Restore the NULL-SHA ciphersuite. (Alas.)

Change-Id: Ia5398f3b86a13fb20dba053f730b51a0e57b9aa4
Reviewed-on: https://boringssl-review.googlesource.com/5791
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 5259dae..1875a26 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -773,6 +773,7 @@
 	{"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
 	{"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
 	{"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
+	{"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
 }
 
 func hasComponent(suiteName, component string) bool {
@@ -787,7 +788,7 @@
 }
 
 func isDTLSCipher(suiteName string) bool {
-	return !hasComponent(suiteName, "RC4")
+	return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
 }
 
 func bigFromHex(hex string) *big.Int {
@@ -1968,6 +1969,10 @@
 				"-psk", psk,
 				"-psk-identity", pskIdentity)
 		}
+		if hasComponent(suite.name, "NULL") {
+			// NULL ciphers must be explicitly enabled.
+			flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
+		}
 
 		for _, ver := range tlsVersions {
 			if ver.version < VersionTLS12 && isTLS12Only(suite.name) {