From 742fc5fb3562eff6f0ac5f53ec2b4d2c11ebfabf Mon Sep 17 00:00:00 2001
From: Daniel Lowrey <rdlowrey@php.net>
Date: Wed, 19 Feb 2014 20:39:57 -0700
Subject: [PATCH] Add 'honor_cipher_order' server context option

---
 ext/openssl/xp_ssl.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index aa1d50e64d..ea2e5f70fc 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -435,6 +435,13 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 		return -1;
 	}
 
+	if (!sslsock->is_client && stream->context && SUCCESS == php_stream_context_get_option(
+				stream->context, "ssl", "honor_cipher_order", &val) &&
+			zend_is_true(*val)
+	) {
+		SSL_CTX_set_options(sslsock->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+	}
+
 #ifdef SSL_MODE_RELEASE_BUFFERS
 	long mode = SSL_get_mode(sslsock->ssl_handle);
 	SSL_set_mode(sslsock->ssl_handle, mode | SSL_MODE_RELEASE_BUFFERS);
-- 
2.50.1