commit ce06a829733c3f351c57de1b79fdc0be061f6754
Author: Frank Ch. Eigler <fche@redhat.com>
Date:   Wed Nov 6 08:28:37 2013 -0500

    PCP NSS support: use "domestic" rather than "export" cipher suite
    
    Modern versions of NSS are starting to disable the obsolete and
    puny-security "export" suite of ciphers.  We certainly shouldn't
    limit ourselves to them.

diff --git a/src/libpcp/src/secureconnect.c b/src/libpcp/src/secureconnect.c
index 4b6803c..c2bb279 100644
--- a/src/libpcp/src/secureconnect.c
+++ b/src/libpcp/src/secureconnect.c
@@ -400,10 +400,12 @@ __pmInitCertificates(void)
 	PK11_FreeSlot(slot);
     }
 
-    secsts = NSS_SetExportPolicy();
-    if (secsts != SECSuccess)
-	return __pmSecureSocketsError(PR_GetError());
-
+    /* Some NSS versions don't do this correctly in NSS_SetDomesticPolicy. */
+    do {
+        const PRUint16 *cipher;
+        for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher)
+            SSL_CipherPolicySet(*cipher, SSL_ALLOWED);
+    } while (0);
     SSL_ClearSessionCache();
 
     return 0;
diff --git a/src/libpcp/src/secureserver.c b/src/libpcp/src/secureserver.c
index 856df81..c248202 100644
--- a/src/libpcp/src/secureserver.c
+++ b/src/libpcp/src/secureserver.c
@@ -279,12 +279,12 @@ __pmSecureServerSetup(const char *db, const char *passwd)
 	goto done;
     }
 
-    secsts = NSS_SetExportPolicy();
-    if (secsts != SECSuccess) {
-	__pmNotifyErr(LOG_ERR, "Unable to set NSS export policy: %s",
-		pmErrStr(__pmSecureSocketsError(PR_GetError())));
-	goto done;
-    }
+    /* Some NSS versions don't do this correctly in NSS_SetDomesticPolicy. */
+    do {
+        const PRUint16 *cipher;
+        for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher)
+            SSL_CipherPolicySet(*cipher, SSL_ALLOWED);
+    } while (0);
 
     /* Configure SSL session cache for multi-process server, using defaults */
     secsts = SSL_ConfigMPServerSIDCache(0, 0, 0, NULL);