Index: net/third_party/nss/ssl/ssl3con.c |
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c |
index c2d9eeb4ec2a55617ead4ece7bfdda072b529004..ddb8232b9c64fa138d200de276449f2234b34628 100644 |
--- a/net/third_party/nss/ssl/ssl3con.c |
+++ b/net/third_party/nss/ssl/ssl3con.c |
@@ -12423,6 +12423,44 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled) |
return rv; |
} |
+SECStatus |
+ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphers, unsigned int len) |
+{ |
+ unsigned int i; |
+ |
+ for (i = 0; i < len; i++) { |
+ PRUint16 id = ciphers[i]; |
+ unsigned int existingIndex, j; |
+ PRBool found = PR_FALSE; |
+ |
+ for (j = i; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
+ if (ss->cipherSuites[j].cipher_suite == id) { |
+ existingIndex = j; |
+ found = PR_TRUE; |
+ break; |
+ } |
+ } |
+ |
+ if (!found) { |
+ PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); |
+ return SECFailure; |
+ } |
+ |
+ if (existingIndex != i) { |
+ const ssl3CipherSuiteCfg temp = ss->cipherSuites[i]; |
+ ss->cipherSuites[i] = ss->cipherSuites[existingIndex]; |
+ ss->cipherSuites[existingIndex] = temp; |
+ } |
+ } |
+ |
+ /* Disable all cipher suites that weren't included. */ |
+ for (; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
+ ss->cipherSuites[i].enabled = 0; |
+ } |
+ |
+ return SECSuccess; |
+} |
+ |
/* copy global default policy into socket. */ |
void |
ssl3_InitSocketPolicy(sslSocket *ss) |