3 files changed, 30 insertions, 2 deletions

diff --git a/netlib/tcp.py b/netlib/tcp.py
index c632ec67..8fe04d2e 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -267,7 +267,7 @@ class BaseHandler:
 
         self.clientcert = None
 
-    def convert_to_ssl(self, cert, key, method=SSLv23_METHOD, options=None, handle_sni=None, request_client_cert=False):
+    def convert_to_ssl(self, cert, key, method=SSLv23_METHOD, options=None, handle_sni=None, request_client_cert=False, cipher_list=None):
         """
             cert: A certutils.SSLCert object.
             method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD
@@ -295,6 +295,8 @@ class BaseHandler:
         ctx = SSL.Context(method)
         if not options is None:
             ctx.set_options(options)
+        if cipher_list:
+            ctx.set_cipher_list(cipher_list)
         if handle_sni:
             # SNI callback happens during do_handshake()
             ctx.set_tlsext_servername_callback(handle_sni)
diff --git a/netlib/test.py b/netlib/test.py
index 87802bd5..e7d4c233 100644
--- a/netlib/test.py
+++ b/netlib/test.py
@@ -66,7 +66,8 @@ class TServer(tcp.TCPServer):
                 method = method,
                 options = options,
                 handle_sni = getattr(h, "handle_sni", None),
-                request_client_cert = self.ssl["request_client_cert"]
+                request_client_cert = self.ssl["request_client_cert"],
+                cipher_list = self.ssl.get("cipher_list", None)
             )
         h.handle()
         h.finish()
diff --git a/test/test_tcp.py b/test/test_tcp.py
index 318d2abc..8fa151af 100644
--- a/test/test_tcp.py
+++ b/test/test_tcp.py
@@ -34,6 +34,15 @@ class CertHandler(tcp.BaseHandler):
         self.wfile.flush()
 
 
+class ClientCipherListHandler(tcp.BaseHandler):
+    sni = None
+
+    def handle(self):
+        print self.connection.get_cipher_list()
+        self.wfile.write("%s"%self.connection.get_cipher_list())
+        self.wfile.flush()
+
+
 class DisconnectHandler(tcp.BaseHandler):
     def handle(self):
         self.close()
@@ -180,6 +189,22 @@ class TestSNI(test.ServerTestBase):
         assert c.rfile.readline() == "foo.com"
 
 
+class TestClientCipherList(test.ServerTestBase):
+    handler = ClientCipherListHandler
+    ssl = dict(
+        cert = tutils.test_data.path("data/server.crt"),
+        key = tutils.test_data.path("data/server.key"),
+        request_client_cert = False,
+        v3_only = False,
+        cipher_list = 'RC4-SHA'
+    )
+    def test_echo(self):
+        c = tcp.TCPClient("127.0.0.1", self.port)
+        c.connect()
+        c.convert_to_ssl(sni="foo.com")
+        assert c.rfile.readline() == "['RC4-SHA']"
+
+
 class TestSSLDisconnect(test.ServerTestBase):
     handler = DisconnectHandler
     ssl = dict(