diff -rupN mod_nss-1.0.8.orig/nss.conf.in mod_nss-1.0.8/nss.conf.in
--- mod_nss-1.0.8.orig/nss.conf.in	2015-01-05 14:40:03.982283416 -0700
+++ mod_nss-1.0.8/nss.conf.in	2015-01-05 14:42:42.454075939 -0700
@@ -126,7 +126,7 @@ NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4
 #   Since all protocol ranges are completely inclusive, and no protocol in the
 #   middle of a range may be excluded, the entry "NSSProtocol SSLv3,TLSv1.1"
 #   is identical to the entry "NSSProtocol SSLv3,TLSv1.0,TLSv1.1".
-NSSProtocol SSLv3,TLSv1.0,TLSv1.1
+NSSProtocol TLSv1.0,TLSv1.1
 
 #   SSL Certificate Nickname:
 #   The nickname of the RSA server certificate you are going to use.
diff -rupN mod_nss-1.0.8.orig/nss_engine_init.c mod_nss-1.0.8/nss_engine_init.c
--- mod_nss-1.0.8.orig/nss_engine_init.c	2015-01-05 14:40:03.951283261 -0700
+++ mod_nss-1.0.8/nss_engine_init.c	2015-01-06 10:59:47.866985758 -0700
@@ -646,10 +646,10 @@ static void nss_init_ctx_protocol(server
     } else {
         if (mctx->auth.protocols == NULL) {
             ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-                         "%s value not set; using: SSLv3, TLSv1.0, and TLSv1.1",
+                         "%s value not set; using: TLSv1.0 and TLSv1.1",
                          protocol_marker);
 
-            ssl3 = tls = tls1_1 = 1;
+            tls = tls1_1 = 1;
         } else {
             lprotocols = strdup(mctx->auth.protocols);
             ap_str_tolower(lprotocols);