From 241e35f02eb25bc3fb1dcb603e625c8d1c4b672c Mon Sep 17 00:00:00 2001
From: "Frank Ch. Eigler" <fche@redhat.com>
Date: Wed, 6 Nov 2013 08:34:22 -0500
Subject: [PATCH] stap-server ssl: enable all cipher suites

The "export" set of cipher suites is too limited and going away.
---
 csclient.cxx     | 8 ++++----
 stap-serverd.cxx | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/csclient.cxx b/csclient.cxx
index 0cba5a65c..dc09d6695 100644
--- a/csclient.cxx
+++ b/csclient.cxx
@@ -1262,9 +1262,9 @@ compile_server_client::compile_using_server (
 	  continue; // try next database
 	}
 
-      // Enable cipher suites which are allowed by U.S. export regulations.
+      // Enable all cipher suites.
       // SSL_ClearSessionCache is required for the new settings to take effect.
-      secStatus = NSS_SetExportPolicy ();
+      secStatus = NSS_SetDomesticPolicy ();
       SSL_ClearSessionCache ();
       if (secStatus != SECSuccess)
 	{
@@ -1705,9 +1705,9 @@ add_server_trust (
       goto cleanup;
     }
 
-  // Enable cipher suites which are allowed by U.S. export regulations.
+  // Enable all cipher suites.
   // SSL_ClearSessionCache is required for the new settings to take effect.
-  secStatus = NSS_SetExportPolicy ();
+  secStatus = NSS_SetDomesticPolicy ();
   SSL_ClearSessionCache ();
   if (secStatus != SECSuccess)
     {
diff --git a/stap-serverd.cxx b/stap-serverd.cxx
index 854ce4feb..275212303 100644
--- a/stap-serverd.cxx
+++ b/stap-serverd.cxx
@@ -1735,13 +1735,13 @@ server_main (PRFileDesc *listenSocket)
   CERTCertificate *cert = NULL;
   bool serverCacheConfigured = false;
 
-  // Enable cipher suites which are allowed by U.S. export regulations.
+  // Enable all cipher suites.
   // NB: The NSS docs say that SSL_ClearSessionCache is required for the new settings to take
   // effect, however, calling it puts NSS in a state where it will not shut down cleanly.
   // We need to be able to shut down NSS cleanly if we are to generate a new certificate when
   // ours expires. It should be noted however, thet SSL_ClearSessionCache only clears the
   // client cache, and we are a server.
-  secStatus = NSS_SetExportPolicy ();
+  secStatus = NSS_SetDomesticPolicy ();
   //      SSL_ClearSessionCache ();
   if (secStatus != SECSuccess)
     {
-- 
2.43.5