--- a/managesieve_test.go	Tue Feb 09 21:28:13 2021 +0100
+++ b/managesieve_test.go	Tue Feb 09 23:01:02 2021 +0100
@@ -791,6 +791,45 @@
 	}
 }
 
+// capabilities sent by the server after negotiating a secure SASL-layer
+var authCapabilitiesResponse string = `"IMPLEMENTATION" "Example"
+"SASL" "PLAIN TEST"
+"SIEVE" "fileinto vacation"
+"StARTTLS"
+"VERSION" "1.0"
+OK
+"cXV1eCxnYXJwbHk="
+"d2FsZG8sZnJlZA=="
+OK (SASL "eHl6enkgdGh1ZA==")
+"IMPLEMENTATION" "Example"
+"SASL" "PLAIN TEST"
+"SIEVE" "fileinto vacation"
+"StARTTLS"
+"VERSION" "1.0"
+OK
+"default"
+OK
+`
+
+func TestAuthCapabilitiesResponse(t *testing.T) {
+	conn := newFakeConn(authCapabilitiesResponse)
+	c, err := managesieve.NewClient(conn, "localhost")
+	if err != nil {
+		t.Fatalf("failed to create client: %s", err)
+	}
+
+	auth := &testAuth{}
+	if err = c.Authenticate(auth); err != nil {
+		t.Fatalf("failed to authenticate: %s", err)
+	}
+
+	if scripts, _, err := c.ListScripts(); err != nil {
+		t.Fatalf("failed to list scripts after authentication: %s", err)
+	} else if len(scripts) != 1 {
+		t.Fatalf("expected list of scripts but got none")
+	}
+}
+
 // authentication failure due to invalid credentials
 func TestPlainAuthDenied(t *testing.T) {
 	conn := newFakeConn(minimalServer +
@@ -886,6 +925,10 @@
 	return resp, nil
 }
 
+func (a *testAuth) SASLSecurityLayer() bool {
+	return true
+}
+
 // authentication using a custom authentication method
 func TestCustomAuth(t *testing.T) {
 	conn := newFakeConn(customAuthServer)
@@ -975,6 +1018,7 @@
 	if _, ok := err.(managesieve.ParserError); !ok {
 		t.Fatalf("expected managesieve.ParserError, got %T (%q)", err, err)
 	}
+
 }
 
 // response to aborted SASL authentication is not NO