Index: java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
===================================================================
--- java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java	(revision 1556981)
+++ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java	(working copy)
@@ -52,6 +52,7 @@
 import javax.net.ssl.ManagerFactoryParameters;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.SSLSession;
@@ -749,6 +750,19 @@
 
         socket.setEnabledCipherSuites(enabledCiphers);
         socket.setEnabledProtocols(enabledProtocols);
+        
+        SSLParameters sslParameters = socket.getSSLParameters();
+        java.lang.reflect.Method method;
+        try {
+            method = sslParameters.getClass().getMethod("setUseCipherSuitesOrder", Boolean.TYPE);
+            method.invoke(sslParameters, true);
+        } catch (NoSuchMethodException e) {
+            System.out.println("Your JDK doesn't support method setUseCipherSuitesOrder.");
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+        socket.setSSLParameters(sslParameters);
+        
 
         // we don't know if client auth is needed -
         // after parsing the request we may re-handshake