+diff --git a/main.c b/main.c
+--- a/main.c
++++ b/main.c
+@@ -79,6 +79,9 @@ extern char *password_file;
+ extern char curr_dir[MAXPATHLEN];
+ extern struct file_list *first_flist;
+ extern struct filter_list_struct daemon_filter_list;
++#ifdef HAVE_OPENSSL
++extern int use_ssl;
++#endif
+
+ uid_t our_uid;
+ int am_receiver = 0; /* Only set to 1 after the receiver/generator fork. */
+@@ -137,6 +140,52 @@ pid_t wait_process(pid_t pid, int *status_ptr, int flags)
+ return waited_pid;
+ }
+
++/* Sends signal "signo", waits for the process to die, and if it doesn't, sends
++ * a SIGKILL. If "graceful" is set, the initial "signo" signal is delayed by a
++ * second to try to let the process exit on its own first. */
++pid_t terminate_process(pid_t pid, int *status_ptr, int signo, int graceful)
++{
++ pid_t waited_pid;
++ int timeout = graceful ? 1000 : 3000;
++ if (!graceful)
++ kill(pid, signo);
++ while (1) {
++ waited_pid = wait_process(pid, status_ptr, timeout >= 0 ? WNOHANG : 0);
++ if (waited_pid)
++ break;
++ if (timeout == 0) {
++ if (graceful) {
++ graceful = 0;
++ timeout = 3000;
++ } else {
++ signo = SIGKILL;
++ timeout = -1;
++ }
++ rprintf(FINFO, "%s:%s shutdown didn't work - sending signal %d\n",
++ __FUNCTION__, graceful ? " graceful" : "", signo);
++ kill(pid, signo);
++ }
++
++ if (timeout > 0) {
++ /* interruptible wait and calculate the time left for waiting */
++ struct timeval tval, t1, t2;
++
++ gettimeofday(&t1, NULL);
++
++ tval.tv_sec = timeout/1000;
++ tval.tv_usec = (timeout%1000)*1000;
++ select(0, NULL, NULL, NULL, &tval);
++ gettimeofday(&t2, NULL);
++
++ timeout -= (t2.tv_sec-t1.tv_sec)*1000 + (t2.tv_usec-t1.tv_usec)/1000;
++ if (timeout < 0)
++ timeout = 0;
++ }
++ }
++
++ return waited_pid;
++}
++
+ /* Wait for a process to exit, calling io_flush while waiting. */
+ static void wait_process_with_flush(pid_t pid, int *exit_code_ptr)
+ {
+@@ -727,6 +776,11 @@ static void do_server_sender(int f_in, int f_out, int argc, char *argv[])
+ argv[0] = ".";
+ }
+
++#ifdef HAVE_OPENSSL
++ if (use_ssl)
++ start_tls_buffering();
++#endif
++
+ flist = send_file_list(f_out,argc,argv);
+ if (!flist || flist->used == 0)
+ exit_cleanup(0);
+@@ -828,6 +882,10 @@ static int do_recv(int f_in, int f_out, char *local_name)
+ close(f_in);
+
+ io_start_buffering_out(f_out);
++#ifdef HAVE_OPENSSL
++ if (use_ssl)
++ start_tls_buffering();
++#endif
+
+ set_msg_fd_in(error_pipe[0]);
+ io_start_buffering_in(error_pipe[0]);
+@@ -1022,6 +1080,10 @@ int client_run(int f_in, int f_out, pid_t pid, int argc, char *argv[])
+ io_start_buffering_out(f_out);
+ if (!filesfrom_host)
+ set_msg_fd_in(f_in);
++#ifdef HAVE_OPENSSL
++ if (use_ssl)
++ start_tls_buffering();
++#endif
+ send_filter_list(f_out);
+ if (filesfrom_host)
+ filesfrom_fd = f_in;
+diff --git a/options.c b/options.c
+--- a/options.c
++++ b/options.c
+@@ -183,6 +183,14 @@ int logfile_format_has_o_or_i = 0;