Index: Python-2.7/Lib/ssl.py
===================================================================
--- Python-2.7/Lib/ssl.py	(revision 74703)
+++ Python-2.7/Lib/ssl.py	(working copy)
@@ -88,7 +88,7 @@
                  server_side=False, cert_reqs=CERT_NONE,
                  ssl_version=PROTOCOL_SSLv23, ca_certs=None,
                  do_handshake_on_connect=True,
-                 suppress_ragged_eofs=True):
+                 suppress_ragged_eofs=True, cipher_list=None):
         socket.__init__(self, _sock=sock._sock)
         # the initializer for socket trashes the methods (tsk, tsk), so...
         self.send = lambda data, flags=0: SSLSocket.send(self, data, flags)
@@ -110,7 +110,8 @@
             # yes, create the SSL object
             self._sslobj = _ssl.sslwrap(self._sock, server_side,
                                         keyfile, certfile,
-                                        cert_reqs, ssl_version, ca_certs)
+                                        cert_reqs, ssl_version,
+                                        ca_certs, cipher_list)
             if do_handshake_on_connect:
                 timeout = self.gettimeout()
                 try:
Index: Python-2.7/Modules/_ssl.c
===================================================================
--- Python-2.7/Modules/_ssl.c	(revision 74703)
+++ Python-2.7/Modules/_ssl.c	(working copy)
@@ -261,7 +261,8 @@
 	       enum py_ssl_server_or_client socket_type,
 	       enum py_ssl_cert_requirements certreq,
 	       enum py_ssl_version proto_version,
-	       char *cacerts_file)
+	       char *cacerts_file,
+	       char *cipher_list)
 {
 	PySSLObject *self;
 	char *errstr = NULL;
@@ -366,6 +367,9 @@
 	SSL_CTX_set_verify(self->ctx, verification_mode,
 			   NULL); /* set verify lvl */
 
+	if (cipher_list)
+		SSL_CTX_set_cipher_list(self->ctx, cipher_list);
+
 	PySSL_BEGIN_ALLOW_THREADS
 	self->ssl = SSL_new(self->ctx); /* New ssl struct */
 	PySSL_END_ALLOW_THREADS
@@ -407,14 +411,17 @@
 	char *key_file = NULL;
 	char *cert_file = NULL;
 	char *cacerts_file = NULL;
+	char *cipher_list = NULL;
 
-	if (!PyArg_ParseTuple(args, "O!i|zziiz:sslwrap",
+
+	if (!PyArg_ParseTuple(args, "O!i|zziizz:sslwrap",
 			      PySocketModule.Sock_Type,
 			      &Sock,
 			      &server_side,
 			      &key_file, &cert_file,
 			      &verification_mode, &protocol,
-			      &cacerts_file))
+			      &cacerts_file,
+			      &cipher_list))
 		return NULL;
 
 	/*
@@ -427,12 +434,12 @@
 
 	return (PyObject *) newPySSLObject(Sock, key_file, cert_file,
 					   server_side, verification_mode,
-					   protocol, cacerts_file);
+					   protocol, cacerts_file, cipher_list);
 }
 
 PyDoc_STRVAR(ssl_doc,
 "sslwrap(socket, server_side, [keyfile, certfile, certs_mode, protocol,\n"
-"                              cacertsfile]) -> sslobject");
+"                              cacertsfile, cipherlist]) -> sslobject");
 
 /* SSL object methods */