From d1f1c857ad559eafef9373621d30174c046261ef Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 19 Sep 2016 17:45:53 +0200
Subject: nss: add chacha20-poly1305 cipher suites if supported by NSS

---
 RELEASE-NOTES  | 2 +-
 lib/vtls/nss.c | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index bba03976d..4633f089a 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -8,7 +8,7 @@ Curl and libcurl 7.51.0
 
 This release includes the following changes:
 
- o
+ o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
 
 This release includes the following bugfixes:
 
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 1d006ea0a..8c945548a 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -189,6 +189,15 @@ static const cipher_s cipherlist[] = {
   {"ecdhe_ecdsa_aes_256_gcm_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
   {"ecdhe_rsa_aes_256_gcm_sha_384",   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
 #endif
+#ifdef TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+  /* chacha20-poly1305 cipher suites */
+ {"ecdhe_rsa_chacha20_poly1305_sha_256",
+     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
+ {"ecdhe_ecdsa_chacha20_poly1305_sha_256",
+     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
+ {"dhe_rsa_chacha20_poly1305_sha_256",
+     TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
+#endif
 };
 
 static const char* pem_library = "libnsspem.so";
-- 
cgit v1.2.3