diff --git a/u_common.go b/u_common.go
index e8dfd74..a2e3645 100644
--- a/u_common.go
+++ b/u_common.go
@@ -5,6 +5,8 @@
 package tls
 
 import (
+	"crypto/hmac"
+	"crypto/sha512"
 	"fmt"
 )
 
@@ -25,6 +27,10 @@ const (
 	OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = uint16(0xcc13)
 	OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = uint16(0xcc14)
 
+	DISABLED_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = uint16(0xc024)
+	DISABLED_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   = uint16(0xc028)
+	DISABLED_TLS_RSA_WITH_AES_256_CBC_SHA256         = uint16(0x003d)
+
 	FAKE_OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = uint16(0xcc15) // we can try to craft these ciphersuites
 	FAKE_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256           = uint16(0x009e) // from existing pieces, if needed
 
@@ -103,6 +109,11 @@ var (
 	HelloAndroid_5_1_Browser ClientHelloID = ClientHelloID{helloAndroid, 22}
 )
 
+// utlsMacSHA384 returns a SHA-384.
+func utlsMacSHA384(version uint16, key []byte) macFunction {
+	return tls10MAC{hmac.New(sha512.New384, key)}
+}
+
 var utlsSupportedSignatureAlgorithms []signatureAndHash
 var utlsSupportedCipherSuites []*cipherSuite
 
@@ -113,5 +124,22 @@ func init() {
 		{OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheRSAKA,
 			suiteECDHE | suiteTLS12 | suiteDefaultOff, nil, nil, aeadChaCha20Poly1305},
 		{OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheECDSAKA,
-			suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff, nil, nil, aeadChaCha20Poly1305}}...)
+			suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff, nil, nil, aeadChaCha20Poly1305},
+	}...)
+}
+
+// EnableWeakCiphers allows utls connections to continue in some cases, when weak cipher was chosen.
+// This provides better compatibility with servers on the web, but weakens security. Feel free
+// to use this option if you establish additional secure connection inside of utls connection.
+// This option does not change the shape of parrots (i.e. same ciphers will be offered either way).
+func EnableWeakCiphers() {
+	utlsSupportedCipherSuites = append(cipherSuites, []*cipherSuite{
+		{DISABLED_TLS_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, rsaKA,
+			suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
+
+		{DISABLED_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheECDSAKA,
+			suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff | suiteSHA384, cipherAES, utlsMacSHA384, nil},
+		{DISABLED_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheRSAKA,
+			suiteECDHE | suiteTLS12 | suiteDefaultOff | suiteSHA384, cipherAES, utlsMacSHA384, nil},
+	}...)
 }