diff --git a/.gitignore b/.gitignore
index 55cb85a..fadcdf8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,7 +9,7 @@ SOURCES/cert8.db.xml
 SOURCES/cert9.db.xml
 SOURCES/key3.db.xml
 SOURCES/key4.db.xml
-SOURCES/nss-3.19.1.tar.gz
+SOURCES/nss-3.21.0.tar.gz
 SOURCES/nss-config.xml
 SOURCES/nss-pem-20140125.tar.bz2
 SOURCES/secmod.db.xml
diff --git a/.nss.metadata b/.nss.metadata
index 07697ae..473c632 100644
--- a/.nss.metadata
+++ b/.nss.metadata
@@ -9,7 +9,7 @@ bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 SOURCES/blank-secmod.db
 7cbb7841b1aefe52534704bf2a4358bfea1aa477 SOURCES/cert9.db.xml
 24c123810543ff0f6848647d6d910744e275fb01 SOURCES/key3.db.xml
 af51b16a56fda1f7525a0eed3ecbdcbb4133be0c SOURCES/key4.db.xml
-9e20dee2137265e61ce8a70daaf44fe0315fdb81 SOURCES/nss-3.19.1.tar.gz
+d42285342e5c27c9f884b3d569c865c09c1d6538 SOURCES/nss-3.21.0.tar.gz
 2905c9b06e7e686c9e3c0b5736a218766d4ae4c2 SOURCES/nss-config.xml
 66f2060c35f4e97bdfa163e8bd7cb2ef5e8125d8 SOURCES/nss-pem-20140125.tar.bz2
 ca9ebf79c1437169a02527c18b1e3909943c4be9 SOURCES/secmod.db.xml
diff --git a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
index 07a7eb1..fd29f44 100644
--- a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
+++ b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
@@ -1,31 +1,31 @@
 diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk
 --- a/lib/ssl/config.mk
 +++ b/lib/ssl/config.mk
-@@ -2,16 +2,20 @@
- # This Source Code Form is subject to the terms of the Mozilla Public
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
- 
- ifdef NISCC_TEST
+@@ -7,16 +7,20 @@ ifdef NISCC_TEST
  DEFINES += -DNISCC_TEST
  endif
  
-+ifdef NSS_NO_SSL2
-+DEFINES += -DNSS_NO_SSL2
-+endif
-+
  # Allow build-time configuration of TLS 1.3 (Experimental)
  ifdef NSS_ENABLE_TLS_1_3
  DEFINES += -DNSS_ENABLE_TLS_1_3
  endif
  
++ifdef NSS_NO_SSL2
++DEFINES += -DNSS_NO_SSL2
++endif
++
  ifdef NSS_NO_PKCS11_BYPASS
  DEFINES += -DNO_PKCS11_BYPASS
  else
+ CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
+ 
+ EXTRA_LIBS += \
+ 	$(CRYPTOLIB) \
+ 	$(NULL)
 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
 --- a/lib/ssl/sslsock.c
 +++ b/lib/ssl/sslsock.c
-@@ -650,16 +650,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+@@ -678,16 +678,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
          if (ss->cipherSpecs) {
              PORT_Free(ss->cipherSpecs);
              ss->cipherSpecs     = NULL;
@@ -48,7 +48,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
              break;
          }
          ss->opt.enableSSL2       = on;
-@@ -667,52 +673,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+@@ -695,52 +701,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
              ss->opt.v2CompatibleHello = on;
          }
          ss->preferredCipher     = NULL;
@@ -116,7 +116,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
              rv = SECFailure;
          } else {
              if (PR_FALSE != on) {
-@@ -1127,16 +1148,23 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
+@@ -1180,16 +1201,32 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
      }
      return SECSuccess;
  }
@@ -129,8 +129,17 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
 +    /* both ssl2 and export cipher suites disabled */
 +    if (SSL_IS_SSL2_CIPHER(suite))
 +        return PR_TRUE;
-+    if (SSL_IsExportCipherSuite(suite))
-+      return PR_TRUE;
++    if (SSL_IsExportCipherSuite(suite)) {
++        SSLCipherSuiteInfo csdef;
++        if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess) {
++            /* failure to retrieve info, disable */
++            return PR_TRUE;
++        }
++        if (csdef.symCipher != ssl_calg_null) {
++            /* disable all except NULL ciphersuites */
++            return PR_TRUE;
++        }
++    }
 +#endif /* NSS_NO_SSL2_NO_EXPORT */
      switch (suite) {
      case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
diff --git a/SOURCES/Bug-1001841-disable-sslv2-tests.patch b/SOURCES/Bug-1001841-disable-sslv2-tests.patch
index 6690a46..4479ab1 100644
--- a/SOURCES/Bug-1001841-disable-sslv2-tests.patch
+++ b/SOURCES/Bug-1001841-disable-sslv2-tests.patch
@@ -1,18 +1,11 @@
-diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
---- a/tests/ssl/ssl.sh
-+++ b/tests/ssl/ssl.sh
-@@ -57,19 +57,23 @@ ssl_init()
-   fi
- 
-   PORT=${PORT-8443}
-   NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal}
-   nss_ssl_run="stapling cov auth stress"
+diff -up ./tests/ssl/ssl.sh.disableSSL2tests ./tests/ssl/ssl.sh
+--- ./tests/ssl/ssl.sh.disableSSL2tests	2015-11-08 21:12:59.000000000 -0800
++++ ./tests/ssl/ssl.sh	2016-02-19 21:36:48.900345950 -0800
+@@ -62,9 +62,14 @@ ssl_init()
    NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
  
    # Test case files
 -  SSLCOV=${QADIR}/ssl/sslcov.txt
--  SSLAUTH=${QADIR}/ssl/sslauth.txt
--  SSLSTRESS=${QADIR}/ssl/sslstress.txt
 +  if [ "${NSS_NO_SSL2}" = "1" ]; then
 +    SSLCOV=${QADIR}/ssl/sslcov.noSSL2orExport.txt
 +    SSLSTRESS=${QADIR}/ssl/sslstress.noSSL2orExport.txt
@@ -20,24 +13,16 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
 +    SSLCOV=${QADIR}/ssl/sslcov.txt
 +    SSLSTRESS=${QADIR}/ssl/sslstress.txt
 +  fi
+   SSLAUTH=${QADIR}/ssl/sslauth.txt
+-  SSLSTRESS=${QADIR}/ssl/sslstress.txt
    REQUEST_FILE=${QADIR}/ssl/sslreq.dat
  
    #temparary files
-   SERVEROUTFILE=${TMP}/tests_server.$$
-   SERVERPID=${TMP}/tests_pid.$$
- 
-   R_SERVERPID=../tests_pid.$$
- 
-@@ -115,17 +119,21 @@ is_selfserv_alive()
-   if [ "${OS_ARCH}" = "WINNT" ] && \
-      [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
-       PID=${SHELL_SERVERPID}
-   else
-       PID=`cat ${SERVERPID}`
+@@ -120,7 +125,11 @@ is_selfserv_alive()
    fi
  
    echo "kill -0 ${PID} >/dev/null 2>/dev/null" 
-+  if [[ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]]; then
++  if [ "${NSS_NO_SSL2}" = "1" ] && [[ ${EXP} -eq 0 || ${SSL2} -eq 0 ]]; then
 +  echo "No server to kill"
 +  else
    kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable"
@@ -45,21 +30,11 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
  
