From: Daniel Lowrey <rdlowrey@php.net>
Date: Thu, 20 Feb 2014 03:39:57 +0000 (-0700)
Subject: Add 'honor_cipher_order' server context option
X-Git-Tag: php-5.6.0alpha3~1^2~43^2~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=742fc5fb3562eff6f0ac5f53ec2b4d2c11ebfabf;p=php

Add 'honor_cipher_order' server context option
---

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index aa1d50e64d..ea2e5f70fc 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -435,6 +435,13 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 		return -1;
 	}
 
+	if (!sslsock->is_client && stream->context && SUCCESS == php_stream_context_get_option(
+				stream->context, "ssl", "honor_cipher_order", &val) &&
+			zend_is_true(*val)
+	) {
+		SSL_CTX_set_options(sslsock->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+	}
+
 #ifdef SSL_MODE_RELEASE_BUFFERS
 	long mode = SSL_get_mode(sslsock->ssl_handle);
 	SSL_set_mode(sslsock->ssl_handle, mode | SSL_MODE_RELEASE_BUFFERS);