diff --git a/mozilla/security/jss/lib/jss.def b/mozilla/security/jss/lib/jss.def
index 1e25e33cc67..0d045628b0d 100644
--- a/mozilla/security/jss/lib/jss.def
+++ b/mozilla/security/jss/lib/jss.def
@@ -312,6 +312,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPair;
 ;+    global:
 Java_org_mozilla_jss_ssl_SSLSocket_setSSLDefaultOptionMode;
 Java_org_mozilla_jss_ssl_SocketBase_setSSLOptionMode;
+Java_org_mozilla_jss_ssl_SSLSocket_isFipsCipherSuiteNative;
 ;+    local:
 ;+       *;
 ;+};
diff --git a/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c b/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
index d7756686487..1364668439f 100644
--- a/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
+++ b/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
@@ -91,6 +91,24 @@ finish:
     return;
 }
 
+JNIEXPORT jboolean JNICALL
+Java_org_mozilla_jss_ssl_SSLSocket_isFipsCipherSuiteNative(JNIEnv *env,
+                                            jobject self, jint suite)
+{
+    SECStatus status;
+    PRBool bOption = PR_FALSE;
+    SSLCipherSuiteInfo info;
+
+    status = SSL_GetCipherSuiteInfo(suite, &info, sizeof info);
+    if( status != SECSuccess ) {
+        JSSL_throwSSLSocketException(env, "ciphersuite invalid");
+    }
+
+    if (info.isFIPS == 1) bOption = PR_TRUE;
+
+    return bOption;
+}
+
 JNIEXPORT jint JNICALL
 Java_org_mozilla_jss_ssl_SSLSocket_getSSLDefaultOption(JNIEnv *env,
                                             jobject self, jint joption)
diff --git a/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java b/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java
index 5eb4edbebc3..c385a638d67 100644
--- a/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java
+++ b/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java
@@ -1131,6 +1131,18 @@ public class SSLSocket extends java.net.Socket {
         }
     }
 
+     /**
+     * isFipsCipherSuite 
+     *
+     *@return true if the ciphersuite isFIPS, false otherwise 
+     */
+    public static boolean isFipsCipherSuite(int ciphersuite) throws SocketException {
+        return isFipsCipherSuiteNative(ciphersuite);
+    }
+
+    private static native boolean isFipsCipherSuiteNative(int ciphersuite)
+        throws SocketException;
+
     /**
      * Returns a list of cipher suites that are implemented by NSS.
      * Each element in the array will be one of the cipher suite constants
@@ -1139,6 +1151,13 @@ public class SSLSocket extends java.net.Socket {
      */
     public static native int[] getImplementedCipherSuites();
 
+    /**
+     *
+     * Note the following cipher-suites constants are not all implemented.
+     * You need to call getImplementedCiphersuites.
+     *
+     */
+
     public final static int SSL2_RC4_128_WITH_MD5                  = 0xFF01;
     public final static int SSL2_RC4_128_EXPORT40_WITH_MD5         = 0xFF02;
     public final static int SSL2_RC2_128_CBC_WITH_MD5              = 0xFF03;
@@ -1213,5 +1232,49 @@ public class SSLSocket extends java.net.Socket {
     public final static int TLS_DHE_RSA_WITH_AES_256_CBC_SHA      =  0x0039;
     public final static int TLS_DH_ANON_WITH_AES_256_CBC_SHA      =  0x003A;
 
+    public final static int TLS_RSA_WITH_CAMELLIA_128_CBC_SHA     =  0x0041;
+    public final static int TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA  =  0x0042;
+    public final static int TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA  =  0x0043;
+    public final static int TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA =  0x0044;
+    public final static int TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA =  0x0045;
+    public final static int TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA =  0x0046;
+
+    public final static int TLS_RSA_WITH_CAMELLIA_256_CBC_SHA     =  0x0084;
+    public final static int TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA  =  0x0085;
+    public final static int TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA  =  0x0086;
+    public final static int TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA =  0x0087;
+    public final static int TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA =  0x0088;
+    public final static int TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA =  0x0089;
+
+    public final static int TLS_ECDH_ECDSA_WITH_NULL_SHA          =  0xc001;
+    public final static int TLS_ECDH_ECDSA_WITH_RC4_128_SHA       =  0xc002;
+    public final static int TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA  =  0xc003;
+    public final static int TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA   =  0xc004;
+    public final static int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA   =  0xc005;
+
+    public final static int TLS_ECDHE_ECDSA_WITH_NULL_SHA         =  0xc006;
+    public final static int TLS_ECDHE_ECDSA_WITH_RC4_128_SHA      =  0xc007;
+    public final static int TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA =  0xc008;
+    public final static int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA  =  0xc009;
+    public final static int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA  =  0xc00a;
+
+    public final static int TLS_ECDH_RSA_WITH_NULL_SHA            =  0xc00b;
+    public final static int TLS_ECDH_RSA_WITH_RC4_128_SHA         =  0xc00c;
+    public final static int TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA    =  0xc00d;
+    public final static int TLS_ECDH_RSA_WITH_AES_128_CBC_SHA     =  0xc00e;
+    public final static int TLS_ECDH_RSA_WITH_AES_256_CBC_SHA     =  0xc00f;
+
+    public final static int TLS_ECDHE_RSA_WITH_NULL_SHA           =  0xc010;
+    public final static int TLS_ECDHE_RSA_WITH_RC4_128_SHA        =  0xc011;
+    public final static int TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA   =  0xc012;
+    public final static int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA    =  0xc013;
+    public final static int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA    =  0xc014;
+
+    public final static int TLS_ECDH_anon_WITH_NULL_SHA           =  0xc015;
+    public final static int TLS_ECDH_anon_WITH_RC4_128_SHA        =  0xc016;
+    public final static int TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA   =  0xc017;
+    public final static int TLS_ECDH_anon_WITH_AES_128_CBC_SHA    =  0xc018;
+    public final static int TLS_ECDH_anon_WITH_AES_256_CBC_SHA    =  0xc019;
+
 }
 
