e4d72e
diff -up nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc
e4d72e
--- nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set	2019-04-26 16:56:32.753283497 +0200
e4d72e
+++ nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc	2019-04-26 16:56:51.096889439 +0200
e4d72e
@@ -151,12 +151,6 @@ class TestPolicyVersionRange
e4d72e
   }
e4d72e
 
e4d72e
   bool IsValidInputForVersionRangeSet(SSLVersionRange* expectedEffectiveRange) {
e4d72e
-    if (input_.min() <= SSL_LIBRARY_VERSION_3_0 &&
e4d72e
-        input_.max() >= SSL_LIBRARY_VERSION_TLS_1_3) {
e4d72e
-      // This is always invalid input, independent of policy
e4d72e
-      return false;
e4d72e
-    }
e4d72e
-
e4d72e
     if (input_.min() < library_.min() || input_.max() > library_.max() ||
e4d72e
         input_.min() > input_.max()) {
e4d72e
       // Asking for unsupported ranges is invalid input for VersionRangeSet
e4d72e
diff -up nss/lib/ssl/sslsock.c.version-range-set nss/lib/ssl/sslsock.c
e4d72e
--- nss/lib/ssl/sslsock.c.version-range-set	2019-04-26 16:56:11.810733383 +0200
e4d72e
+++ nss/lib/ssl/sslsock.c	2019-04-26 16:56:11.813733319 +0200
e4d72e
@@ -2542,13 +2542,6 @@ SSL_VersionRangeGetDefault(SSLProtocolVa
e4d72e
     return ssl3_CreateOverlapWithPolicy(protocolVariant, vrange, vrange);
e4d72e
 }
e4d72e
 
e4d72e
-static PRBool
e4d72e
-ssl3_HasConflictingSSLVersions(const SSLVersionRange *vrange)
e4d72e
-{
e4d72e
-    return (vrange->min <= SSL_LIBRARY_VERSION_3_0 &&
e4d72e
-            vrange->max >= SSL_LIBRARY_VERSION_TLS_1_3);
e4d72e
-}
e4d72e
-
e4d72e
 static SECStatus
e4d72e
 ssl3_CheckRangeValidAndConstrainByPolicy(SSLProtocolVariant protocolVariant,
e4d72e
                                          SSLVersionRange *vrange)
e4d72e
@@ -2557,8 +2550,7 @@ ssl3_CheckRangeValidAndConstrainByPolicy
e4d72e
 
e4d72e
     if (vrange->min > vrange->max ||
e4d72e
         !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->min) ||
e4d72e
-        !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max) ||
e4d72e
-        ssl3_HasConflictingSSLVersions(vrange)) {
e4d72e
+        !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max)) {
e4d72e
         PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
e4d72e
         return SECFailure;
e4d72e
     }