    echo "selfserv with PID ${PID} found at `date`"
  }
- 
- ########################### wait_for_selfserv ##########################
- # local shell function to wait until selfserver is running and initialized
- ########################################################################
- wait_for_selfserv()
-@@ -138,17 +146,21 @@ wait_for_selfserv()
-   if [ $? -ne 0 ]; then
-       sleep 5
-       echo "retrying to connect to selfserv at `date`"
-       echo "tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
-       echo "        -d ${P_R_CLIENTDIR} -v < ${REQUEST_FILE}"
+@@ -143,7 +152,11 @@ wait_for_selfserv()
        ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
                -d ${P_R_CLIENTDIR} -v < ${REQUEST_FILE}
        if [ $? -ne 0 ]; then
-+          if [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then
++          if [ "${NSS_NO_SSL2}" = "1" ] && [[ ${EXP} -eq 0 || ${SSL2} -eq 0 ]]; then
 +              html_passed "Server never started"
 +          else
            html_failed "Waiting for Server"
@@ -67,28 +42,45 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
        fi
    fi
    is_selfserv_alive
- }
+@@ -214,15 +227,16 @@ start_selfserv()
+   echo "selfserv starting at `date`"
+   echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
+   echo "         ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID}\\"
+-  echo "         $verbose -H 1 &"
++  echo "         $verbose -H 1 -V ssl3: &"
+   if [ ${fileout} -eq 1 ]; then
+       ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
+                ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 \
+-               > ${SERVEROUTFILE} 2>&1 &
++               -V ssl3:> ${SERVEROUTFILE} 2>&1 &
+       RET=$?
+   else
+       ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
+-               ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 &
++               ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 \
++               -V ssl3: &
+       RET=$?
+   fi
+ 
+@@ -269,7 +283,7 @@ ssl_cov()
+   start_selfserv # Launch the server
  
- ########################### kill_selfserv ##############################
- # local shell function to kill the selfserver after the tests are done
- ########################################################################
-@@ -273,16 +285,19 @@ ssl_cov()
+   VMIN="ssl2"
+-  VMAX="tls1.1"
++  VMAX="tls1.2"
+                
    exec < ${SSLCOV}
    while read ectype testmax param testname
-   do
-       echo "${testname}" | grep "EXPORT" > /dev/null 
-       EXP=$?
+@@ -279,6 +293,12 @@ ssl_cov()
        echo "${testname}" | grep "SSL2" > /dev/null
        SSL2=$?
  