diff --git a/mozilla/security/jss/org/mozilla/jss/tests/SSLClientAuth.java b/mozilla/security/jss/org/mozilla/jss/tests/SSLClientAuth.java
index 2c50f81c992..63387e4c988 100644
--- a/mozilla/security/jss/org/mozilla/jss/tests/SSLClientAuth.java
+++ b/mozilla/security/jss/org/mozilla/jss/tests/SSLClientAuth.java
@@ -55,9 +55,11 @@ import java.io.PrintWriter;
 import java.io.BufferedWriter;
 import java.io.OutputStreamWriter;
 import java.io.*;
+import java.net.SocketException;
 
 public class SSLClientAuth implements Runnable {
 
+    private CryptoManager cm;
     public static final SignatureAlgorithm sigAlg = 
             SignatureAlgorithm.RSASignatureWithSHA1Digest;
 
@@ -141,7 +143,7 @@ public class SSLClientAuth implements Runnable {
         }
 
         CryptoManager.initialize(args[0]);
-        CryptoManager cm = CryptoManager.getInstance();
+        cm = CryptoManager.getInstance();
         CryptoToken tok = cm.getInternalKeyStorageToken();
 
         PasswordCallback cb = new FilePasswordCallback(args[1]);
@@ -207,13 +209,7 @@ public class SSLClientAuth implements Runnable {
         clientCertNick = "clientcertnick"+rand;
         nssClientCert = cm.importCertPackage(
             ASN1Util.encode(clientCert), clientCertNick);
-        //Disable SSL2 and SSL3 ciphers
-        SSLSocket.enableSSL2Default(false);
-        SSLSocket.enableSSL3Default(false);
-        //The cipher TLS_RSA_WITH_AES_128_CBC_SHA is chosen since 
-        //it works when the NSS database is FIPS mode and also non FIPS mode
-        SSLSocket.setCipherPreferenceDefault(
-            SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA, true);
+        configureDefaultSSLoptions();
 
         useNickname = false;
         testConnection();
@@ -229,6 +225,38 @@ public class SSLClientAuth implements Runnable {
     }
 
     private boolean useNickname;
+    
+    private void configureDefaultSSLoptions() {
+        try {
+            //Disable SSL2 and SSL3 ciphers
+            SSLSocket.enableSSL2Default(false);
+            SSLSocket.enableSSL3Default(false);
+            /* TLS is enabled by default */
+            
+            /* if FIPS is enabled, configure only FIPS ciphersuites */
+            if (cm.FIPSEnabled()) {
+                System.out.println("The NSS database is confirued in FIPS" +
+                    "mode.");
+                System.out.println("Enable ony FIPS ciphersuites.");
+                int ciphers[] =
+                org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
+                for (int i = 0; i < ciphers.length;  ++i) {
+                    if (SSLSocket.isFipsCipherSuite(ciphers[i])) {
+                        /* enable the FIPS ciphersuite */
+                        SSLSocket.setCipherPreferenceDefault(ciphers[i], true);
+                    } else if (SSLSocket.getCipherPreferenceDefault(
+                            ciphers[i])) {
+                        /* disable the non fips ciphersuite */
+                        SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
+                    }
+                }
+            }
+        } catch (SocketException ex) {
+            System.out.println("Error configuring default SSL options.");
+            ex.printStackTrace();
+            System.exit(1);
+        }
+    }
 
     private void testConnection() throws Exception {
         serverReady = false;
@@ -260,7 +288,8 @@ public class SSLClientAuth implements Runnable {
 
         // force the handshake
         sock.forceHandshake();
-        System.out.println("client forced handshake");
+        String cipher = sock.getStatus().getCipher();
+        System.out.println("client forced handshake. ciphersuite: " + cipher);
         sock.close();
 
         // wait for the server to finish