diff --git a/NEWS b/NEWS
index 84a1c801..115e638f 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,7 @@ NEWS
   * fix bad shift in conditional netmask ".../0" handling
   * add more mime types and a script to generate mime.conf (fixes #2579)
   * add support for (Free)BSD extended attributes
+  * [build] use fortify flags with "extra-warnings"
 
 - 1.4.35 - 2014-03-12
   * [network/ssl] fix build error if TLSEXT is disabled
diff --git a/configure.ac b/configure.ac
index 48e6b527..e804030d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -23,6 +23,26 @@ AM_INIT_AUTOMAKE([-Wall -Wno-portability -Wno-override foreign dist-bzip2 tar-us
 dnl enable with --enable-silent-rules or make V=0 (needs automake >= 1.11)
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES])
 
+
+dnl @synopsis TRY_CFLAGS [compiler flags]
+dnl @summary check whether compiler supports given C flags and adds them to CFLAGS
+AC_DEFUN([TRY_CFLAGS],
+[dnl
+  AC_MSG_CHECKING([if $CC supports $1])
+  AC_LANG_PUSH([C])
+  ac_try_cflags_saved_cflags="${CFLAGS}"
+  CFLAGS="${CFLAGS} $1"
+  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
+    [AC_MSG_RESULT([yes])],
+    [
+      AC_MSG_ERROR([no])
+      CFLAGS="${ac_try_cflags_saved_cflags}"
+    ]
+  )
+  AC_LANG_POP([C])
+])
+
+
 dnl Checks for programs.
 AC_PROG_CC
 AM_PROG_CC_C_O
@@ -394,7 +414,7 @@ if test "$WITH_FAM" != "no"; then
   LIBS=$FAM_LIBS
   AC_CHECK_FUNCS([FAMNoExists])
   LIBS=$OLD_LIBS
-  
+
   if test x$FAM_LIBS = x; then
      AC_MSG_ERROR([fam/gamin-headers and/or libs where not found, install them or build with --without-fam])
   fi
@@ -622,7 +642,8 @@ AM_CONDITIONAL(CHECK_WITH_FASTCGI, test "x$fastcgi_found" = xyes)
 
 dnl check for extra compiler options (warning options)
 if test "${GCC}" = "yes"; then
-    CFLAGS="${CFLAGS} -Wall -W -Wshadow -pedantic -std=gnu99"
+  TRY_CFLAGS([-Wall -W -Wshadow -pedantic])
+  TRY_CFLAGS([-std=gnu99])
 fi
 
 AC_ARG_ENABLE(extra-warnings,
@@ -634,7 +655,7 @@ AC_ARG_ENABLE(extra-warnings,
   esac],[extrawarnings=false])
 
 if test x$extrawarnings = xtrue; then
-    CFLAGS="${CFLAGS} -g -O2 -g2 -Wall -Wmissing-declarations -Wdeclaration-after-statement -Wno-pointer-sign -Wcast-align -Winline -Wsign-compare -Wnested-externs -Wpointer-arith -Wl,--as-needed -Wformat-security"
+  TRY_CFLAGS([-g -O2 -g2 -Wall -Wmissing-declarations -Wdeclaration-after-statement -Wcast-align -Winline -Wsign-compare -Wnested-externs -Wpointer-arith -Wl,--as-needed -D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security])
 fi
 
 dnl build version-id
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 43deda09..d9087cb5 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -34,7 +34,7 @@ IF(CMAKE_COMPILER_IS_GNUCC)
 	OPTION(BUILD_EXTRA_WARNINGS "extra warnings")
 
 	IF(BUILD_EXTRA_WARNINGS)
-		SET(WARN_FLAGS "-g -g2 -Wall -Wmissing-declarations -Wdeclaration-after-statement -Wcast-align -Winline -Wsign-compare -Wnested-externs -Wpointer-arith -Wformat-security -Wl,--as-needed")
+		SET(WARN_FLAGS "-g -g2 -Wall -Wmissing-declarations -Wdeclaration-after-statement -Wcast-align -Winline -Wsign-compare -Wnested-externs -Wpointer-arith -Wl,--as-needed -D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security")
 		# -Werror -Wbad-function-cast -Wmissing-prototypes
 	ELSE(BUILD_EXTRA_WARNINGS)
 		SET(WARN_FLAGS "")