@@ -59,10 +59,11 @@
 	self = [super init];
 
 	@try {
 		sock = [[OFTCPSocket alloc] init];
 		port = 5222;
+		encrypted = NO;
 	} @catch (id e) {
 		[self release];
 		@throw e;
 	}
 
@@ -325,10 +326,15 @@
 
 - (OFTCPSocket*)socket
 {
 	return [[sock retain] autorelease];
 }
+
+- (BOOL)encrypted
+{
+	return encrypted;
+}
 
 - (void)sendStanza: (OFXMLElement*)element
 {
 	of_log(@"Out: %@", element);
 	[sock writeString: [element XMLString]];
@@ -574,10 +580,12 @@
 			[delegate connectionWillUpgradeToTLS: self];
 
 		newSock = [[SSLSocket alloc] initWithSocket: sock];
 		[sock release];
 		sock = newSock;
+
+		encrypted = YES;
 
 		if ([delegate respondsToSelector:
 		    @selector(connectionDidUpgradeToTLS:)])
 			[delegate connectionDidUpgradeToTLS: self];
 
@@ -708,21 +716,34 @@
 		OFXMLElement *mech;
 
 		enumerator = [[mechs children] objectEnumerator];
 		while ((mech = [enumerator nextObject]) != nil)
 			[mechanisms addObject: [mech stringValue]];
+
+		if ([mechanisms containsObject: @"SCRAM-SHA-1-PLUS"]) {
+			authModule = [[XMPPSCRAMAuth alloc]
+			    initWithAuthcid: username
+				   password: password
+				 connection: self
+				       hash: [OFSHA1Hash class]
+			      plusAvailable: YES];
+			[self XMPP_sendAuth: @"SCRAM-SHA-1-PLUS"];
+			return;
+		}
 
 		if ([mechanisms containsObject: @"SCRAM-SHA-1"]) {
 			authModule = [[XMPPSCRAMAuth alloc]
 			    initWithAuthcid: username
 				   password: password
-				       hash: [OFSHA1Hash class]];
+				 connection: self
+				       hash: [OFSHA1Hash class]
+			      plusAvailable: NO];
 			[self XMPP_sendAuth: @"SCRAM-SHA-1"];
 			return;
 		}
 
-		if ([mechanisms containsObject: @"PLAIN"]) {
+		if ([mechanisms containsObject: @"PLAIN"] && encrypted) {
 			authModule = [[XMPPPLAINAuth alloc]
 			    initWithAuthcid: username
 				   password: password];
 			[self XMPP_sendAuth: @"PLAIN"];
 			return;