From 176ee3da3593cb0248c7a419b47c2f6352de5b78 Mon Sep 17 00:00:00 2001
From: "wtc%google.com" <wtc%google.com>
Date: Wed, 7 May 2008 20:45:53 +0000
Subject: [PATCH] Bug 430875: Documented the policy for the order of cipher
 suites in SSL_ImplementedCiphers.  r=nelson.

---
 security/nss/lib/ssl/sslenum.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c
index 3e92a4129e9..825234e43b8 100644
--- a/security/nss/lib/ssl/sslenum.c
+++ b/security/nss/lib/ssl/sslenum.c
@@ -39,11 +39,22 @@
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: sslenum.c,v 1.14 2007-02-28 19:47:38 rrelyea%redhat.com Exp $ */
+/* $Id: sslenum.c,v 1.15 2008-05-07 20:45:53 wtc%google.com Exp $ */
 
 #include "ssl.h"
 #include "sslproto.h"
 
+/*
+ * The ciphers are listed in the following order:
+ * - stronger ciphers before weaker ciphers
+ * - national ciphers before international ciphers
+ * - faster ciphers before slower ciphers
+ *
+ * National ciphers such as Camellia are listed before international ciphers
+ * such as AES and RC4 to allow servers that prefer Camellia to negotiate
+ * Camellia without having to disable AES and RC4, which are needed for
+ * interoperability with clients that don't yet implement Camellia.
+ */
 const PRUint16 SSL_ImplementedCiphers[] = {
 
     /* 256-bit */