32 files changed, 68 insertions, 182 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index c9ec32173b..471871ff46 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.33 2014/08/07 20:02:23 miod Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.34 2014/08/10 14:42:55 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -145,8 +145,6 @@ const SSL_METHOD DTLSv1_client_method_data = {
        .ssl_dispatch_alert = dtls1_dispatch_alert,
        .ssl_ctrl = dtls1_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = dtls1_get_cipher,
@@ -820,7 +818,7 @@ dtls1_client_hello(SSL *s)
                p += s->d1->cookie_len;
                /* Ciphers supported */
-                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
                if (i == 0) {
                        SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
                            SSL_R_NO_CIPHERS_AVAILABLE);
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
index 1afd3ef1b2..df4ec9fdf2 100644
--- a/src/lib/libssl/d1_meth.c
+++ b/src/lib/libssl/d1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_meth.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: d1_meth.c,v 1.6 2014/08/10 14:42:56 jsing Exp $ */
 /* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -82,8 +82,6 @@ const SSL_METHOD DTLSv1_method_data = {
        .ssl_dispatch_alert = dtls1_dispatch_alert,
        .ssl_ctrl = dtls1_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = dtls1_get_cipher,
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 848bc0f0be..9fdd025e2d 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.35 2014/08/06 20:11:09 miod Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.36 2014/08/10 14:42:56 jsing Exp $ */
 /* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -146,8 +146,6 @@ const SSL_METHOD DTLSv1_server_method_data = {
        .ssl_dispatch_alert = dtls1_dispatch_alert,
        .ssl_ctrl = dtls1_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = dtls1_get_cipher,
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 3a72dd3316..81683e5949 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.31 2014/07/11 08:17:36 miod Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.32 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -139,8 +139,6 @@ const SSL_METHOD SSLv23_client_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl23_put_cipher_by_char,
        .ssl_pending = ssl_undefined_const_function,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -360,8 +358,7 @@ ssl23_client_hello(SSL *s)
                *(p++) = 0;
                /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
-                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]),
+                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
-                    ssl3_put_cipher_by_char);
                if (i == 0) {
                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,
                            SSL_R_NO_CIPHERS_AVAILABLE);
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
index 643910be69..3a6d1d598b 100644
--- a/src/lib/libssl/s23_lib.c
+++ b/src/lib/libssl/s23_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_lib.c,v 1.16 2014/07/11 08:17:36 miod Exp $ */
+/* $OpenBSD: s23_lib.c,v 1.17 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -67,21 +67,6 @@ ssl23_default_timeout(void)
 }
 int
-ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-{
-        long l;
-        /* We can write SSLv2 and SSLv3 ciphers */
-        if (p != NULL) {
-                l = c->id;
-                p[0] = ((unsigned char)(l >> 16L))&0xFF;
-                p[1] = ((unsigned char)(l >> 8L))&0xFF;
-                p[2] = ((unsigned char)(l     ))&0xFF;
-        }
-        return (3);
-}
-int
 ssl23_read(SSL *s, void *buf, int len)
 {
        int n;
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 5f8ffa8eaf..4733fc40a5 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.34 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -138,8 +138,6 @@ const SSL_METHOD SSLv23_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl23_put_cipher_by_char,
        .ssl_pending = ssl_undefined_const_function,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index af6c81dae5..63e8135185 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.85 2014/08/07 01:24:10 deraadt Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.86 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -183,8 +183,6 @@ const SSL_METHOD SSLv3_client_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -719,7 +717,7 @@ ssl3_client_hello(SSL *s)
                }
                /* Ciphers supported */
-                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
                if (i == 0) {
                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,
                            SSL_R_NO_CIPHERS_AVAILABLE);
@@ -856,7 +854,7 @@ ssl3_get_server_hello(SSL *s)
                    &s->session->master_key_length, NULL, &pref_cipher,
                    s->tls_session_secret_cb_arg)) {
                        s->session->cipher = pref_cipher ?
