When tweaking NSS and removing ciphers from the source code (for whatever reason), and consequently modifying file ssl3con.c (removing entries from array cipherSuites), ... ... it's possible the developer forgets to decrease value ssl_V3_SUITES_IMPLEMENTED in the separate location, in file sslimpl.h Maybe you'll say "nobody should or will ever forget that"? Wrong :-) I propose to convert this array into a zero-terminated array. I propose to adjust the code that iterates over this array to not be bound by ssl_V3_SUITES_IMPLEMENTED, but instead iterate until the zero terminator is found. Thanks a lot to Wan-Teh.
What's security sensitive about this? No committed code is flawed. A patch with the defects described above should not get past review. http://mxr.mozilla.org/security/ident?i=ssl_V3_SUITES_IMPLEMENTED reveals that the reason that the dimension of the static (global) array cipherSuites has a fixed dimension is that the dimension of that array MUST be identical to the dimension of the array with the same name in the sslsocket structure.