 +      #  skip export and ssl2 tests when build has disabled SSL2
-+      [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ] && continue
++      if [ "${NSS_NO_SSL2}" = "1" ] && [[ ${EXP} -eq 0 || ${SSL2} -eq 0 ]]; then
++         echo "exp/ssl2 test skipped: (NSS_NO_SSL2,EXP,SSL2)=(${NSS_NO_SSL2},${EXP},${SSL2})"
++         continue
++      fi
 +
        if [ "${SSL2}" -eq 0 ] ; then
            # We cannot use asynchronous cert verification with SSL2
            SSL2_FLAGS=-O
-           VMIN="ssl2"
-       else
-           # Do not enable SSL2 for non-SSL2-specific tests. SSL2 is disabled by
-           # default in libssl but it is enabled by default in tstclnt; we want
-           # to test the libssl default whenever possible.
diff --git a/SOURCES/additional-cipher-suites-enabled-by-default.patch b/SOURCES/additional-cipher-suites-enabled-by-default.patch
deleted file mode 100644
index 0e28419..0000000
--- a/SOURCES/additional-cipher-suites-enabled-by-default.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-diff -up ./nss/lib/ssl/ssl3con.c.1245627 ./nss/lib/ssl/ssl3con.c
---- ./nss/lib/ssl/ssl3con.c.1245627	2015-08-10 15:42:24.831988193 -0700
-+++ ./nss/lib/ssl/ssl3con.c	2015-08-10 17:03:05.674965691 -0700
-@@ -90,21 +90,24 @@ static ssl3CipherSuiteCfg cipherSuites[s
-    /*      cipher_suite                     policy       enabled   isPresent */
- 
- #ifndef NSS_DISABLE_ECC
-- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ /* Switched order of two previous to meet Suite B requirements
-+  * but implemented by default yet.
-+  */
-+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-    /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
-     * bug 946147.
-     */
-- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
-@@ -119,7 +122,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
-  { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-@@ -143,7 +146,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
- #endif /* NSS_DISABLE_ECC */
- 
-  /* RSA */
-- { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_FALSE,  PR_FALSE},
-+ { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_RSA_WITH_AES_128_GCM_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_RSA_WITH_AES_128_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_RSA_WITH_AES_128_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-diff -up ./nss/lib/ssl/sslenum.c.1245627 ./nss/lib/ssl/sslenum.c
---- ./nss/lib/ssl/sslenum.c.1245627	2015-08-10 15:42:24.809988026 -0700
-+++ ./nss/lib/ssl/sslenum.c	2015-08-10 15:42:24.846988306 -0700
-@@ -48,8 +48,8 @@
-  */
- const PRUint16 SSL_ImplementedCiphers[] = {
- #ifndef NSS_DISABLE_ECC
--    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
diff --git a/SOURCES/client_auth_for_sha384_prf_support.patch b/SOURCES/client_auth_for_sha384_prf_support.patch
new file mode 100644
index 0000000..de0d1aa
--- /dev/null
+++ b/SOURCES/client_auth_for_sha384_prf_support.patch
@@ -0,0 +1,159 @@
+diff -up ./lib/ssl/ssl3con.c.client_auth_prf ./lib/ssl/ssl3con.c
+--- ./lib/ssl/ssl3con.c.client_auth_prf	2016-02-14 09:14:32.821182333 -0800
++++ ./lib/ssl/ssl3con.c	2016-02-14 09:52:47.506071502 -0800
+@@ -270,6 +270,27 @@ static const /*SSL3ClientCertificateType
+     ct_DSS_sign,
+ };
+ 
++/* This block is the contents of the supported_signature_algorithms field of
++ * our TLS 1.2 CertificateRequest message, in wire format. See
++ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
++ *
++ * We only support TLS 1.2
++ * CertificateVerify messages that use the handshake PRF hash. */
++static const PRUint8 supported_signature_algorithms_sha256[] = {
++    tls_hash_sha256, tls_sig_rsa,
++#ifndef NSS_DISABLE_ECC
++    tls_hash_sha256, tls_sig_ecdsa,
++#endif
++    tls_hash_sha256, tls_sig_dsa,
++};
++static const PRUint8 supported_signature_algorithms_sha384[] = {
++    tls_hash_sha384, tls_sig_rsa,
++#ifndef NSS_DISABLE_ECC
++    tls_hash_sha384, tls_sig_ecdsa,
++#endif
++    tls_hash_sha384, tls_sig_dsa,
++};
++
+ #define EXPORT_RSA_KEY_LENGTH 64	/* bytes */
+ 
+ 
+@@ -4904,6 +4925,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *
+ 	unsigned int  stateLen;
+ 	unsigned char stackBuf[1024];
+ 	unsigned char *stateBuf = NULL;
++    SECOidData *hashOid;
+ 
+ 	h = ss->ssl3.hs.sha;
+ 	stateBuf = PK11_SaveContextAlloc(h, stackBuf,
+@@ -4919,9 +4941,25 @@ ssl3_ComputeHandshakeHashes(sslSocket *
+ 	    rv = SECFailure;
+ 	    goto tls12_loser;
+ 	}
+-	/* If we ever support ciphersuites where the PRF hash isn't SHA-256
+-	 * then this will need to be updated. */
+-	hashes->hashAlg = ssl_hash_sha256;
++
++	/* updated in support of ciphersuites where the PRF hash
++     * could be SHA-256 or SHA-384 */
++    hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
++    if (hashOid == NULL) {
++        ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
++        rv = SECFailure;
++        goto tls12_loser;
++    }
++    hashes->hashAlg = hashOid->offset;
++    PORT_Assert(hashes->hashAlg == ssl_hash_sha256 ||
++                hashes->hashAlg == ssl_hash_sha384);
++    if (hashes->hashAlg != ssl_hash_sha256 &&
++        hashes->hashAlg != ssl_hash_sha384) {
++        ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
++        rv = SECFailure;
++        goto tls12_loser;
++    }
++
+ 	rv = SECSuccess;
+ 
+ tls12_loser:
+@@ -7242,7 +7280,7 @@ done:
+ /* Destroys the backup handshake hash context if we don't need it. Note that
+  * this function selects the hash algorithm for client authentication
+  * signatures; ssl3_SendCertificateVerify uses the presence of the backup hash
+- * to determine whether to use SHA-1 or SHA-256. */
++ * to determine whether to use SHA-1, or the PRF hash of the cipher suite. */
+ static void
+ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss,
+ 					   const SECItem *algorithms)
+@@ -7251,9 +7289,12 @@ ssl3_DestroyBackupHandshakeHashIfNotNeed
+     SSLSignType sigAlg;
+     PRBool preferSha1;
+     PRBool supportsSha1 = PR_FALSE;
+-    PRBool supportsSha256 = PR_FALSE;
++    PRBool supportsHandshakeHash = PR_FALSE;
+     PRBool needBackupHash = PR_FALSE;
+     unsigned int i;
++    SECOidData *hashOid;
++    TLSHashAlgorithm suitePRFHash;
++    PRBool suitePRFIs256Or384 = PR_FALSE;
+ 
+ #ifndef NO_PKCS11_BYPASS
+     /* Backup handshake hash is not supported in PKCS #11 bypass mode. */
+@@ -7270,20 +7311,35 @@ ssl3_DestroyBackupHandshakeHashIfNotNeed
+ 	goto done;
+     }
+ 
++    hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
++    if (hashOid == NULL) {
++        rv = SECFailure;
++	goto done;
++    }
++
++    if (hashOid->offset == SEC_OID_SHA256) {
++	suitePRFHash = tls_hash_sha256;
++	suitePRFIs256Or384 = PR_TRUE;
++    } else if (hashOid->offset == SEC_OID_SHA384) {
++	suitePRFHash = tls_hash_sha384;
++	suitePRFIs256Or384 = PR_TRUE;
++    } 
++
+     /* Determine the server's hash support for that signature algorithm. */
+     for (i = 0; i < algorithms->len; i += 2) {
+ 	if (algorithms->data[i+1] == sigAlg) {
+ 	    if (algorithms->data[i] == ssl_hash_sha1) {
+ 		supportsSha1 = PR_TRUE;
+-	    } else if (algorithms->data[i] == ssl_hash_sha256) {
+-		supportsSha256 = PR_TRUE;
++	    } else if (suitePRFIs256Or384 &&
++	               algorithms->data[i] == suitePRFHash) {
++		supportsHandshakeHash = PR_TRUE;
+ 	    }
+ 	}
+     }
+ 
+     /* If either the server does not support SHA-256 or the client key prefers
+      * SHA-1, leave the backup hash. */
+-    if (supportsSha1 && (preferSha1 || !supportsSha256)) {
++    if (supportsSha1 && (preferSha1 || !supportsHandshakeHash)) {
+ 	needBackupHash = PR_TRUE;
+     }
+ 
+@@ -9548,6 +9604,7 @@ ssl3_SendCertificateRequest(sslSocket *s
+     int            certTypesLength;
+     PRUint8        sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2];
+     unsigned int   sigAlgsLength = 0;
++    SECOidData *hashOid;
+ 
+     SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake",
+ 		SSL_GETPID(), ss->fd));
+@@ -9575,6 +9632,20 @@ ssl3_SendCertificateRequest(sslSocket *s
+     certTypes       = certificate_types;
+     certTypesLength = sizeof certificate_types;
+ 
++    hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
++    if (hashOid == NULL) {
++	return SECFailure; 		/* err set by AppendHandshake. */
++    }
++    if (hashOid->offset == SEC_OID_SHA256) {
++	sigAlgsLength = sizeof supported_signature_algorithms_sha256;
++    PORT_Memcpy(sigAlgs, supported_signature_algorithms_sha256, sigAlgsLength);
++    } else if (hashOid->offset == SEC_OID_SHA384) {
++	sigAlgsLength = sizeof supported_signature_algorithms_sha384;
++    PORT_Memcpy(sigAlgs, supported_signature_algorithms_sha384, sigAlgsLength);
++    } else {
++	return SECFailure; 		/* err set by AppendHandshake. */
++    }
++
+     length = 1 + certTypesLength + 2 + calen;
+     if (isTLS12) {
+         rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs),
diff --git a/SOURCES/cve-2015-7575-minimal.patch b/SOURCES/cve-2015-7575-minimal.patch
deleted file mode 100644
index 96d09b4..0000000
--- a/SOURCES/cve-2015-7575-minimal.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -4345,17 +4345,16 @@ ssl3_ConsumeHandshakeVariable(sslSocket 
- }
- 
- /* tlsHashOIDMap contains the mapping between TLS hash identifiers and the
-  * SECOidTag used internally by NSS. */
- static const struct {
-     int tlsHash;
-     SECOidTag oid;
- } tlsHashOIDMap[] = {
--    { tls_hash_md5, SEC_OID_MD5 },
-     { tls_hash_sha1, SEC_OID_SHA1 },
-     { tls_hash_sha224, SEC_OID_SHA224 },
-     { tls_hash_sha256, SEC_OID_SHA256 },
-     { tls_hash_sha384, SEC_OID_SHA384 },
-     { tls_hash_sha512, SEC_OID_SHA512 }
- };
- 
- /* ssl3_TLSHashAlgorithmToOID converts a TLS hash identifier into an OID value.
diff --git a/SOURCES/dhe-sha384-dss-support.patch b/SOURCES/dhe-sha384-dss-support.patch
index 3474df4..834c7c1 100644
--- a/SOURCES/dhe-sha384-dss-support.patch
+++ b/SOURCES/dhe-sha384-dss-support.patch
@@ -1,845 +1,107 @@
-diff -up ./cmd/certutil/keystuff.c.dhe_and_sha384 ./cmd/certutil/keystuff.c
---- ./cmd/certutil/keystuff.c.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./cmd/certutil/keystuff.c	2015-06-24 23:06:00.450872604 +0200
-@@ -133,64 +133,92 @@ UpdateRNG(void)
- }
- 
- static const unsigned char P[] = { 0, 
--       0x98, 0xef, 0x3a, 0xae, 0x70, 0x98, 0x9b, 0x44, 
--       0xdb, 0x35, 0x86, 0xc1, 0xb6, 0xc2, 0x47, 0x7c, 
--       0xb4, 0xff, 0x99, 0xe8, 0xae, 0x44, 0xf2, 0xeb, 
--       0xc3, 0xbe, 0x23, 0x0f, 0x65, 0xd0, 0x4c, 0x04, 
--       0x82, 0x90, 0xa7, 0x9d, 0x4a, 0xc8, 0x93, 0x7f, 
--       0x41, 0xdf, 0xf8, 0x80, 0x6b, 0x0b, 0x68, 0x7f, 
--       0xaf, 0xe4, 0xa8, 0xb5, 0xb2, 0x99, 0xc3, 0x69, 
--       0xfb, 0x3f, 0xe7, 0x1b, 0xd0, 0x0f, 0xa9, 0x7a, 
--       0x4a, 0x04, 0xbf, 0x50, 0x9e, 0x22, 0x33, 0xb8, 
--       0x89, 0x53, 0x24, 0x10, 0xf9, 0x68, 0x77, 0xad, 
--       0xaf, 0x10, 0x68, 0xb8, 0xd3, 0x68, 0x5d, 0xa3, 
--       0xc3, 0xeb, 0x72, 0x3b, 0xa0, 0x0b, 0x73, 0x65, 
--       0xc5, 0xd1, 0xfa, 0x8c, 0xc0, 0x7d, 0xaa, 0x52, 
--       0x29, 0x34, 0x44, 0x01, 0xbf, 0x12, 0x25, 0xfe, 
--       0x18, 0x0a, 0xc8, 0x3f, 0xc1, 0x60, 0x48, 0xdb, 
--       0xad, 0x93, 0xb6, 0x61, 0x67, 0xd7, 0xa8, 0x2d };
-+        0xc6, 0x2a, 0x47, 0x73, 0xea, 0x78, 0xfa, 0x65,
-+        0x47, 0x69, 0x39, 0x10, 0x08, 0x55, 0x6a, 0xdd,
-+        0xbf, 0x77, 0xe1, 0x9a, 0x69, 0x73, 0xba, 0x66,
-+        0x37, 0x08, 0x93, 0x9e, 0xdb, 0x5d, 0x01, 0x08,
-+        0xb8, 0x3a, 0x73, 0xe9, 0x85, 0x5f, 0xa7, 0x2b,
-+        0x63, 0x7f, 0xd0, 0xc6, 0x4c, 0xdc, 0xfc, 0x8b,
-+        0xa6, 0x03, 0xc9, 0x9c, 0x80, 0x5e, 0xec, 0xc6,
-+        0x21, 0x23, 0xf7, 0x8e, 0xa4, 0x7b, 0x77, 0x83,
-+        0x02, 0x44, 0xf8, 0x05, 0xd7, 0x36, 0x52, 0x13,
-+        0x57, 0x78, 0x97, 0xf3, 0x7b, 0xcf, 0x1f, 0xc9,
-+        0x2a, 0xa4, 0x71, 0x9d, 0xa8, 0xd8, 0x5d, 0xc5,
-+        0x3b, 0x64, 0x3a, 0x72, 0x60, 0x62, 0xb0, 0xb8,
-+        0xf3, 0xb1, 0xe7, 0xb9, 0x76, 0xdf, 0x74, 0xbe,
-+        0x87, 0x6a, 0xd2, 0xf1, 0xa9, 0x44, 0x8b, 0x63,
-+        0x76, 0x4f, 0x5d, 0x21, 0x63, 0xb5, 0x4f, 0x3c,
-+        0x7b, 0x61, 0xb2, 0xf3, 0xea, 0xc5, 0xd8, 0xef,
-+        0x30, 0x50, 0x59, 0x33, 0x61, 0xc0, 0xf3, 0x6e,
-+        0x21, 0xcf, 0x15, 0x35, 0x4a, 0x87, 0x2b, 0xc3,
-+        0xf6, 0x5a, 0x1f, 0x24, 0x22, 0xc5, 0xeb, 0x47,
-+        0x34, 0x4a, 0x1b, 0xb5, 0x2e, 0x71, 0x52, 0x8f,
-+        0x2d, 0x7d, 0xa9, 0x96, 0x8a, 0x7c, 0x61, 0xdb,
-+        0xc0, 0xdc, 0xf1, 0xca, 0x28, 0x69, 0x1c, 0x97,
-+        0xad, 0xea, 0x0d, 0x9e, 0x02, 0xe6, 0xe5, 0x7d,
-+        0xad, 0xe0, 0x42, 0x91, 0x4d, 0xfa, 0xe2, 0x81,
-+        0x16, 0x2b, 0xc2, 0x96, 0x3b, 0x32, 0x8c, 0x20,
-+        0x69, 0x8b, 0x5b, 0x17, 0x3c, 0xf9, 0x13, 0x6c,
-+        0x98, 0x27, 0x1c, 0xca, 0xcf, 0x33, 0xaa, 0x93,
-+        0x21, 0xaf, 0x17, 0x6e, 0x5e, 0x00, 0x37, 0xd9,
-+        0x34, 0x8a, 0x47, 0xd2, 0x1c, 0x67, 0x32, 0x60,
-+        0xb6, 0xc7, 0xb0, 0xfd, 0x32, 0x90, 0x93, 0x32,
-+        0xaa, 0x11, 0xba, 0x23, 0x19, 0x39, 0x6a, 0x42,
-+        0x7c, 0x1f, 0xb7, 0x28, 0xdb, 0x64, 0xad, 0xd9 };
- static const unsigned char Q[] = { 0,
--       0xb5, 0xb0, 0x84, 0x8b, 0x44, 0x29, 0xf6, 0x33, 
--       0x59, 0xa1, 0x3c, 0xbe, 0xd2, 0x7f, 0x35, 0xa1, 
--       0x76, 0x27, 0x03, 0x81                         };
-+        0xe6, 0xa3, 0xc9, 0xc6, 0x51, 0x92, 0x8b, 0xb3,
-+        0x98, 0x8f, 0x97, 0xb8, 0x31, 0x0d, 0x4a, 0x03,
-+        0x1e, 0xba, 0x4e, 0xe6, 0xc8, 0x90, 0x98, 0x1d,
-+        0x3a, 0x95, 0xf4, 0xf1 };
- static const unsigned char G[] = { 
--       0x04, 0x0e, 0x83, 0x69, 0xf1, 0xcd, 0x7d, 0xe5, 
--       0x0c, 0x78, 0x93, 0xd6, 0x49, 0x6f, 0x00, 0x04, 
--       0x4e, 0x0e, 0x6c, 0x37, 0xaa, 0x38, 0x22, 0x47, 
--       0xd2, 0x58, 0xec, 0x83, 0x12, 0x95, 0xf9, 0x9c, 
--       0xf1, 0xf4, 0x27, 0xff, 0xd7, 0x99, 0x57, 0x35, 
--       0xc6, 0x64, 0x4c, 0xc0, 0x47, 0x12, 0x31, 0x50, 
--       0x82, 0x3c, 0x2a, 0x07, 0x03, 0x01, 0xef, 0x30, 
--       0x09, 0x89, 0x82, 0x41, 0x76, 0x71, 0xda, 0x9e, 
--       0x57, 0x8b, 0x76, 0x38, 0x37, 0x5f, 0xa5, 0xcd, 
--       0x32, 0x84, 0x45, 0x8d, 0x4c, 0x17, 0x54, 0x2b, 
--       0x5d, 0xc2, 0x6b, 0xba, 0x3e, 0xa0, 0x7b, 0x95, 
--       0xd7, 0x00, 0x42, 0xf7, 0x08, 0xb8, 0x83, 0x87, 
--       0x60, 0xe1, 0xe5, 0xf4, 0x1a, 0x54, 0xc2, 0x20, 
--       0xda, 0x38, 0x3a, 0xd1, 0xb6, 0x10, 0xf4, 0xcb, 
--       0x35, 0xda, 0x97, 0x92, 0x87, 0xd6, 0xa5, 0x37, 
--       0x62, 0xb4, 0x93, 0x4a, 0x15, 0x21, 0xa5, 0x10 };
-+        0x70, 0x32, 0x58, 0x5d, 0xb3, 0xbf, 0xc3, 0x62,
-+        0x63, 0x0b, 0xf8, 0xa5, 0xe1, 0xed, 0xeb, 0x79,
-+        0xac, 0x18, 0x41, 0x64, 0xb3, 0xda, 0x4c, 0xa7,
-+        0x92, 0x63, 0xb1, 0x33, 0x7c, 0xcb, 0x43, 0xdc,
-+        0x1f, 0x38, 0x63, 0x5e, 0x0e, 0x6d, 0x45, 0xd1,
-+        0xc9, 0x67, 0xf3, 0xcf, 0x3d, 0x2d, 0x16, 0x4e,
-+        0x92, 0x16, 0x06, 0x59, 0x29, 0x89, 0x6f, 0x54,
-+        0xff, 0xc5, 0x71, 0xc8, 0x3a, 0x95, 0x84, 0xb6,
-+        0x7e, 0x7b, 0x1e, 0x8b, 0x47, 0x9d, 0x7a, 0x3a,
-+        0x36, 0x9b, 0x70, 0x2f, 0xd1, 0xbd, 0xef, 0xe8,
-+        0x3a, 0x41, 0xd4, 0xf3, 0x1f, 0x81, 0xc7, 0x1f,
-+        0x96, 0x7c, 0x30, 0xab, 0xf4, 0x7a, 0xac, 0x93,
-+        0xed, 0x6f, 0x67, 0xb0, 0xc9, 0x5b, 0xf3, 0x83,
-+        0x9d, 0xa0, 0xd7, 0xb9, 0x01, 0xed, 0x28, 0xae,
-+        0x1c, 0x6e, 0x2e, 0x48, 0xac, 0x9f, 0x7d, 0xf3,
-+        0x00, 0x48, 0xee, 0x0e, 0xfb, 0x7e, 0x5e, 0xcb,
-+        0xf5, 0x39, 0xd8, 0x92, 0x90, 0x61, 0x2d, 0x1e,
-+        0x3c, 0xd3, 0x55, 0x0d, 0x34, 0xd1, 0x81, 0xc4,
-+        0x89, 0xea, 0x94, 0x2b, 0x56, 0x33, 0x73, 0x58,
-+        0x48, 0xbf, 0x23, 0x72, 0x19, 0x5f, 0x19, 0xac,
-+        0xff, 0x09, 0xc8, 0xcd, 0xab, 0x71, 0xef, 0x9e,
-+        0x20, 0xfd, 0xe3, 0xb8, 0x27, 0x9e, 0x65, 0xb1,
-+        0x85, 0xcd, 0x88, 0xfe, 0xd4, 0xd7, 0x64, 0x4d,
-+        0xe1, 0xe8, 0xa6, 0xe5, 0x96, 0xc8, 0x5d, 0x9c,
-+        0xc6, 0x70, 0x6b, 0xba, 0x77, 0x4e, 0x90, 0x4a,
-+        0xb0, 0x96, 0xc5, 0xa0, 0x9e, 0x2c, 0x01, 0x03,
-+        0xbe, 0xbd, 0x71, 0xba, 0x0a, 0x6f, 0x9f, 0xe5,
-+        0xdb, 0x04, 0x08, 0xf2, 0x9e, 0x0f, 0x1b, 0xac,
-+        0xcd, 0xbb, 0x65, 0x12, 0xcf, 0x77, 0xc9, 0x7d,
-+        0xbe, 0x94, 0x4b, 0x9c, 0x5b, 0xde, 0x0d, 0xfa,
-+        0x57, 0xdd, 0x77, 0x32, 0xf0, 0x5b, 0x34, 0xfd,
-+        0x19, 0x95, 0x33, 0x60, 0x87, 0xe2, 0xa2, 0xf4 };
- 
--/*  h:
-- *      4a:76:30:89:eb:e1:81:7c:99:0b:39:7f:95:4a:65:72:
-- *      c6:b4:05:92:48:6c:3c:b2:7e:e7:39:f3:92:7d:c1:3f:
-- *      bf:e1:fd:b3:4a:46:3e:ce:29:80:e3:d6:f4:59:c6:92:
-- *      16:2b:0e:d7:d6:bb:ef:94:36:31:c2:66:46:c5:4a:77:
-- *      aa:95:84:ef:99:7e:e3:9c:d9:a0:32:42:09:b6:4e:d0:
-- *      b3:c8:5e:06:df:a1:ac:4d:2d:f9:08:c2:cb:4b:a4:42:
-- *      db:8a:5b:de:25:6e:2b:5b:ca:00:75:2c:57:00:18:aa:
-- *      68:59:a1:94:03:07:94:78:38:bc:f8:7c:1e:1c:a3:2e
-- *  SEED:
-- *      b5:44:66:c9:0f:f1:ca:1c:95:45:ce:90:74:89:14:f2:
-- *      13:3e:23:5a:b0:6a:bf:86:ad:cb:a0:7d:ce:3b:c8:16:
-- *      7f:2d:a2:1a:cb:33:7d:c1:e7:d7:07:aa:1b:a2:d7:89:
-- *      f5:a4:db:f7:8b:50:00:cd:b4:7d:25:81:3f:f8:a8:dd:
-- *      6c:46:e5:77:b5:60:7e:75:79:b8:99:57:c1:c4:f3:f7:
-- *      17:ca:43:00:b8:33:b6:06:8f:4d:91:ed:23:a5:66:1b:
-- *      ef:14:d7:bc:21:2b:82:d8:ab:fa:fd:a7:c3:4d:bf:52:
-- *      af:8e:57:59:61:1a:4e:65:c6:90:d6:a6:ff:0b:15:b1
-- *  g:       1024
-- *  counter: 1003
-+
-+/* P, Q, G have been generated using the NSS makepqg utility:
-+ *         makepqg -l 2048 -g 224 -r
-+ * (see also: bug 1170322)
-+ *
-+ *   h: 1 (0x1)
-+ *   SEED:
-+ *       d2:0b:c5:63:1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:
-+ *       0e:be:d0:38:e4:78:d5:3c:7c:9e:a9:9a:d2:0b:c5:63:
-+ *       1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:
-+ *       e4:78:d5:3c:7c:9e:c7:70:d2:0b:c5:63:1b:af:dc:36:
-+ *       b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:e4:78:d5:3c:
-+ *       7c:9e:aa:3e
-+ *   g:       672
-+ *   counter: 0
-  */
- 
- static const SECKEYPQGParams default_pqg_params = {
-diff -up ./cmd/selfserv/selfserv.c.dhe_and_sha384 ./cmd/selfserv/selfserv.c
---- ./cmd/selfserv/selfserv.c.dhe_and_sha384	2015-06-24 23:06:00.423873110 +0200
-+++ ./cmd/selfserv/selfserv.c	2015-06-24 23:06:00.453872547 +0200
-@@ -119,16 +119,16 @@ const int ssl3CipherSuites[] = {
-     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,	/* l */
-     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,	        /* m */
-     TLS_RSA_WITH_RC4_128_SHA,			/* n */
--    -1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, 	 * o */
--    -1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,	 * p */
--    -1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,	 * q */
--    -1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA,	 * r */
--    -1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA,	 * s */
--    -1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA,	 * t */
--    -1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA,	 * u */
-+    TLS_DHE_DSS_WITH_RC4_128_SHA, 	 /* o */
-+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,	 /* p */
-+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,	 /* q */
-+    TLS_DHE_RSA_WITH_DES_CBC_SHA,	 /* r */
-+    TLS_DHE_DSS_WITH_DES_CBC_SHA,	 /* s */
-+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,	 /* t */
-+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,	 /* u */
-     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
--    -1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA,	 * w */
--    -1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA,	 * x */
-+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,	 /* w */
-+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,	 /* x */
-     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-     TLS_RSA_WITH_NULL_SHA,			/* z */
-     0
-@@ -141,6 +141,9 @@ static PRBool  noDelay;
- static int     requestCert;
- static int	verbose;
- static SECItem	bigBuf;
-+static int configureDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/
-+static int configureReuseECDHE = -1; /* -1: don't configure, 0 refresh, >=1 reuse*/
-+static int configureWeakDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/
- 
- static PRThread * acceptorThread;
- 
-@@ -160,11 +163,12 @@ PrintUsageHeader(const char *progName)
- "         [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
- "         [-V [min-version]:[max-version]] [-a sni_name]\n"
- "         [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n"
-+"         [-C SSLCacheEntries] [-S dsa_nickname]"
- #ifndef NSS_DISABLE_ECC
--"         [-C SSLCacheEntries] [-e ec_nickname]\n"
--#else
--"         [-C SSLCacheEntries]\n"
-+                                                " [-e ec_nickname]"
- #endif /* NSS_DISABLE_ECC */
-+"\n"
-+"         -U [0|1] -H [0|1] -W [0|1]\n"
-         ,progName);
- }
- 
-@@ -216,6 +220,9 @@ PrintParameterUsage()
- "           good, revoked, unknown, failure, badsig, corrupted\n"
- "   ocsp: fetch from external OCSP server using AIA, or none\n"
- "-A <ca> Nickname of a CA used to sign a stapled cert status\n"
-+"-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n"
-+"-H override default DHE server support, 0: disable, 1: enable\n"
-+"-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
- "-c Restrict ciphers\n"
- "-Y prints cipher values allowed for parameter -c and exits\n"
-     , stderr);
-@@ -252,7 +259,16 @@ PrintCipherUsage(const char *progName)
- "l    SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
- "m    SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n"
- "n    SSL3 RSA WITH RC4 128 SHA\n"
-+"o    TLS_DHE_DSS_WITH_RC4_128_SHA\n"
-+"p    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n"
-+"q    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\n"
-+"r    TLS_DHE_RSA_WITH_DES_CBC_SHA\n"
-+"s    TLS_DHE_DSS_WITH_DES_CBC_SHA\n"
-+"t    TLS_DHE_DSS_WITH_AES_128_CBC_SHA\n"
-+"u    TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n"
- "v    SSL3 RSA WITH AES 128 CBC SHA\n"
-+"w    TLS_DHE_DSS_WITH_AES_256_CBC_SHA\n"
-+"x    TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n"
- "y    SSL3 RSA WITH AES 256 CBC SHA\n"
- "z    SSL3 RSA WITH NULL SHA\n"
- "\n"
-@@ -1909,6 +1925,18 @@ server_main(
-         }
-     }
- 
-+    if (configureDHE > -1) {
-+	rv = SSL_OptionSet(model_sock, SSL_ENABLE_SERVER_DHE, (configureDHE > 0));
-+    }
-+
-+    if (configureReuseECDHE > -1) {
-+	rv = SSL_OptionSet(model_sock, SSL_REUSE_SERVER_ECDHE_KEY, (configureReuseECDHE > 0));
-+    }
-+
-+    if (configureWeakDHE > -1) {
-+	rv = SSL_EnableWeakDHEPrimeGroup(model_sock, (configureWeakDHE > 0));
-+    }
-+
-     for (kea = kt_rsa; kea < kt_kea_size; kea++) {
- 	if (cert[kea] != NULL) {
- 	    secStatus = SSL_ConfigSecureServer(model_sock, 
-@@ -2140,6 +2168,7 @@ main(int argc, char **argv)
- #ifndef NSS_DISABLE_ECC
-     char *               ecNickName   = NULL;
- #endif
-+    char *               dsaNickName  = NULL;
-     const char *         fileName    = NULL;
-     char *               cipherString= NULL;
-     const char *         dir         = ".";
-@@ -2184,7 +2213,7 @@ main(int argc, char **argv)
-     ** numbers, then capital letters, then lower case, alphabetical. 
-     */
-     optstate = PL_CreateOptState(argc, argv, 
--        "2:A:BC:DEL:M:NP:RT:V:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz");
-+        "2:A:BC:DEH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz");
-     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- 	++optionsFound;
- 	switch(optstate->option) {
-@@ -2198,6 +2227,7 @@ main(int argc, char **argv)
- 
- 	case 'D': noDelay = PR_TRUE; break;
- 	case 'E': disableStepDown = PR_TRUE; break;
-+	case 'H': configureDHE = (PORT_Atoi(optstate->value) != 0); break;
- 
- 	case 'I': /* reserved for OCSP multi-stapling */ break;
- 
-@@ -2221,6 +2251,8 @@ main(int argc, char **argv)
- 
- 	case 'R': disableRollBack = PR_TRUE; break;
- 
-+	case 'S': dsaNickName = PORT_Strdup(optstate->value); break;
-+
- 	case 'T':
- 	    if (enableOCSPStapling(optstate->value) != SECSuccess) {
- 		fprintf(stderr, "Invalid OCSP stapling mode.\n");
-@@ -2229,6 +2261,8 @@ main(int argc, char **argv)
- 	    }
- 	    break;
- 
-+	case 'U': configureReuseECDHE = (PORT_Atoi(optstate->value) != 0); break;
-+
-         case 'V': if (SECU_ParseSSLVersionRangeString(optstate->value,
-                           enabledVersions, enableSSL2,
-                           &enabledVersions, &enableSSL2) != SECSuccess) {
-@@ -2236,6 +2270,8 @@ main(int argc, char **argv)
-                   }
-                   break;
- 
-+	case 'W': configureWeakDHE = (PORT_Atoi(optstate->value) != 0); break;
-+
-         case 'Y': PrintCipherUsage(progName); exit(0); break;
-         
- 	case 'a': if (virtServerNameIndex >= MAX_VIRT_SERVER_NAME_ARRAY_INDEX) {
-@@ -2366,6 +2402,7 @@ main(int argc, char **argv)
-     }
- 
-     if ((nickName == NULL)
-+        && (dsaNickName == NULL)
-  #ifndef NSS_DISABLE_ECC
- 						&& (ecNickName == NULL)
-  #endif
-@@ -2597,6 +2634,33 @@ main(int argc, char **argv)
- 	setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa,
- 			&pwdata);
-     }
-+    if (dsaNickName) {
-+	/* Investigate if ssl_kea_dh should be changed to ssl_auth_dsa.
-+	 * See bug 102794.*/
-+	cert[ssl_kea_dh] = PK11_FindCertFromNickname(dsaNickName, &pwdata);
-+	if (cert[ssl_kea_dh] == NULL) {
-+	    fprintf(stderr, "selfserv: Can't find certificate %s\n", dsaNickName);
-+	    exit(12);
-+	}
-+	privKey[ssl_kea_dh] = PK11_FindKeyByAnyCert(cert[ssl_kea_dh], &pwdata);
-+	if (privKey[ssl_kea_dh] == NULL) {
-+	    fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n",
-+	            dsaNickName);
-+	    exit(11);
-+	}
-+	if (testbypass) {
-+	    PRBool bypassOK;
-+	    if (SSL_CanBypass(cert[ssl_kea_dh], privKey[ssl_kea_dh], protos, cipherlist,
-+	                      nciphers, &bypassOK, &pwdata) != SECSuccess) {
-+		SECU_PrintError(progName, "Bypass test failed %s\n", nickName);
-+		exit(14);
-+	    }
-+	    fprintf(stderr, "selfserv: %s can%s bypass\n", nickName,
-+		    bypassOK ? "" : "not");
-+	}
-+	setupCertStatus(certStatusArena, ocspStaplingMode, cert[ssl_kea_dh], ssl_kea_dh,
-+			&pwdata);
-+    }
- #ifndef NSS_DISABLE_ECC
-     if (ecNickName) {
- 	cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata);