-                            pref_cipher : ssl_get_cipher_by_char(s, p + j);
+                            pref_cipher : ssl3_get_cipher_by_char(p + j);
                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
                }
        }
@@ -890,7 +888,7 @@ ssl3_get_server_hello(SSL *s)
                memcpy(s->session->session_id,p,j); /* j could be 0 */
        }
        p += j;
-        c = ssl_get_cipher_by_char(s, p);
+        c = ssl3_get_cipher_by_char(p);
        if (c == NULL) {
                /* unknown cipher */
                al = SSL_AD_ILLEGAL_PARAMETER;
@@ -906,7 +904,7 @@ ssl3_get_server_hello(SSL *s)
                    SSL_R_WRONG_CIPHER_RETURNED);
                goto f_err;
        }
-        p += ssl_put_cipher_by_char(s, NULL, NULL);
+        p += ssl3_put_cipher_by_char(NULL, NULL);
        sk = ssl_get_ciphers_by_id(s);
        i = sk_SSL_CIPHER_find(sk, c);
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index ed2aaf19b5..7b29ec41c8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.79 2014/07/28 04:23:12 guenther Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.80 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -184,8 +184,6 @@ const SSL_METHOD SSLv3_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index c9ec32173b..471871ff46 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.33 2014/08/07 20:02:23 miod Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.34 2014/08/10 14:42:55 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -145,8 +145,6 @@ const SSL_METHOD DTLSv1_client_method_data = {
        .ssl_dispatch_alert = dtls1_dispatch_alert,
        .ssl_ctrl = dtls1_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = dtls1_get_cipher,
@@ -820,7 +818,7 @@ dtls1_client_hello(SSL *s)
                p += s->d1->cookie_len;
                /* Ciphers supported */
-                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
                if (i == 0) {
                        SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
                            SSL_R_NO_CIPHERS_AVAILABLE);
diff --git a/src/lib/libssl/src/ssl/d1_meth.c b/src/lib/libssl/src/ssl/d1_meth.c
index 1afd3ef1b2..df4ec9fdf2 100644
--- a/src/lib/libssl/src/ssl/d1_meth.c
+++ b/src/lib/libssl/src/ssl/d1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_meth.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: d1_meth.c,v 1.6 2014/08/10 14:42:56 jsing Exp $ */
 /* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -82,8 +82,6 @@ const SSL_METHOD DTLSv1_method_data = {
        .ssl_dispatch_alert = dtls1_dispatch_alert,
        .ssl_ctrl = dtls1_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = dtls1_get_cipher,
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 848bc0f0be..9fdd025e2d 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.35 2014/08/06 20:11:09 miod Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.36 2014/08/10 14:42:56 jsing Exp $ */
 /* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -146,8 +146,6 @@ const SSL_METHOD DTLSv1_server_method_data = {
        .ssl_dispatch_alert = dtls1_dispatch_alert,
        .ssl_ctrl = dtls1_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = dtls1_get_cipher,
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 3a72dd3316..81683e5949 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.31 2014/07/11 08:17:36 miod Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.32 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -139,8 +139,6 @@ const SSL_METHOD SSLv23_client_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl23_put_cipher_by_char,
        .ssl_pending = ssl_undefined_const_function,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -360,8 +358,7 @@ ssl23_client_hello(SSL *s)
                *(p++) = 0;
                /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
-                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]),
+                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
-                    ssl3_put_cipher_by_char);
                if (i == 0) {
                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,
                            SSL_R_NO_CIPHERS_AVAILABLE);
diff --git a/src/lib/libssl/src/ssl/s23_lib.c b/src/lib/libssl/src/ssl/s23_lib.c
index 643910be69..3a6d1d598b 100644
--- a/src/lib/libssl/src/ssl/s23_lib.c
+++ b/src/lib/libssl/src/ssl/s23_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_lib.c,v 1.16 2014/07/11 08:17:36 miod Exp $ */
+/* $OpenBSD: s23_lib.c,v 1.17 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -67,21 +67,6 @@ ssl23_default_timeout(void)
 }
 int
-ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-{
-        long l;
-        /* We can write SSLv2 and SSLv3 ciphers */
-        if (p != NULL) {
-                l = c->id;
-                p[0] = ((unsigned char)(l >> 16L))&0xFF;
-                p[1] = ((unsigned char)(l >> 8L))&0xFF;
-                p[2] = ((unsigned char)(l     ))&0xFF;
-        }
-        return (3);
-}
-int
 ssl23_read(SSL *s, void *buf, int len)
 {
        int n;
diff --git a/src/lib/libssl/src/ssl/s23_meth.c b/src/lib/libssl/src/ssl/s23_meth.c
index b7f6551f64..768c526802 100644
--- a/src/lib/libssl/src/ssl/s23_meth.c
+++ b/src/lib/libssl/src/ssl/s23_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_meth.c,v 1.14 2014/07/11 08:17:36 miod Exp $ */
+/* $OpenBSD: s23_meth.c,v 1.15 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -81,8 +81,6 @@ const SSL_METHOD SSLv23_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl23_put_cipher_by_char,
        .ssl_pending = ssl_undefined_const_function,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index 5f8ffa8eaf..4733fc40a5 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.34 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -138,8 +138,6 @@ const SSL_METHOD SSLv23_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl23_put_cipher_by_char,
        .ssl_pending = ssl_undefined_const_function,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index af6c81dae5..63e8135185 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.85 2014/08/07 01:24:10 deraadt Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.86 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -183,8 +183,6 @@ const SSL_METHOD SSLv3_client_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -719,7 +717,7 @@ ssl3_client_hello(SSL *s)
                }
                /* Ciphers supported */
-                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
                if (i == 0) {
                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,
                            SSL_R_NO_CIPHERS_AVAILABLE);
@@ -856,7 +854,7 @@ ssl3_get_server_hello(SSL *s)
                    &s->session->master_key_length, NULL, &pref_cipher,
                    s->tls_session_secret_cb_arg)) {
                        s->session->cipher = pref_cipher ?
