diff -up ./nss/lib/ssl/ssl3con.c.use_oids ./nss/lib/ssl/ssl3con.c
--- ./nss/lib/ssl/ssl3con.c.use_oids 2016-02-24 12:01:55.488253556 -0800
+++ ./nss/lib/ssl/ssl3con.c 2016-02-24 12:09:18.099513245 -0800
@@ -4950,7 +4950,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *
rv = SECFailure;
goto tls12_loser;
}
- hashes->hashAlg = hashOid->offset;
+ hashes->hashAlg = ssl3_OIDToTLSHashAlgorithm(hashOid->offset);
PORT_Assert(hashes->hashAlg == ssl_hash_sha256 ||
hashes->hashAlg == ssl_hash_sha384);
if (hashes->hashAlg != ssl_hash_sha256 &&
@@ -9581,7 +9581,7 @@ ssl3_EncodeCertificateRequestSigAlgs(ssl
/* Note that we don't support a handshake hash with anything other than
* SHA-256, so asking for a signature from clients for something else
* would be inviting disaster. */
- if (alg->hashAlg == ssl_hash_sha256 /* || alg->hashAlg == ssl_hash_sha384*/) {
+ if (alg->hashAlg == ssl_hash_sha256 || alg->hashAlg == ssl_hash_sha384) {
buf[(*len)++] = (PRUint8)alg->hashAlg;
buf[(*len)++] = (PRUint8)alg->sigAlg;
}