diff --git a/mix.exs b/mix.exs
index d5d7a13f6..c1af5a18a 100644
--- a/mix.exs
+++ b/mix.exs
@@ -114,7 +114,7 @@ defmodule Ejabberd.MixProject do
      {:p1_utils, "~> 1.0"},
      {:pkix, "~> 1.0"},
      {:stringprep, ">= 1.0.26"},
-     {:xmpp, git: "https://github.com/processone/xmpp.git", ref: "26dd833dcf66ebb790d9afe212b7a26f3a6c2328", override: true},
+     {:xmpp, git: "https://github.com/processone/xmpp.git", ref: "db6d730f0e1cd36645c32d7c7e89e19bb27642e3", override: true},
      {:yconf, "~> 1.0"}]
     ++ cond_deps()
   end
diff --git a/mix.lock b/mix.lock
index f3de83b82..27029c1fd 100644
--- a/mix.lock
+++ b/mix.lock
@@ -43,6 +43,6 @@
   "stringprep": {:hex, :stringprep, "1.0.29", "02f23e8c3a219a3dfe40a22e908bece3a2f68af0ff599ea8a7b714ecb21e62ee", [:rebar3], [{:p1_utils, "1.0.25", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "928eba304c3006eb1512110ebd7b87db163b00859a09375a1e4466152c6c462a"},
   "stun": {:hex, :stun, "1.2.10", "53f8be69e14f9476dcaf1dfb626b9dad2380f3fba8faf2c30bdf74311cfdc008", [:rebar3], [{:fast_tls, "1.1.16", [hex: :fast_tls, repo: "hexpm", optional: false]}, {:p1_utils, "1.0.25", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "19d3eecbfcc6935f0880f8ef7e77ff373900c604092937a1acda166ae3fb40e9"},
   "unicode_util_compat": {:hex, :unicode_util_compat, "0.4.1", "d869e4c68901dd9531385bb0c8c40444ebf624e60b6962d95952775cac5e90cd", [:rebar3], [], "hexpm", "1d1848c40487cdb0b30e8ed975e34e025860c02e419cb615d255849f3427439d"},
-  "xmpp": {:git, "https://github.com/processone/xmpp.git", "ded8be8c169487688b11130eda566b1377ab3301", [ref: "ded8be8c169487688b11130eda566b1377ab3301"]},
+  "xmpp": {:git, "https://github.com/processone/xmpp.git", "db6d730f0e1cd36645c32d7c7e89e19bb27642e3", [ref: "db6d730f0e1cd36645c32d7c7e89e19bb27642e3"]},
   "yconf": {:hex, :yconf, "1.0.15", "e22998b3d7728270bdd06162a9515bd142b14fae8927cbdbd3ef639c32aa6f7a", [:rebar3], [{:fast_yaml, "1.0.36", [hex: :fast_yaml, repo: "hexpm", optional: false]}], "hexpm", "7ff2ab24d3c9833842716b9aaaa01a8f96641a7695cbb701b03445c4def01117"},
 }
diff --git a/rebar.config b/rebar.config
index 56b5ccab1..bca63ad41 100644
--- a/rebar.config
+++ b/rebar.config
@@ -77,7 +77,7 @@
         {stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.29"}}},
         {if_var_true, stun,
          {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.2.10"}}}},
-        {xmpp, ".*", {git, "https://github.com/processone/xmpp", "26dd833dcf66ebb790d9afe212b7a26f3a6c2328"}},
+        {xmpp, ".*", {git, "https://github.com/processone/xmpp", "db6d730f0e1cd36645c32d7c7e89e19bb27642e3"}},
         {yconf, ".*", {git, "https://github.com/processone/yconf", {tag, "1.0.15"}}}
        ]}.
 
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index de246cbae..1a21cebdb 100644
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -43,7 +43,7 @@
 	 handle_recv/3, handle_cdata/2, handle_unbinded_packet/2,
 	 inline_stream_features/1, handle_sasl2_inline/2,
 	 handle_sasl2_inline_post/3, handle_bind2_inline/2,
-	 handle_bind2_inline_post/3]).
+	 handle_bind2_inline_post/3, sasl_options/1]).
 %% Hooks
 -export([handle_unexpected_cast/2, handle_unexpected_call/3,
 	 process_auth_result/3, reject_unauthenticated_packet/2,
@@ -418,6 +418,12 @@ sasl_mechanisms(Mechs, #{lserver := LServer, stream_encrypted := Encrypted} = St
 	 (_) -> false
       end, Mechs -- Mechs1).
 
