The patch is fine. I was just about to send exactly the same. We have a report in our bugzilla for this.
On Monday 04 of June 2012 21:56:08, [email protected] wrote: > Full_Name: Tim Strobell > Version: HEAD > OS: RHEL6 > URL: ftp://ftp.openldap.org/incoming/tim-strobell-2012060401.patch > Submission from: (NULL) (2001:480:20:112:210:18ff:fe19:b000) > > > When using NSS, the default cipher suite selection is used even when > TLSCipherSuite is explicitly specified. This behavior was introduced in the > patch provided in ITS#6790. > > At tls_m.c:2221... > > if ( lt->lt_ciphersuite && > tlsm_parse_ciphers( ctx, lt->lt_ciphersuite )) { > [ error, return ] > } else if ( tlsm_parse_ciphers( ctx, "DEFAULT" ) ) { > [ error, return ] > } > > tlsm_parse_ciphers returns 0 on success; the else path is always followed > and overrides the previous cipher suite selection.
