Index: third_party/tlslite/patches/client_cipher_preferences.patch |
diff --git a/third_party/tlslite/patches/client_cipher_preferences.patch b/third_party/tlslite/patches/client_cipher_preferences.patch |
new file mode 100644 |
index 0000000000000000000000000000000000000000..971939cabeb1c0f9e437ff60bb3dddfece77d51e |
--- /dev/null |
+++ b/third_party/tlslite/patches/client_cipher_preferences.patch |
@@ -0,0 +1,18 @@ |
+diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py |
+index b9797d2..20cd85b 100755 |
+--- a/third_party/tlslite/tlslite/tlsconnection.py |
++++ b/third_party/tlslite/tlslite/tlsconnection.py |
+@@ -1386,10 +1386,9 @@ class TLSConnection(TLSRecordLayer): |
+ #the only time we won't use it is if we're resuming a |
+ #session, in which case we use the ciphersuite from the session. |
+ # |
+- #Given the current ciphersuite ordering, this means we prefer SRP |
+- #over non-SRP. |
+- for cipherSuite in cipherSuites: |
+- if cipherSuite in clientHello.cipher_suites: |
++ #Use the client's preferences for now. |
++ for cipherSuite in clientHello.cipher_suites: |
++ if cipherSuite in cipherSuites: |
+ break |
+ else: |
+ for result in self._sendError(\ |