-@@ -2629,6 +2693,13 @@ main(int argc, char **argv)
-     if (testbypass)
- 	goto cleanup;
- 
-+    if (configureWeakDHE > 0) {
-+	fprintf(stderr, "selfserv: Creating dynamic weak DH parameters\n");
-+	rv = SSL_EnableWeakDHEPrimeGroup(NULL, PR_TRUE);
-+	fprintf(stderr, "selfserv: Done creating dynamic weak DH parameters\n");
-+    }
-+
-+
- /* allocate the array of thread slots, and launch the worker threads. */
-     rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads);
- 
-diff -up ./cmd/tstclnt/tstclnt.c.dhe_and_sha384 ./cmd/tstclnt/tstclnt.c
---- ./cmd/tstclnt/tstclnt.c.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./cmd/tstclnt/tstclnt.c	2015-06-24 23:06:00.454872529 +0200
-@@ -212,7 +212,7 @@ static void PrintParameterUsage(void)
-     fprintf(stderr, 
-             "%-20s Restricts the set of enabled SSL/TLS protocols versions.\n"
-             "%-20s All versions are enabled by default.\n"
--            "%-20s Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n"
-+            "%-20s Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
-             "%-20s Example: \"-V ssl3:\" enables SSL 3 and newer.\n",
-             "-V [min]:[max]", "", "", "");
-     fprintf(stderr, "%-20s Send TLS_FALLBACK_SCSV\n", "-K");
-@@ -911,7 +911,7 @@ int main(int argc, char **argv)
-     int                npds;
-     int                override = 0;
-     SSLVersionRange    enabledVersions;
--    PRBool             enableSSL2 = PR_TRUE;
-+    PRBool             enableSSL2 = PR_FALSE;
-     int                bypassPKCS11 = 0;
-     int                disableLocking = 0;
-     int                useExportPolicy = 0;
-diff -up ./lib/ssl/dhe-param.c.dhe_and_sha384 ./lib/ssl/dhe-param.c
---- ./lib/ssl/dhe-param.c.dhe_and_sha384	2015-06-24 23:06:00.454872529 +0200
-+++ ./lib/ssl/dhe-param.c	2015-06-24 23:06:00.454872529 +0200
-@@ -0,0 +1,413 @@
-+/* This Source Code Form is subject to the terms of the Mozilla Public
-+ * License, v. 2.0. If a copy of the MPL was not distributed with this
-+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-+
-+static const unsigned char ff_dhe_g2[] = { 2 };
-+
-+static const unsigned char ff_dhe_2048_p[] = {
-+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
-+    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
-+    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
-+    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
-+    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
-+    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
-+    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
-+    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
-+    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
-+    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
-+    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
-+    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
-+    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
-+    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
-+    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
-+    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
-+    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
-+    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
-+    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
-+    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
-+    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
-+    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
-+    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
-+    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
-+    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
-+    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
-+    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
-+    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
-+    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
-+    0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
-+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+};
-+
-+static const ssl3DHParams ff_dhe_2048 = {
-+    { siBuffer, (unsigned char *)ff_dhe_2048_p, sizeof(ff_dhe_2048_p) },
-+    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
-+};
-+
-+static const unsigned char ff_dhe_3072_p[] = {
-+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
-+    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
-+    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
-+    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
-+    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
-+    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
-+    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
-+    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
-+    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
-+    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
-+    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
-+    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
-+    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
-+    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
-+    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
-+    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
-+    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
-+    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
-+    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
-+    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
-+    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
-+    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
-+    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
-+    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
-+    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
-+    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
-+    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
-+    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
-+    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
-+    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
-+    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
-+    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
-+    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
-+    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
-+    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
-+    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
-+    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
-+    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
-+    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
-+    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
-+    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
-+    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
-+    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
-+    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
-+    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
-+    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
-+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+};
-+
-+static const ssl3DHParams ff_dhe_3072 = {
-+    { siBuffer, (unsigned char *)ff_dhe_3072_p, sizeof(ff_dhe_3072_p) },
-+    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
-+};
-+
-+static const unsigned char ff_dhe_4096_p[] = {
-+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
-+    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
-+    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
-+    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
-+    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
-+    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
-+    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
-+    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
-+    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
-+    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
-+    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
-+    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
-+    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
-+    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
-+    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
-+    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
-+    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
-+    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
-+    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
-+    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
-+    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
-+    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
-+    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
-+    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
-+    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
-+    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
-+    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
-+    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
-+    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
-+    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
-+    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
-+    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
-+    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
-+    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
-+    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
-+    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
-+    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
-+    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
-+    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
-+    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
-+    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
-+    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
-+    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
-+    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
-+    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
-+    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
-+    0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
-+    0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
-+    0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
-+    0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
-+    0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
-+    0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
-+    0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
-+    0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
-+    0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
-+    0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
-+    0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
-+    0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
-+    0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
-+    0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
-+    0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
-+    0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
-+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+};
-+
-+static const ssl3DHParams ff_dhe_4096 = {
-+    { siBuffer, (unsigned char *)ff_dhe_4096_p, sizeof(ff_dhe_4096_p) },
-+    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
-+};
-+
-+static const unsigned char ff_dhe_6144_p[] = {
-+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
-+    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
-+    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
-+    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
-+    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
-+    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
-+    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
-+    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
-+    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
-+    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
-+    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
-+    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
-+    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
-+    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
-+    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
-+    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
-+    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
-+    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
-+    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
-+    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
-+    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
-+    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
-+    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
-+    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
-+    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
-+    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
-+    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
-+    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
-+    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
-+    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
-+    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
-+    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
-+    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
-+    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
-+    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
-+    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
-+    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
-+    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
-+    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
-+    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
-+    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
-+    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
-+    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
-+    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
-+    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
-+    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
-+    0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
-+    0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
-+    0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
-+    0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
-+    0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
-+    0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
-+    0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
-+    0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
-+    0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
-+    0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
-+    0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
-+    0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
-+    0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
-+    0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
-+    0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
-+    0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
-+    0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
-+    0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
-+    0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
-+    0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
-+    0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
-+    0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
-+    0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
-+    0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
-+    0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
-+    0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
-+    0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
-+    0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
-+    0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
-+    0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
-+    0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
-+    0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
-+    0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
-+    0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
-+    0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
-+    0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
-+    0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
-+    0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
-+    0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
-+    0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
-+    0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
-+    0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
-+    0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
-+    0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
-+    0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
-+    0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
-+    0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
-+    0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
-+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+};
-+
-+static const ssl3DHParams ff_dhe_6144 = {
-+    { siBuffer, (unsigned char *)ff_dhe_6144_p, sizeof(ff_dhe_6144_p) },
-+    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
-+};
-+
-+static const unsigned char ff_dhe_8192_p[] = {
-+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
-+    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
-+    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
-+    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
-+    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
-+    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
-+    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
-+    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
-+    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
-+    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
-+    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
-+    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
-+    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
-+    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
-+    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
-+    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
-+    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
-+    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
-+    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
-+    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
-+    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
-+    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
-+    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
-+    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
-+    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
-+    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
-+    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
-+    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
-+    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
-+    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
-+    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
-+    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
-+    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
-+    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
-+    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
-+    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
-+    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
-+    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
-+    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
-+    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
-+    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
-+    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
-+    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
-+    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
-+    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
-+    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
-+    0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
-+    0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
-+    0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
-+    0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
-+    0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
-+    0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
-+    0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
-+    0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
-+    0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
-+    0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
-+    0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
-+    0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
-+    0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
-+    0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
-+    0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
-+    0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
-+    0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
-+    0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
-+    0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
-+    0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
-+    0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
-+    0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
-+    0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
-+    0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
-+    0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
-+    0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
-+    0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
-+    0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
-+    0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
-+    0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
-+    0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
-+    0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
-+    0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
-+    0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
-+    0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
-+    0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
-+    0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
-+    0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
-+    0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
-+    0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
-+    0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
-+    0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
-+    0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
-+    0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
-+    0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
-+    0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
-+    0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
-+    0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
-+    0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
-+    0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
-+    0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
-+    0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
-+    0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
-+    0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
-+    0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
-+    0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
-+    0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
-+    0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
-+    0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
-+    0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
-+    0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
-+    0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
-+    0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
-+    0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
-+    0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
-+    0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
-+    0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
-+    0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
-+    0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
-+    0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
-+    0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
-+    0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
-+    0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
-+    0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
-+    0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
-+    0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
-+    0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
-+    0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
-+    0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
-+    0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
-+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+};
-+
-+static const ssl3DHParams ff_dhe_8192 = {
-+    { siBuffer, (unsigned char *)ff_dhe_8192_p, sizeof(ff_dhe_8192_p) },
-+    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
-+};
 diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
---- ./lib/ssl/ssl3con.c.dhe_and_sha384	2015-06-24 23:06:00.448872641 +0200
-+++ ./lib/ssl/ssl3con.c	2015-06-24 23:06:00.456872491 +0200
-@@ -91,7 +91,11 @@ static ssl3CipherSuiteCfg cipherSuites[s
+--- ./lib/ssl/ssl3con.c.dhe_and_sha384	2016-02-14 07:51:49.910312410 -0800
++++ ./lib/ssl/ssl3con.c	2016-02-14 08:03:31.562277561 -0800
+@@ -68,6 +68,8 @@ static SECStatus ssl3_ComputeHandshakeHa
+                                              SSL3Hashes *hashes,
+                                              PRUint32 sender);
+ static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
++static int       ssl3_OIDToTLSHashAlgorithm(SECOidTag oid);
++static CK_MECHANISM_TYPE ssl3_GetPrfHashMechanism(sslSocket *ss);
+ 
+ static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
+ 			     int maxOutputLen, const unsigned char *input,
+@@ -95,23 +97,37 @@ static ssl3CipherSuiteCfg cipherSuites[s
+    /*      cipher_suite                     policy       enabled   isPresent */
  
