diff -pur ../cyrus-imapd-2.4.17.orig/doc/man/imapd.conf.5.html ./doc/man/imapd.conf.5.html
--- ../cyrus-imapd-2.4.17.orig/doc/man/imapd.conf.5.html	2014-10-16 19:03:21.233747994 +0200
+++ ./doc/man/imapd.conf.5.html	2014-10-16 19:06:03.391761270 +0200
@@ -2162,6 +2162,12 @@ false</p>
 <p style="margin-left:18%;">This disables support for SSLv2
 and SSLv3</p>
 
+<p style="margin-left:11%;"><b>tls_honor_cipher_order:</b>
+false</p>
+
+<p style="margin-left:18%;">Enables honoring cipher order
+as specified using tls_cipher_list</p>
+
 <p style="margin-left:11%;"><b>umask:</b> 077</p>
 
 <p style="margin-left:18%;">The umask value used by various
diff -pur ../cyrus-imapd-2.4.17.orig/imap/tls.c ./imap/tls.c
--- ../cyrus-imapd-2.4.17.orig/imap/tls.c	2014-10-16 19:03:21.423748396 +0200
+++ ./imap/tls.c	2014-10-16 19:09:17.987723762 +0200
@@ -724,6 +724,12 @@ int     tls_init_serverengine(const char
 	return (-1);
     }
 
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+    if (config_getswitch(IMAPOPT_TLS_HONOR_CIPHER_ORDER)) {
+        SSL_CTX_set_options(s_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+    }
+#endif
+
     CAfile = config_getstring(IMAPOPT_TLS_CA_FILE);
     CApath = config_getstring(IMAPOPT_TLS_CA_PATH);
 
diff -pur ../cyrus-imapd-2.4.17.orig/lib/imapoptions ./lib/imapoptions
--- ../cyrus-imapd-2.4.17.orig/lib/imapoptions	2014-10-16 19:03:21.350748639 +0200
+++ ./lib/imapoptions	2014-10-16 19:06:49.686731123 +0200
@@ -1415,6 +1415,9 @@ product version in the capabilities */
 { "tls_tlsonly", 0, SWITCH }
 /* Disables use of SSLv2 and SSLv3 */
 
+{ "tls_honor_cipher_order", 0, SWITCH }
+/* Honor cipher order as specified in tls_cipher_list */
+
 { "umask", "077", STRING }
 /* The umask value used by various Cyrus IMAP programs. */