Comment 6 for bug 82515

tentative patch below. All SSLV2 ciphersuites are enabled by default, so I do not go on calling SSL_CipherPrefSetDefault() on them. For simplicity, we could.

--- camel.c 2007-01-03 08:56:19.000000000 -0600
+++ camel.c.new 2007-02-05 17:19:20.000000000 -0600
@@ -90,6 +90,7 @@
 #ifdef HAVE_NSS
        if (nss_init) {
                char *nss_configdir;
+ PRUint16 indx;

                PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);

@@ -108,6 +109,11 @@
                }

                NSS_SetDomesticPolicy ();
+ /* we must enable all ciphersuites */
+ for (indx = 0; indx < SSL_NumImplementedCiphers; indx++) {
+ if (!SSL_IS_SSL2_CIPHER(SSL_ImplementedCiphers[indx]))
+ SSL_CipherPrefSetDefault (SSL_ImplementedCiphers[indx], PR_TRUE);
+ }

                SSL_OptionSetDefault (SSL_ENABLE_SSL2, PR_TRUE);
                SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);