diff --git a/src/common/get_mozilla_ciphers.py b/src/common/get_mozilla_ciphers.py
index 9b8af2e0ad..629b4dc58f 100644
--- a/src/common/get_mozilla_ciphers.py
+++ b/src/common/get_mozilla_ciphers.py
@@ -54,11 +54,35 @@ fileA.close()
 
 # Parse the lines and put them into a dict
 ciphers = {}
+cipher_pref = {}
 for line in cipherLines:
     m = re.search(r'^{\s*\"([^\"]+)\",\s*(\S*)\s*}', line)
     if m:
         key,value = m.groups()
         ciphers[key] = value
+        cipher_pref[value] = key
+
+####
+# Now find the correct order for the ciphers
+fileC = open(ff('security/nss/lib/ssl/sslenum.c'), 'r')
+firefox_ciphers = []
+inEnum=False
+for line in fileC:
+    if not inEnum:
+        if "SSL_ImplementedCiphers[] =" in line:
+            inEnum = True
+        continue
+
+    if line.startswith("};"):
+        break
+
+    m = re.match(r'^\s*([A-Z_0-9]+)\s*', line)
+    if m:
+        if m.group(1) == "0":
+            break
+        firefox_ciphers.append(m.group(1))
+
+fileC.close()
 
 #####
 # Read the JS file to understand what ciphers are enabled.  The format is
@@ -111,28 +135,59 @@ for x in used_ciphers:
 ####
 # Now read through all the openssl include files, and try to find the openssl
 # macro names for those files.
-cipher_hex = {}
+openssl_macro_by_hex = {}
+all_openssl_macros = {}
 for fl in oSSLinclude:
     fp = open(ossl(fl), 'r')
     for line in fp.readlines():
         m = re.match('#define\s+(\S+)\s+(\S+)', line)
         if m:
             value,key = m.groups()
-            if key.startswith('0x'):
+            if key.startswith('0x') and "_CK_" in value:
                 key = key.replace('0x0300','0x').lower()
                 #print "%s %s" % (key, value)
-                cipher_hex[key] = value
+                openssl_macro_by_hex[key] = value
+            all_openssl_macros[value]=key
     fp.close()
 
 # Now generate the output.
-for x in cipher_codes:
-    try:
-        res = """#ifdef %s
-        CIPHER(%s, %s)
-    #else
-       XCIPHER(%s, %s)
-    #endif""" % (cipher_hex[x], x, cipher_hex[x], x, cipher_hex[x])
-        print res
-    except KeyError:
-        print "Not found %s" % x
+print """\
+/* This is an include file used to define the list of ciphers clients should
+ * advertise.  Before including it, you should define the CIPHER and XCIPHER
+ * macros.
+ *
+ * This file was automatically generated by get_mozilla_ciphers.py.
+ */"""
+# Go in order by the order in CipherPrefs
+for firefox_macro in firefox_ciphers:
 
+    try:
+        js_cipher_name = cipher_pref[firefox_macro]
+    except KeyError:
+        # This one has no javascript preference.
+        continue
+
+    # The cipher needs to be enabled in security-prefs.js
+    if enabled_ciphers.get(js_cipher_name, 'false') != 'true':
+        continue
+
+    hexval = sslProtoD[firefox_macro]
+
+    try:
+        openssl_macro = openssl_macro_by_hex[hexval.lower()]
+        openssl_macro = openssl_macro.replace("_CK_", "_TXT_")
+        if openssl_macro not in all_openssl_macros:
+            raise KeyError()
+        format = {'hex':hexval, 'macro':openssl_macro, 'note':""}
+    except KeyError:
+        # openssl doesn't have a macro for this.
+        format = {'hex':hexval, 'macro':firefox_macro,
+                  'note':"/* No openssl macro found for "+hexval+" */\n"}
+
+    res = """\
+%(note)s#ifdef %(macro)s
+    CIPHER(%(hex)s, %(macro)s)
+#else
+   XCIPHER(%(hex)s, %(macro)s)
+#endif""" % format
+    print res