--- a/configure.ac	Thu Nov 17 17:13:09 2016 +0200
+++ b/configure.ac	Mon Oct 31 10:49:38 2016 +0000
@@ -1706,6 +1706,29 @@
     have_ssl="yes (OpenSSL)"
     build_dcrypt_openssl="no"
 
+    # SSL_clear_options introduced in openssl 0.9.8m but may be backported to
+    # older versions in "enterprise" OS releases; originally implemented as a
+    # macro but as a function in more recent openssl versions
+    AC_CACHE_CHECK([whether SSL_clear_options exists],i_cv_have_ssl_clear_options,[
+      old_LIBS=$LIBS
+      LIBS="$LIBS -lssl"
+      AC_TRY_LINK([
+	#include <openssl/ssl.h>
+      ], [
+	SSL *ssl;
+	long options;
+	SSL_clear_options(ssl, options);
+      ], [
+	i_cv_have_ssl_clear_options=yes
+      ], [
+	i_cv_have_ssl_clear_options=no
+      ])
+      LIBS=$old_LIBS
+    ])
+    if test $i_cv_have_ssl_clear_options = yes; then
+      AC_DEFINE(HAVE_SSL_CLEAR_OPTIONS,, [Define if you have SSL_clear_options])
+    fi
+
     AC_CHECK_LIB(ssl, SSL_get_current_compression, [
       AC_DEFINE(HAVE_SSL_COMPRESSION,, [Build with OpenSSL compression])
     ],, $SSL_LIBS)

--- a/src/lib-ssl-iostream/iostream-openssl.c	Thu Nov 17 17:13:09 2016 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl.c	Mon Oct 31 10:49:38 2016 +0000
@@ -163,7 +163,9 @@
 	if (set->prefer_server_ciphers)
 		SSL_set_options(ssl_io->ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
 	if (set->protocols != NULL) {
+#if defined(HAVE_SSL_CLEAR_OPTIONS)
 		SSL_clear_options(ssl_io->ssl, OPENSSL_ALL_PROTOCOL_OPTIONS);
+#endif
 		SSL_set_options(ssl_io->ssl,
 				openssl_get_protocol_options(set->protocols));
 	}