  #ifndef NSS_DISABLE_ECC
-  { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
+-   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
+-    * bug 946147.
+-    */
++ /* Ephemeral ECDH */
++ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
++ /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must be before TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
++  * to workaround bug 946147.
++  */
 + { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
++ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
+- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
+- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
+- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
++ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+  { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
++ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
++ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
 + { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-    /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
-     * bug 946147.
-     */
-@@ -108,14 +112,19 @@ static ssl3CipherSuiteCfg cipherSuites[s
++ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
++ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
++ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
++ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+  { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
  #endif /* NSS_DISABLE_ECC */
  
++ /* Ephemeral Finite Field DH */
++ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_TRUE, PR_FALSE},
++ { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
++ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
++ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
++ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
++ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
++ { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
++ { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+  { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+@@ -120,17 +136,12 @@ static ssl3CipherSuiteCfg cipherSuites[s
+  { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+- { TLS_DHE_DSS_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+- { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+- { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+- { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-@@ -134,6 +143,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
+  { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+  { TLS_DHE_DSS_WITH_RC4_128_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ 
+ #ifndef NSS_DISABLE_ECC
++ /* Non ephemeral ECDH */
+  { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+  { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
+  { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+@@ -142,18 +153,19 @@ static ssl3CipherSuiteCfg cipherSuites[s
  #endif /* NSS_DISABLE_ECC */
  
