1 diff -ruNp curl.orig/lib/nss.c curl/lib/nss.c
2 --- curl.orig/lib/nss.c 2009-03-04 17:54:28.459240000 +0100
3 +++ curl/lib/nss.c 2009-03-18 11:38:34.245797020 +0100
4 @@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = {
8 +/* following ciphers are new in NSS 3.4 and not enabled by default, therefor
9 + they are enabled explicitly */
10 +static const int enable_ciphers_by_default[] = {
11 + TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
12 + TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
13 + TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
14 + TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
15 + TLS_RSA_WITH_AES_128_CBC_SHA,
16 + TLS_RSA_WITH_AES_256_CBC_SHA,
17 + SSL_NULL_WITH_NULL_NULL
20 #ifdef HAVE_PK11_CREATEGENERICOBJECT
21 static const char* pem_library = "libnsspem.so";
23 @@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connect
27 + const int *cipher_to_enable;
29 curlerr = CURLE_SSL_CONNECT_ERROR;
31 @@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connect
32 if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
35 + /* enable all ciphers from enable_ciphers_by_default */
36 + cipher_to_enable = enable_ciphers_by_default;
37 + while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
38 + if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
39 + curlerr = CURLE_SSL_CIPHER;
45 if(data->set.ssl.cipher_list) {
46 if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
47 curlerr = CURLE_SSL_CIPHER;