diff -up nss/cmd/fipstest/fipstest.c.1212106 nss/cmd/fipstest/fipstest.c
--- nss/cmd/fipstest/fipstest.c.1212106	2015-04-28 15:10:27.428991019 -0700
+++ nss/cmd/fipstest/fipstest.c	2015-04-28 15:14:18.281661223 -0700
@@ -5746,12 +5746,13 @@ tls(char *reqfn)
 
     CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE , NULL, 0 };
     CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE , NULL, 0};
-    CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
-    CK_SSL3_KEY_MAT_PARAMS key_block_params;
+    CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
+    CK_TLS12_KEY_MAT_PARAMS key_block_params;
     CK_SSL3_KEY_MAT_OUT key_material;
     CK_RV crv;
 
     /* set up PKCS #11 parameters */
+    master_params.prfHashMechanism = CKM_SHA256;
     master_params.pVersion = NULL;
     master_params.RandomInfo.pClientRandom = clientHello_random;
     master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random);
@@ -5759,6 +5760,7 @@ tls(char *reqfn)
     master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random);
     master_mech.pParameter = (void *) &master_params;
     master_mech.ulParameterLen = sizeof(master_params);
+    key_block_params.prfHashMechanism = CKM_SHA256;
     key_block_params.ulMacSizeInBits = 0;
     key_block_params.ulKeySizeInBits = 0;
     key_block_params.ulIVSizeInBits = 0;
@@ -5801,14 +5803,35 @@ tls(char *reqfn)
         /* [Xchange - SHA1] */
         if (buf[0] == '[') {
             if (strncmp(buf, "[TLS", 4)  == 0) {
-		if (buf[7] == '0') {
-    		    master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE;
-    		    key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
-		} else if (buf[7] == '2') {
-    		    master_mech.mechanism = 
-					CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256;
-    		    key_block_mech.mechanism = 
-					CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+                if (buf[7] == '0') {
+                    master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE;
+                    key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
+                    master_mech.ulParameterLen = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS);
+                    key_block_mech.ulParameterLen = sizeof(CK_SSL3_KEY_MAT_PARAMS);
+                } else if (buf[7] == '2') {
+                    if (strncmp(&buf[10], "SHA-1", 5) == 0) {
+		       master_params.prfHashMechanism = CKM_SHA_1;
+		       key_block_params.prfHashMechanism = CKM_SHA_1;
+                    } else if (strncmp(&buf[10], "SHA-224", 7) == 0) {
+		       master_params.prfHashMechanism = CKM_SHA224;
+		       key_block_params.prfHashMechanism = CKM_SHA224;
+		    } else if (strncmp(&buf[10], "SHA-256", 7) == 0) {
+		       master_params.prfHashMechanism = CKM_SHA256;
+		       key_block_params.prfHashMechanism = CKM_SHA256;
+		    } else if (strncmp(&buf[10], "SHA-384", 7)== 0) {
+		       master_params.prfHashMechanism = CKM_SHA384;
+		       key_block_params.prfHashMechanism = CKM_SHA384;
+                    } else if (strncmp(&buf[10], "SHA-512", 7) == 0) {
+		       master_params.prfHashMechanism = CKM_SHA512;
+		       key_block_params.prfHashMechanism = CKM_SHA512;
+                    } else {
+                        fprintf(tlsresp, "ERROR: Unable to find prf Hash type");
+                        goto loser;
+                    }
+                    master_mech.mechanism = CKM_TLS12_MASTER_KEY_DERIVE;
+                    key_block_mech.mechanism = CKM_TLS12_KEY_AND_MAC_DERIVE;
+                    master_mech.ulParameterLen = sizeof(master_params);
+                    key_block_mech.ulParameterLen = sizeof(key_block_params);
 		} else {
 		    fprintf(stderr, "Unknown TLS type %x\n", buf);
 		    goto loser;
@@ -6121,6 +6144,11 @@ int main(int argc, char **argv)
     } else if (strcmp(argv[1], "ddrbg") == 0) {
 	debug = 1;
 	drbg(argv[2]);
+    /*************/
+    /*   TLS     */
+    /*************/
+    } else if (strcmp(argv[1], "tls") == 0) {
+        tls(argv[2]);
     }
     return 0;
 }