Matúš Honěk 22dbdbf
Use what NSS considers default for DEFAULT cipher string.
Matúš Honěk 22dbdbf
Matúš Honěk 22dbdbf
Author: Matus Honek <mhonek@redhat.com>
Matúš Honěk 22dbdbf
Resolves: #1387868
Matúš Honěk 22dbdbf
Backports: #1245279 #1300701
Matúš Honěk 22dbdbf
Matúš Honěk 22dbdbf
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
Matúš Honěk 22dbdbf
--- a/libraries/libldap/tls_m.c
Matúš Honěk 22dbdbf
+++ b/libraries/libldap/tls_m.c
Matúš Honěk 22dbdbf
@@ -645,7 +645,16 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
Matúš Honěk 22dbdbf
 			}
Matúš Honěk 22dbdbf
 		} else if (!strcmp(cipher, "DEFAULT")) {
Matúš Honěk 22dbdbf
 			for (i=0; i
Matúš Honěk 22dbdbf
-				cipher_list[i] = ciphers_def[i].enabled == SSL_ALLOWED ? 1 : 0;
Matúš Honěk 22dbdbf
+				PRBool enabled;
Matúš Honěk 22dbdbf
+				if (SSL_CipherPrefGetDefault(ciphers_def[i].num, &enabled) == SECSuccess) {
Matúš Honěk 22dbdbf
+					if (!(ciphers_def[i].attr & SSL_eNULL)) {
Matúš Honěk 22dbdbf
+						cipher_list[i] = enabled == SSL_ALLOWED ? 1 : 0;
Matúš Honěk 22dbdbf
+					} else {
Matúš Honěk 22dbdbf
+						cipher_list[i] = -1;
Matúš Honěk 22dbdbf
+					}
Matúš Honěk 22dbdbf
+				} else {
Matúš Honěk 22dbdbf
+					cipher_list[i] = -1;
Matúš Honěk 22dbdbf
+				}
Matúš Honěk 22dbdbf
 			}
Matúš Honěk 22dbdbf
 		} else {
Matúš Honěk 22dbdbf
 			int mask = 0;