-                            pref_cipher : ssl_get_cipher_by_char(s, p + j);
+                            pref_cipher : ssl3_get_cipher_by_char(p + j);
                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
                }
        }
@@ -890,7 +888,7 @@ ssl3_get_server_hello(SSL *s)
                memcpy(s->session->session_id,p,j); /* j could be 0 */
        }
        p += j;
-        c = ssl_get_cipher_by_char(s, p);
+        c = ssl3_get_cipher_by_char(p);
        if (c == NULL) {
                /* unknown cipher */
                al = SSL_AD_ILLEGAL_PARAMETER;
@@ -906,7 +904,7 @@ ssl3_get_server_hello(SSL *s)
                    SSL_R_WRONG_CIPHER_RETURNED);
                goto f_err;
        }
-        p += ssl_put_cipher_by_char(s, NULL, NULL);
+        p += ssl3_put_cipher_by_char(NULL, NULL);
        sk = ssl_get_ciphers_by_id(s);
        i = sk_SSL_CIPHER_find(sk, c);
diff --git a/src/lib/libssl/src/ssl/s3_meth.c b/src/lib/libssl/src/ssl/s3_meth.c
index bab67996cb..a5a63265f3 100644
--- a/src/lib/libssl/src/ssl/s3_meth.c
+++ b/src/lib/libssl/src/ssl/s3_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_meth.c,v 1.9 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s3_meth.c,v 1.10 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -81,8 +81,6 @@ const SSL_METHOD SSLv3_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index ed2aaf19b5..7b29ec41c8 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.79 2014/07/28 04:23:12 guenther Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.80 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -184,8 +184,6 @@ const SSL_METHOD SSLv3_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 7547d05aa6..857709f7c5 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.62 2014/07/12 19:45:53 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.63 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -410,6 +410,7 @@ struct ssl_method_st {
        int (*ssl_dispatch_alert)(SSL *s);
        long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
        long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
+        /* XXX - remove get_cipher_by_char and put_cipher_by_char. */
        const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
        int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
        int (*ssl_pending)(const SSL *s);
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 6b62713bca..bf94321eea 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.79 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1367,10 +1367,9 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
 }
 int
-ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
+ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
-    int (*put_cb)(const SSL_CIPHER *, unsigned char *))
 {
-        int              i, j = 0;
+        int              i;
        SSL_CIPHER      *c;
        unsigned char   *q;
@@ -1380,13 +1379,14 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
                c = sk_SSL_CIPHER_value(sk, i);
                /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
                if ((c->algorithm_ssl & SSL_TLSV1_2) &&
                    (TLS1_get_client_version(s) < TLS1_2_VERSION))
                        continue;
-                j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p);
+                p += ssl3_put_cipher_by_char(c, p);
-                p += j;
        }
        /*
         * If p == q, no ciphers and caller indicates an error. Otherwise
         * add SCSV if not renegotiating.