+sasl_options(#{lserver := LServer}) ->
+    case ejabberd_option:disable_sasl_scram_downgrade_protection(LServer) of
+	true -> [{scram_downgrade_protection, false}];
+	_ -> []
+    end.
+
 get_password_fun(_Mech, #{lserver := LServer}) ->
     fun(U) ->
 	    ejabberd_auth:get_password_with_authmodule(U, LServer)
diff --git a/src/ejabberd_option.erl b/src/ejabberd_option.erl
index cc706d14e..e7dc04da0 100644
--- a/src/ejabberd_option.erl
+++ b/src/ejabberd_option.erl
@@ -40,6 +40,7 @@
 -export([default_ram_db/0, default_ram_db/1]).
 -export([define_macro/0, define_macro/1]).
 -export([disable_sasl_mechanisms/0, disable_sasl_mechanisms/1]).
+-export([disable_sasl_scram_downgrade_protection/0, disable_sasl_scram_downgrade_protection/1]).
 -export([domain_balancing/0]).
 -export([ext_api_headers/0, ext_api_headers/1]).
 -export([ext_api_http_pool_size/0, ext_api_http_pool_size/1]).
@@ -384,6 +385,13 @@ disable_sasl_mechanisms() ->
 disable_sasl_mechanisms(Host) ->
     ejabberd_config:get_option({disable_sasl_mechanisms, Host}).
 
+-spec disable_sasl_scram_downgrade_protection() -> boolean().
+disable_sasl_scram_downgrade_protection() ->
+    disable_sasl_scram_downgrade_protection(global).
+-spec disable_sasl_scram_downgrade_protection(global | binary()) -> boolean().
+disable_sasl_scram_downgrade_protection(Host) ->
+    ejabberd_config:get_option({disable_sasl_scram_downgrade_protection, Host}).
+
 -spec domain_balancing() -> #{binary()=>#{'component_number'=>1..1114111, 'type'=>'bare_destination' | 'bare_source' | 'destination' | 'random' | 'source'}}.
 domain_balancing() ->
     ejabberd_config:get_option({domain_balancing, global}).
diff --git a/src/ejabberd_options.erl b/src/ejabberd_options.erl
index 787d03628..43f334a0d 100644
--- a/src/ejabberd_options.erl
+++ b/src/ejabberd_options.erl
@@ -140,6 +140,8 @@ opt_type(default_ram_db) ->
     econf:enum([mnesia, sql, redis]);
 opt_type(define_macro) ->
     econf:any();
+opt_type(disable_sasl_scram_downgrade_protection) ->
+    econf:bool();
 opt_type(disable_sasl_mechanisms) ->
     econf:list_or_single(
       econf:and_then(
@@ -563,6 +565,7 @@ options() ->
      {cluster_backend, mnesia},
      {cluster_nodes, []},
      {define_macro, []},
+     {disable_sasl_scram_downgrade_protection, false},
      {disable_sasl_mechanisms, []},
      {domain_balancing, #{}},
      {ext_api_headers, <<>>},
diff --git a/src/ejabberd_options_doc.erl b/src/ejabberd_options_doc.erl
index c93a771fe..25edecf80 100644
--- a/src/ejabberd_options_doc.erl
+++ b/src/ejabberd_options_doc.erl
@@ -552,6 +552,16 @@ doc() ->
              "",
              "acl:",
              "  admin: USERBOB"]}},
+      {disable_sasl_scram_downgrade_protection,
+          #{value => "true | false",
+              desc =>
+                ?T("Allows to disable sending data required by "
+                "'XEP-0474: SASL SCRAM Downgrade Protection'. "
+                "There are known buggy clients (like those that use strophejs 1.6.2) "
+                "which will not be able to authenticatate when servers sends data from "
+                "that specification. This options allows server to disable it to allow "
+                "even buggy clients connects, but in exchange decrease MITM protection. "
+                "The default value of this option is 'false' which enables this extension.")}},
      {disable_sasl_mechanisms,
       #{value => "[Mechanism, ...]",
         desc =>