encryption is server allows
-        TLSRequired     ///< Encryption is a must otherwise connection would not
-                        ///< be established
+        TLSEnabled = 0, ///< Encryption is used if available (default).
+        TLSDisabled,    ///< No encryption even if the server offers it.
+        TLSRequired,    ///< Encryption must be available, otherwise the
+                        ///< connection will not be established.
+        LegacySSL       ///< Use only legacy SSL mode.
     };
 
     /// An enumeration for various Non-SASL authentication mechanisms available.
diff --git a/src/client/QXmppOutgoingClient.cpp b/src/client/QXmppOutgoingClient.cpp
index 0ee1d1af..666b0365 100644
--- a/src/client/QXmppOutgoingClient.cpp
+++ b/src/client/QXmppOutgoingClient.cpp
@@ -129,7 +129,16 @@ void QXmppOutgoingClientPrivate::connectToHost(const QString &host, quint16 port
 #endif
 
     // connect to host
-    q->socket()->connectToHost(host, port);
+    const QXmppConfiguration::StreamSecurityMode localSecurity = q->configuration().streamSecurityMode();
+    if (localSecurity == QXmppConfiguration::LegacySSL) {
+        if (!q->socket()->supportsSsl()) {
+            q->warning("Not connecting as legacy SSL was requested, but SSL support is not available");
+            return;
+        }
+        q->socket()->connectToHostEncrypted(host, port);
+    } else {
+        q->socket()->connectToHost(host, port);
+    }
 }
 
 /// Constructs an outgoing client stream.