3 files changed, 9 insertions, 1 deletions

diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index 26381fcb8e..84aa9d7dca 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -166,6 +166,10 @@ Q_LOGGING_CATEGORY(lcSsl, "qt.network.ssl");
     in ASN.1 format as returned by QSslConfiguration::sessionTicket(). Enabling
     this feature adds memory overhead of approximately 1K per used session
     ticket.
+    \value SslOptionDisableServerCipherPreference Disables selecting the cipher
+    chosen based on the servers preferences rather than the order ciphers were
+    sent by the client. This option is only relevant to server sockets, and is
+    only honored by the OpenSSL backend.
 
     By default, SslOptionDisableEmptyFragments is turned on since this causes
     problems with a large number of servers. SslOptionDisableLegacyRenegotiation
diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h
index f56c36b219..03497ecf76 100644
--- a/src/network/ssl/qssl.h
+++ b/src/network/ssl/qssl.h
@@ -95,7 +95,8 @@ namespace QSsl {
         SslOptionDisableServerNameIndication = 0x08,
         SslOptionDisableLegacyRenegotiation = 0x10,
         SslOptionDisableSessionSharing = 0x20,
-        SslOptionDisableSessionPersistence = 0x40
+        SslOptionDisableSessionPersistence = 0x40,
+        SslOptionDisableServerCipherPreference = 0x80
     };
     Q_DECLARE_FLAGS(SslOptions, SslOption)
 }
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 954c11d1f0..55762c94c7 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -344,6 +344,9 @@ long QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol, Q
         options |= SSL_OP_NO_COMPRESSION;
 #endif
 
+    if (!(sslOptions & QSsl::SslOptionDisableServerCipherPreference))
+        options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+
     return options;
 }