2 files changed, 13 insertions, 10 deletions

diff --git a/lib/libressl/ressl.c b/lib/libressl/ressl.c
index 516afa53d6e..b85fe044155 100644
--- a/lib/libressl/ressl.c
+++ b/lib/libressl/ressl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.c,v 1.15 2014/09/29 15:11:29 jsing Exp $ */
+/* $OpenBSD: ressl.c,v 1.16 2014/09/29 15:31:38 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -182,7 +182,18 @@ ressl_configure_ssl(struct ressl *ctx)
 	if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_2) == 0)
 		SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);
 
+	if (ctx->config->ciphers != NULL) {
+		if (SSL_CTX_set_cipher_list(ctx->ssl_ctx,
+		    ctx->config->ciphers) != 1) {
+			ressl_set_error(ctx, "failed to set ciphers");
+			goto err;
+		}
+	}
+
 	return (0);
+
+err:
+	return (-1);
 }
 
 void
diff --git a/lib/libressl/ressl_server.c b/lib/libressl/ressl_server.c
index e2dc7cf0882..33ac8fc33dd 100644
--- a/lib/libressl/ressl_server.c
+++ b/lib/libressl/ressl_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl_server.c,v 1.8 2014/09/29 15:11:29 jsing Exp $ */
+/* $OpenBSD: ressl_server.c,v 1.9 2014/09/29 15:31:38 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -62,14 +62,6 @@ ressl_configure_server(struct ressl *ctx)
 	if (ressl_configure_keypair(ctx) != 0)
 		goto err;
 
-	if (ctx->config->ciphers != NULL) {
-		if (SSL_CTX_set_cipher_list(ctx->ssl_ctx,
-		    ctx->config->ciphers) != 1) {
-			ressl_set_error(ctx, "failed to set ciphers");
-			goto err;
-		}
-	}
-
 	if (ctx->config->ecdhcurve != NID_undef) {
 		if ((ecdh_key = EC_KEY_new_by_curve_name(
 		    ctx->config->ecdhcurve)) == NULL) {