@@ -1395,9 +1395,7 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
                static SSL_CIPHER scsv = {
                        0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
                };
-                j = put_cb ? put_cb(&scsv, p) :
+                p += ssl3_put_cipher_by_char(&scsv, p);
-                    ssl_put_cipher_by_char(s, &scsv, p);
-                p += j;
        }
        return (p - q);
@@ -1414,7 +1412,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
        if (s->s3)
                s->s3->send_connection_binding = 0;
-        n = ssl_put_cipher_by_char(s, NULL, NULL);
+        n = ssl3_put_cipher_by_char(NULL, NULL);
        if ((num % n) != 0) {
                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
                    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
@@ -1446,7 +1444,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
                        continue;
                }
-                c = ssl_get_cipher_by_char(s, p);
+                c = ssl3_get_cipher_by_char(p);
                p += n;
                if (c != NULL) {
                        if (!sk_SSL_CIPHER_push(sk, c)) {
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 3c1c444cb0..7961c4c06e 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.63 2014/07/28 04:23:12 guenther Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.64 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -475,11 +475,6 @@ typedef struct sess_cert_st {
 /*#define SSL_DEBUG     */
 /*#define RSA_DEBUG     */ 
-#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
-                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
-#define ssl_get_cipher_by_char(ssl,ptr) \
-                ((ssl)->method->get_cipher_by_char(ptr))
 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
 * It is a bit of a mess of functions, but hell, think of it as
 * an opaque structure :-) */
@@ -576,7 +571,7 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
    int num, STACK_OF(SSL_CIPHER) **skp);
 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-    unsigned char *p, int (*put_cb)(const SSL_CIPHER *, unsigned char *));
+    unsigned char *p);
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
    STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
    const char *rule_str);
@@ -664,7 +659,6 @@ long ssl3_default_timeout(void);
 int ssl23_read(SSL *s, void *buf, int len);
 int ssl23_peek(SSL *s, void *buf, int len);
 int ssl23_write(SSL *s, const void *buf, int len);
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 long ssl23_default_timeout(void);
 long tls1_default_timeout(void);
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index d1cd418601..d4fa5a618f 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.38 2014/07/13 16:03:10 beck Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.39 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -566,9 +566,9 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                l2n(l, p);
                if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
-                        ret->cipher = ssl_get_cipher_by_char(s, &(buf[2]));
+                        ret->cipher = ssl3_get_cipher_by_char(&buf[2]);
                else
-                        ret->cipher = ssl_get_cipher_by_char(s, &(buf[1]));
+                        ret->cipher = ssl3_get_cipher_by_char(&buf[1]);
                if (ret->cipher == NULL)
                        goto err;
diff --git a/src/lib/libssl/src/ssl/t1_clnt.c b/src/lib/libssl/src/ssl/t1_clnt.c
index 15ff91a8c4..3781063eb6 100644
--- a/src/lib/libssl/src/ssl/t1_clnt.c
+++ b/src/lib/libssl/src/ssl/t1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_clnt.c,v 1.13 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: t1_clnt.c,v 1.14 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -84,8 +84,6 @@ const SSL_METHOD TLSv1_client_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -116,8 +114,6 @@ const SSL_METHOD TLSv1_1_client_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -148,8 +144,6 @@ const SSL_METHOD TLSv1_2_client_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/t1_meth.c b/src/lib/libssl/src/ssl/t1_meth.c
index 71ddc101e1..de066322f4 100644
--- a/src/lib/libssl/src/ssl/t1_meth.c
+++ b/src/lib/libssl/src/ssl/t1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_meth.c,v 1.12 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: t1_meth.c,v 1.13 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -81,8 +81,6 @@ const SSL_METHOD TLSv1_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -113,8 +111,6 @@ const SSL_METHOD TLSv1_1_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -145,8 +141,6 @@ const SSL_METHOD TLSv1_2_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/t1_srvr.c b/src/lib/libssl/src/ssl/t1_srvr.c
index 0986f96ca9..99712b6fb6 100644
--- a/src/lib/libssl/src/ssl/t1_srvr.c
+++ b/src/lib/libssl/src/ssl/t1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_srvr.c,v 1.13 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: t1_srvr.c,v 1.14 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -85,8 +85,6 @@ const SSL_METHOD TLSv1_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -117,8 +115,6 @@ const SSL_METHOD TLSv1_1_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -149,8 +145,6 @@ const SSL_METHOD TLSv1_2_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 7547d05aa6..857709f7c5 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.62 2014/07/12 19:45:53 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.63 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -410,6 +410,7 @@ struct ssl_method_st {
        int (*ssl_dispatch_alert)(SSL *s);
        long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
        long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
+        /* XXX - remove get_cipher_by_char and put_cipher_by_char. */
        const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
        int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
        int (*ssl_pending)(const SSL *s);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 6b62713bca..bf94321eea 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.79 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1367,10 +1367,9 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
 }
 int
-ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
+ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
-    int (*put_cb)(const SSL_CIPHER *, unsigned char *))
 {
-        int              i, j = 0;
+        int              i;
        SSL_CIPHER      *c;
        unsigned char   *q;
@@ -1380,13 +1379,14 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
                c = sk_SSL_CIPHER_value(sk, i);
                /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
                if ((c->algorithm_ssl & SSL_TLSV1_2) &&
                    (TLS1_get_client_version(s) < TLS1_2_VERSION))
                        continue;
-                j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p);
+                p += ssl3_put_cipher_by_char(c, p);
-                p += j;
        }
        /*
         * If p == q, no ciphers and caller indicates an error. Otherwise
         * add SCSV if not renegotiating.
