diff --git a/SOURCES/nss-util-3.19.1-tls12-mechanisms.patch b/SOURCES/nss-util-3.19.1-tls12-mechanisms.patch
new file mode 100644
index 0000000..24c816b
--- /dev/null
+++ b/SOURCES/nss-util-3.19.1-tls12-mechanisms.patch
@@ -0,0 +1,86 @@
+diff --git a/lib/util/pkcs11t.h b/lib/util/pkcs11t.h
+--- a/lib/util/pkcs11t.h
++++ b/lib/util/pkcs11t.h
+@@ -819,16 +819,26 @@ typedef CK_ULONG          CK_MECHANISM_T
+ /* WTLS mechanisms are new for v2.20 */
+ #define CKM_WTLS_PRE_MASTER_KEY_GEN         0x000003D0
+ #define CKM_WTLS_MASTER_KEY_DERIVE          0x000003D1
+ #define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC   0x000003D2
+ #define CKM_WTLS_PRF                        0x000003D3
+ #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE  0x000003D4
+ #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE  0x000003D5
+ 
++/* TLS 1.2 mechanisms are new for v2.40 */
++#define CKM_TLS12_MASTER_KEY_DERIVE         0x000003E0
++#define CKM_TLS12_KEY_AND_MAC_DERIVE        0x000003E1
++#define CKM_TLS12_MASTER_KEY_DERIVE_DH      0x000003E2
++#define CKM_TLS10_MAC_SERVER                0x000003E3
++#define CKM_TLS10_MAC_CLIENT                0x000003E4
++#define CKM_TLS12_MAC                       0x000003E5
++#define CKM_TLS12_KEY_SAFE_DERIVE           0x000003E6
++#define CKM_TLS_KDF                         0x000003E7
++
+ #define CKM_KEY_WRAP_LYNKS             0x00000400
+ #define CKM_KEY_WRAP_SET_OAEP          0x00000401
+ 
+ /* CKM_CMS_SIG is new for v2.20 */
+ #define CKM_CMS_SIG                    0x00000500
+ 
+ /* Fortezza mechanisms */
+ #define CKM_SKIPJACK_KEY_GEN           0x00001000
+@@ -1643,16 +1653,55 @@ typedef struct CK_TLS_PRF_PARAMS {
+   CK_BYTE_PTR  pLabel;
+   CK_ULONG     ulLabelLen;
+   CK_BYTE_PTR  pOutput;
+   CK_ULONG_PTR pulOutputLen;
+ } CK_TLS_PRF_PARAMS;
+ 
+ typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
+ 
++/* TLS 1.2 is new for version 2.40 */
++typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
++  CK_SSL3_RANDOM_DATA RandomInfo;
++  CK_VERSION_PTR pVersion;
++  CK_MECHANISM_TYPE prfHashMechanism;
++} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
++
++typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \
++  CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
++
++typedef struct CK_TLS12_KEY_MAT_PARAMS {
++  CK_ULONG ulMacSizeInBits;
++  CK_ULONG ulKeySizeInBits;
++  CK_ULONG ulIVSizeInBits;
++  CK_BBOOL bIsExport;  /* Unused. Must be set to CK_FALSE. */
++  CK_SSL3_RANDOM_DATA RandomInfo;
++  CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
++  CK_MECHANISM_TYPE prfHashMechanism;
++} CK_TLS12_KEY_MAT_PARAMS;
++
++typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
++
++typedef struct CK_TLS_KDF_PARAMS {
++  CK_MECHANISM_TYPE prfMechanism;
++  CK_BYTE_PTR pLabel;
++  CK_ULONG ulLabelLength;
++  CK_SSL3_RANDOM_DATA RandomInfo;
++  CK_BYTE_PTR pContextData;
++  CK_ULONG ulContextDataLength;
++} CK_TLS_KDF_PARAMS;
++
++typedef struct CK_TLS12_MAC_PARAMS {
++  CK_MECHANISM_TYPE prfHashMechanism;
++  CK_ULONG ulMacLength;
++  CK_ULONG ulServerOrClient;
++} CK_TLS12_MAC_PARAMS;
++
++typedef CK_TLS12_MAC_PARAMS CK_PTR CK_TLS12_MAC_PARAMS_PTR;
++
+ /* WTLS is new for version 2.20 */
+ typedef struct CK_WTLS_RANDOM_DATA {
+   CK_BYTE_PTR pClientRandom;
+   CK_ULONG    ulClientRandomLen;
+   CK_BYTE_PTR pServerRandom;
+   CK_ULONG    ulServerRandomLen;
+ } CK_WTLS_RANDOM_DATA;
+ 
diff --git a/SPECS/nss-util.spec b/SPECS/nss-util.spec
index 4b779d7..9f28188 100644
--- a/SPECS/nss-util.spec
+++ b/SPECS/nss-util.spec
@@ -3,7 +3,7 @@
 Summary:          Network Security Services Utilities Library
 Name:             nss-util
 Version:          3.19.1
-Release:          1%{?dist}
+Release:          3%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -34,6 +34,7 @@ Source3:          nss-util-config.in
 Patch1: build-nss-util-only.patch
 Patch2: hasht-dont-include-prtypes.patch
 Patch7: pkcs1sig-include-prtypes.patch
+Patch8: nss-util-3.19.1-tls12-mechanisms.patch
 
 %description
 Utilities for Network Security Services and the Softoken module
@@ -57,6 +58,9 @@ Header and library files for doing development with Network Security Services.
 %patch1 -p0 -b .utilonly
 %patch2 -p0 -b .prtypes
 %patch7 -p0 -b .include_prtypes
+pushd nss
+%patch8 -p1 -b .tls12_mechs
+popd
 
 
 %build
@@ -223,6 +227,12 @@ done
 %{_includedir}/nss3/templates/templates.c
 
 %changelog
+* Thu Jun 18 2015 Elio Maldonado <emaldona@redhat.com> - 3.19.1-3
+- Remove unused patch
+
+* Thu Jun 18 2015 Elio Maldonado <emaldona@redhat.com> - 3.19.1-2
+- Add support for TLS 1.2 SHA384 per PKCS #11 v2.40
+
 * Fri Jun 05 2015 Elio Maldonado <emaldona@redhat.com> - 3.19.1-1
 - Rebase to nss-3.19.1
 - Resolves: Bug 1224451