diff -rupN mod_nss-1.0.8.orig/nss.conf.in mod_nss-1.0.8/nss.conf.in
--- mod_nss-1.0.8.orig/nss.conf.in 2015-01-05 14:40:03.982283416 -0700
+++ mod_nss-1.0.8/nss.conf.in 2015-01-05 14:42:42.454075939 -0700
@@ -126,7 +126,7 @@ NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4
# Since all protocol ranges are completely inclusive, and no protocol in the
# middle of a range may be excluded, the entry "NSSProtocol SSLv3,TLSv1.1"
# is identical to the entry "NSSProtocol SSLv3,TLSv1.0,TLSv1.1".
-NSSProtocol SSLv3,TLSv1.0,TLSv1.1
+NSSProtocol TLSv1.0,TLSv1.1
# SSL Certificate Nickname:
# The nickname of the RSA server certificate you are going to use.
diff -rupN mod_nss-1.0.8.orig/nss_engine_init.c mod_nss-1.0.8/nss_engine_init.c
--- mod_nss-1.0.8.orig/nss_engine_init.c 2015-01-05 14:40:03.951283261 -0700
+++ mod_nss-1.0.8/nss_engine_init.c 2015-01-06 10:59:47.866985758 -0700
@@ -646,10 +646,10 @@ static void nss_init_ctx_protocol(server
} else {
if (mctx->auth.protocols == NULL) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "%s value not set; using: SSLv3, TLSv1.0, and TLSv1.1",
+ "%s value not set; using: TLSv1.0 and TLSv1.1",
protocol_marker);
- ssl3 = tls = tls1_1 = 1;
+ tls = tls1_1 = 1;
} else {
lprotocols = strdup(mctx->auth.protocols);
ap_str_tolower(lprotocols);