From e6ee3569256654957d3550b2e8a32e1e911ca61c Mon Sep 17 00:00:00 2001
From: Tom Li <biergaizi2009@gmail.com>
Date: Mon, 2 Feb 2015 17:37:15 +0800
Subject: [PATCH] tls: respect the order of specified ciphers.

Signed-off-by: Tom Li <biergaizi2009@gmail.com>
---
 plugins/tls | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/plugins/tls b/plugins/tls
index c04107c..21ef474 100644
--- a/plugins/tls
+++ b/plugins/tls
@@ -94,7 +94,8 @@ sub init {
                                         SSL_key_file    => $self->tls_key,
                                         SSL_ca_file     => $self->tls_ca,
                                         SSL_cipher_list => $self->tls_ciphers,
-                                        SSL_server      => 1
+                                        SSL_server      => 1,
+                                        SSL_honor_cipher_order => 1
                                        )
       or die "Could not create SSL context: $!";
 
@@ -195,6 +196,7 @@ sub _convert_to_ssl {
                                        SSL_cipher_list => $self->tls_ciphers,
                                        SSL_server      => 1,
                                        SSL_reuse_ctx   => $self->ssl_context,
+                                       SSL_honor_cipher_order => 1
                                       )
           or die "Could not create SSL socket: $!";
 
@@ -295,6 +297,7 @@ sub upgrade_socket {
                 SSL_startHandshake => 0,
                 SSL_server         => 1,
                 SSL_reuse_ctx   => $sp->ssl_context,
+                SSL_honor_cipher_order => 1
             }
         )
         or die "Could not upgrade socket to SSL: $!";