   /* RSA */
-+ { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_FALSE,  PR_FALSE},
++ { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
++ { TLS_RSA_WITH_AES_256_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
++ { TLS_RSA_WITH_AES_256_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
++ { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_RSA_WITH_AES_128_GCM_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
   { TLS_RSA_WITH_AES_128_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
   { TLS_RSA_WITH_AES_128_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-@@ -281,6 +291,7 @@ static const ssl3BulkCipherDef bulk_ciph
+  { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
+- { TLS_RSA_WITH_AES_256_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+- { TLS_RSA_WITH_AES_256_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+- { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
+  { TLS_RSA_WITH_SEED_CBC_SHA,               SSL_ALLOWED, PR_FALSE, PR_FALSE},
+- { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
+  { TLS_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+  { TLS_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+  { TLS_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
++ { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ 
+  /* 56-bit DES "domestic" cipher suites */
+  { TLS_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+@@ -292,6 +304,7 @@ static const ssl3BulkCipherDef bulk_ciph
      {cipher_camellia_256, calg_camellia,    32,32, type_block, 16,16, 0, 0},
      {cipher_seed,         calg_seed,        16,16, type_block, 16,16, 0, 0},
      {cipher_aes_128_gcm,  calg_aes_gcm,     16,16, type_aead,   4, 0,16, 8},
@@ -847,7 +109,18 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
      {cipher_missing,      calg_null,         0, 0, type_stream, 0, 0, 0, 0},
  };
  
