diff --git a/legacy/ecore/ChangeLog b/legacy/ecore/ChangeLog
index 793a600668..d62ec30d5e 100644
--- a/legacy/ecore/ChangeLog
+++ b/legacy/ecore/ChangeLog
@@ -384,3 +384,7 @@
 2011-12-05 Mike Blumenkrantz
 
         * added ecore_con_socks api
+
+2011-12-07 Mike Blumenkrantz
+
+        * Allow SSL certificates to be loaded for STARTTLS
diff --git a/legacy/ecore/NEWS b/legacy/ecore/NEWS
index 6fff5308d6..bfce1ebba9 100644
--- a/legacy/ecore/NEWS
+++ b/legacy/ecore/NEWS
@@ -14,6 +14,8 @@ Additions:
 Improvements:
     * ecore:
      - most allocations moved to mempools
+    * ecore_con:
+     - certificates can now be added for STARTTTLS
     * ecore_win32:
      - fix modifiers value on Windows XP
 
diff --git a/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c b/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c
index 1ef92c5f09..3b528464c0 100644
--- a/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c
+++ b/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c
@@ -375,6 +375,14 @@ ecore_con_ssl_server_cert_add(Ecore_Con_Server *svr,
         return EINA_FALSE;
      }
 
+   if (!svr->ssl_prepared)
+     {
+        svr->use_cert = EINA_TRUE;
+        svr->type |= ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT;
+        if (ecore_con_ssl_server_prepare(svr, svr->type & ECORE_CON_SSL))
+          return EINA_FALSE;
+     }
+
    return SSL_SUFFIX(_ecore_con_ssl_server_cert_add) (svr, cert);
 }
 
@@ -398,6 +406,14 @@ ecore_con_ssl_server_cafile_add(Ecore_Con_Server *svr,
         return EINA_FALSE;
      }
 
+   if (!svr->ssl_prepared)
+     {
+        svr->use_cert = EINA_TRUE;
+        svr->type |= ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT;
+        if (ecore_con_ssl_server_prepare(svr, svr->type & ECORE_CON_SSL))
+          return EINA_FALSE;
+     }
+
    return SSL_SUFFIX(_ecore_con_ssl_server_cafile_add) (svr, ca_file);
 }
 
@@ -422,6 +438,14 @@ ecore_con_ssl_server_privkey_add(Ecore_Con_Server *svr,
         return EINA_FALSE;
      }
 
+   if (!svr->ssl_prepared)
+     {
+        svr->use_cert = EINA_TRUE;
+        svr->type |= ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT;
+        if (ecore_con_ssl_server_prepare(svr, svr->type & ECORE_CON_SSL))
+          return EINA_FALSE;
+     }
+
    return SSL_SUFFIX(_ecore_con_ssl_server_privkey_add) (svr, key_file);
 }
 
@@ -446,6 +470,14 @@ ecore_con_ssl_server_crl_add(Ecore_Con_Server *svr,
         return EINA_FALSE;
      }
 
+   if (!svr->ssl_prepared)
+     {
+        svr->use_cert = EINA_TRUE;
+        svr->type |= ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT;
+        if (ecore_con_ssl_server_prepare(svr, svr->type & ECORE_CON_SSL))
+          return EINA_FALSE;
+     }
+
    return SSL_SUFFIX(_ecore_con_ssl_server_crl_add) (svr, crl_file);
 }
 
@@ -480,7 +512,8 @@ ecore_con_ssl_server_upgrade(Ecore_Con_Server *svr, Ecore_Con_Type ssl_type)
         if (ecore_con_ssl_server_prepare(svr, ssl_type))
           return EINA_FALSE;
      }
-   svr->type |= ssl_type;
+   if (!svr->use_cert)
+     svr->type |= ssl_type;
    svr->upgrade = EINA_TRUE;
    svr->handshaking = EINA_TRUE;
    svr->ssl_state = ECORE_CON_SSL_STATE_INIT;
@@ -517,7 +550,8 @@ ecore_con_ssl_client_upgrade(Ecore_Con_Client *cl, Ecore_Con_Type ssl_type)
         if (ecore_con_ssl_server_prepare(cl->host_server, ssl_type))
           return EINA_FALSE;
      }
-   cl->host_server->type |= ssl_type;
+   if (!cl->host_server->use_cert)
+     cl->host_server->type |= ssl_type;
    cl->upgrade = EINA_TRUE;
    cl->host_server->upgrade = EINA_TRUE;
    cl->handshaking = EINA_TRUE;