@@ -1395,9 +1395,7 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
                static SSL_CIPHER scsv = {
                        0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
                };
-                j = put_cb ? put_cb(&scsv, p) :
+                p += ssl3_put_cipher_by_char(&scsv, p);
-                    ssl_put_cipher_by_char(s, &scsv, p);
-                p += j;
        }
        return (p - q);
@@ -1414,7 +1412,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
        if (s->s3)
                s->s3->send_connection_binding = 0;
-        n = ssl_put_cipher_by_char(s, NULL, NULL);
+        n = ssl3_put_cipher_by_char(NULL, NULL);
        if ((num % n) != 0) {
                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
                    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
@@ -1446,7 +1444,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
                        continue;
                }
-                c = ssl_get_cipher_by_char(s, p);
+                c = ssl3_get_cipher_by_char(p);
                p += n;
                if (c != NULL) {
                        if (!sk_SSL_CIPHER_push(sk, c)) {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 3c1c444cb0..7961c4c06e 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.63 2014/07/28 04:23:12 guenther Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.64 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -475,11 +475,6 @@ typedef struct sess_cert_st {
 /*#define SSL_DEBUG     */
 /*#define RSA_DEBUG     */ 
-#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
-                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
-#define ssl_get_cipher_by_char(ssl,ptr) \
-                ((ssl)->method->get_cipher_by_char(ptr))
 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
 * It is a bit of a mess of functions, but hell, think of it as
 * an opaque structure :-) */
@@ -576,7 +571,7 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
    int num, STACK_OF(SSL_CIPHER) **skp);
 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-    unsigned char *p, int (*put_cb)(const SSL_CIPHER *, unsigned char *));
+    unsigned char *p);
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
    STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
    const char *rule_str);
@@ -664,7 +659,6 @@ long ssl3_default_timeout(void);
 int ssl23_read(SSL *s, void *buf, int len);
 int ssl23_peek(SSL *s, void *buf, int len);
 int ssl23_write(SSL *s, const void *buf, int len);
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 long ssl23_default_timeout(void);
 long tls1_default_timeout(void);
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index d1cd418601..d4fa5a618f 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.38 2014/07/13 16:03:10 beck Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.39 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -566,9 +566,9 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                l2n(l, p);
                if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
-                        ret->cipher = ssl_get_cipher_by_char(s, &(buf[2]));
+                        ret->cipher = ssl3_get_cipher_by_char(&buf[2]);
                else
-                        ret->cipher = ssl_get_cipher_by_char(s, &(buf[1]));
+                        ret->cipher = ssl3_get_cipher_by_char(&buf[1]);
                if (ret->cipher == NULL)
                        goto err;
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
index 15ff91a8c4..3781063eb6 100644
--- a/src/lib/libssl/t1_clnt.c
+++ b/src/lib/libssl/t1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_clnt.c,v 1.13 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: t1_clnt.c,v 1.14 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -84,8 +84,6 @@ const SSL_METHOD TLSv1_client_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -116,8 +114,6 @@ const SSL_METHOD TLSv1_1_client_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -148,8 +144,6 @@ const SSL_METHOD TLSv1_2_client_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
index 71ddc101e1..de066322f4 100644
--- a/src/lib/libssl/t1_meth.c
+++ b/src/lib/libssl/t1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_meth.c,v 1.12 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: t1_meth.c,v 1.13 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -81,8 +81,6 @@ const SSL_METHOD TLSv1_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -113,8 +111,6 @@ const SSL_METHOD TLSv1_1_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -145,8 +141,6 @@ const SSL_METHOD TLSv1_2_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
index 0986f96ca9..99712b6fb6 100644
--- a/src/lib/libssl/t1_srvr.c
+++ b/src/lib/libssl/t1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_srvr.c,v 1.13 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: t1_srvr.c,v 1.14 2014/08/10 14:42:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -85,8 +85,6 @@ const SSL_METHOD TLSv1_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -117,8 +115,6 @@ const SSL_METHOD TLSv1_1_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
@@ -149,8 +145,6 @@ const SSL_METHOD TLSv1_2_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .ssl_ctrl = ssl3_ctrl,
        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
        .ssl_pending = ssl3_pending,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,