-@@ -316,131 +327,145 @@ static const ssl3CipherSuiteDef cipher_s
+@@ -300,8 +313,8 @@ static const ssl3KEADef kea_defs[] =
+     /* kea            exchKeyType signKeyType is_limited limit tls_keygen ephemeral */
+     {kea_null,           kt_null, sign_null,  PR_FALSE,   0, PR_FALSE, PR_FALSE},
+     {kea_rsa,            kt_rsa,  sign_rsa,   PR_FALSE,   0, PR_FALSE, PR_FALSE},
+-    {kea_rsa_export,     kt_rsa,  sign_rsa,   PR_TRUE,  512, PR_FALSE, PR_FALSE},
+-    {kea_rsa_export_1024,kt_rsa,  sign_rsa,   PR_TRUE, 1024, PR_FALSE, PR_FALSE},
++    {kea_rsa_export,     kt_rsa,  sign_rsa,   PR_TRUE,  512, PR_FALSE, PR_TRUE},
++    {kea_rsa_export_1024,kt_rsa,  sign_rsa,   PR_TRUE, 1024, PR_FALSE, PR_TRUE},
+     {kea_dh_dss,         kt_dh,   sign_dsa,   PR_FALSE,   0, PR_FALSE, PR_FALSE},
+     {kea_dh_dss_export,  kt_dh,   sign_dsa,   PR_TRUE,  512, PR_FALSE, PR_FALSE},
+     {kea_dh_rsa,         kt_dh,   sign_rsa,   PR_FALSE,   0, PR_FALSE, PR_FALSE},
+@@ -327,135 +340,149 @@ static const ssl3CipherSuiteDef cipher_s
  {
  /*  cipher_suite                    bulk_cipher_alg mac_alg key_exchange_alg */
  
