diff -Nur ./program/lib/imap.inc ../roundcubemail-0.2.1.new/program/lib/imap.inc
--- ./program/lib/imap.inc	2009-03-06 09:12:41.000000000 +0000
+++ ../roundcubemail-0.2.1.new/program/lib/imap.inc	2009-04-23 18:27:24.000000000 +0100
@@ -349,6 +349,12 @@
 	return strtr($string, array('\\"'=>'"', '\\\\' => '\\')); 
 }
 
+function iil_C_ClearCapability(&$conn)
+{
+	$conn->capability = array();
+	$conn->capability_readed = false;
+}
+
 function iil_C_GetCapability(&$conn, $name)
 {
 	if (in_array($name, $conn->capability)) {
@@ -623,6 +629,28 @@
 		$conn->capability = explode(' ', strtoupper($matches[1]));
 	}
 
+	if (iil_C_GetCapability($conn, 'STARTTLS')) {
+        	if (version_compare(PHP_VERSION, '5.1.0', '>=')) {
+               		iil_PutLine($conn->fp, 'stls000 starttls');
+
+			$line = iil_ReadLine($conn->fp, 4096);
+                	if (!iil_StartsWith($line, 'stls000 OK')) {
+				$iil_error = "Server responded to STARTTLS with: $line";
+				$iil_errornum = -2;
+                    		return false;
+                	}
+
+			if (!stream_socket_enable_crypto($conn->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
+				$iil_error = "Unable to negotiate TLS";
+				$iil_errornum = -2;
+				return false;
+			}
+			
+			/* Now we're authenticated, capabilities need to be reread */
+			iil_C_ClearCapability($conn);
+        	}
+	}
+
 	$conn->message .= $line;
 
 	if (strcasecmp($auth_method, "check") == 0) {