diff --git a/src/common/config.py b/src/common/config.py
index f5ee4dd260382fc1d9ba2edff63d0e05f6222c26..739d3f7d1c1cd86d39e3e3b75e4ea29cae4fbf1b 100644
--- a/src/common/config.py
+++ b/src/common/config.py
@@ -351,6 +351,7 @@ class Config:
                     'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')],
                     'tls_version': [ opt_str, '1.0', '' ],
                     'cipher_list': [ opt_str, 'HIGH:!aNULL:RC4-SHA', '' ],
+                    'authentication_mechanisms': [ opt_str, '', _('List (space separated) of authentication mechanisms to try. Can contain ANONYMOUS, EXTERNAL, GSSAPI, SCRAM-SHA-1-PLUS, SCRAM-SHA-1, DIGEST-MD5, PLAIN, X-MESSENGER-OAUTH2 or XEP-0078') ],
                     'action_when_plaintext_connection': [ opt_str, 'warn', _('Show a warning dialog before sending password on an plaintext connection. Can be \'warn\', \'connect\', \'disconnect\'') ],
                     'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ],
                     'warn_when_insecure_password': [ opt_bool, True, _('Show a warning dialog before sending PLAIN password over a plain connection.') ],
diff --git a/src/common/connection.py b/src/common/connection.py
index 170b2984528370359aa3238588a73b9ef636cfb8..3b260ba5ae5f0f948229da2797ac9839602a09ac 100644
--- a/src/common/connection.py
+++ b/src/common/connection.py
@@ -1465,8 +1465,15 @@ class Connection(CommonConnection, ConnectionHandlers):
                 return True
 
         self._register_handlers(con, con_type)
+        auth_mechs = gajim.config.get_per('accounts', self.name, 'authentication_mechanisms')
+        auth_mechs = auth_mechs.split()
+        for mech in auth_mechs:
+            if mech not in nbxmpp.auth_nb.SASL_AUTHENTICATION_MECHANISMS | set(['XEP-0078']):
+                log.warning("Unknown authentication mechanisms %s" % mech)
+        if len(auth_mechs) == 0:
+            auth_mechs = None
         con.auth(user=name, password=self.password,
-            resource=self.server_resource, sasl=1, on_auth=self.__on_auth)
+            resource=self.server_resource, sasl=True, on_auth=self.__on_auth, auth_mechs=auth_mechs)
 
     def ssl_certificate_accepted(self):
         if not self.connection: