diff --git a/ChangeLog b/ChangeLog
index 71ae39c7b..4124e7ea1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2011-12-13  Richard Frith-Macdonald <rfm@gnu.org>
+
+	* SSL/GSSSLHandle.m: Allow cipher list to be set using GSCipherList
+	default.
+
 2011-12-08  Wolfgang Lux  <wolfgang.lux@gmail.com>
 
 	* configure.ac: Fix pkg-config configuration for libffi to make it
diff --git a/SSL/GSSSLHandle.m b/SSL/GSSSLHandle.m
index de0bded6f..9ad144fb0 100644
--- a/SSL/GSSSLHandle.m
+++ b/SSL/GSSSLHandle.m
@@ -160,12 +160,15 @@ threadid_function()
 @end
 
 static BOOL	permitSSLv2 = NO;
+static NSString	*cipherList = nil;
 
 @implementation	GSSSLHandle
 + (void) _defaultsChanged: (NSNotification*)n
 {
   permitSSLv2
     = [[NSUserDefaults standardUserDefaults] boolForKey: @"GSPermitSSLv2"];
+  cipherList
+    = [[NSUserDefaults standardUserDefaults] stringForKey: @"GSCipherList"];
 }
 
 + (void) initialize
@@ -203,6 +206,7 @@ static BOOL	permitSSLv2 = NO;
 	}
       defs = [NSUserDefaults standardUserDefaults];
       permitSSLv2 = [defs boolForKey: @"GSPermitSSLv2"];
+      cipherList = [defs stringForKey: @"GSCipherList"];
       [[NSNotificationCenter defaultCenter]
 	addObserver: self
 	   selector: @selector(_defaultsChanged:)
@@ -377,6 +381,10 @@ static BOOL	permitSSLv2 = NO;
 	{
           SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
 	}
+      if (nil != cipherList)
+	{
+          SSL_CTX_set_cipher_list(ctx, [cipherList UTF8String]);
+	}
     }
   if (ssl == 0)
     {
@@ -440,6 +448,10 @@ static BOOL	permitSSLv2 = NO;
 	{
           SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
 	}
+      if (nil != cipherList)
+	{
+          SSL_CTX_set_cipher_list(ctx, [cipherList UTF8String]);
+	}
     }
   if ([PEMpasswd length] > 0)
     {