@@ -1001,6 +274,10 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
 +#ifndef NSS_DISABLE_ECC
      {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
      {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
+-
+-    {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss},
+-    {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss},
+-    {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss},
 +    {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_256},
 +    {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256},
 +    {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, prf_384},
@@ -1014,6 +291,10 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
 +    {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, prf_256},
 +    {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, prf_256},
 +    {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, prf_384},
++
++    {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, 0},
++    {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, 0},
++    {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, 0},
  
  #ifndef NSS_DISABLE_ECC
 -    {TLS_ECDH_ECDSA_WITH_NULL_SHA,        cipher_null, mac_sha, kea_ecdh_ecdsa},
@@ -1081,7 +362,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
  #endif
  #endif /* NSS_DISABLE_ECC */
  };
-@@ -481,6 +506,7 @@ static const SSLCipher2Mech alg2Mech[] =
+@@ -496,6 +523,7 @@ static const SSLCipher2Mech alg2Mech[] =
  #define mmech_md5_hmac CKM_MD5_HMAC
  #define mmech_sha_hmac CKM_SHA_1_HMAC
  #define mmech_sha256_hmac CKM_SHA256_HMAC
@@ -1089,7 +370,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
  
  static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
      /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */
-@@ -492,6 +518,7 @@ static const ssl3MACDef mac_defs[] = { /
+@@ -507,6 +535,7 @@ static const ssl3MACDef mac_defs[] = { /
      {hmac_sha,  mmech_sha_hmac,   0,  SHA1_LENGTH},
      {hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH},
      { mac_aead, mmech_invalid,    0,  0          },
@@ -1097,7 +378,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
  };
  
  /* indexed by SSL3BulkCipher */
-@@ -640,16 +667,26 @@ ssl3_CipherSuiteAllowedForVersionRange(
+@@ -655,19 +684,26 @@ ssl3_CipherSuiteAllowedForVersionRange(
      case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
      case TLS_RSA_WITH_AES_256_CBC_SHA256:
      case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
@@ -1108,8 +389,8 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
      case TLS_RSA_WITH_AES_128_CBC_SHA256:
      case TLS_RSA_WITH_AES_128_GCM_SHA256:
 +    case TLS_RSA_WITH_AES_256_GCM_SHA384:
-+    case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
-+    case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
+     case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
+     case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
      case TLS_RSA_WITH_NULL_SHA256:
          return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
  
@@ -1119,75 +400,12 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
 +    case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
      case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
 +    case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
-+    case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
+     case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
 +    case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
  	return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
  
      /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
-@@ -772,16 +809,11 @@ ssl3_config_match_init(sslSocket *ss)
- 	     * that the server uses an RSA cert for (EC)DHE-RSA.
- 	     */
- 	    switch (cipher_def->key_exchange_alg) {
-+	    case kea_dhe_dss:
-+		svrAuth = ss->serverCerts + ssl_kea_dh;
-+		break;
- 	    case kea_ecdhe_rsa:
--#if NSS_SERVER_DHE_IMPLEMENTED
--	    /* XXX NSS does not yet implement the server side of _DHE_
--	     * cipher suites.  Correcting the computation for svrAuth,
--	     * as the case below does, causes NSS SSL servers to begin to
--	     * negotiate cipher suites they do not implement.  So, until
--	     * server side _DHE_ is implemented, keep this disabled.
--	     */
- 	    case kea_dhe_rsa:
--#endif
- 		svrAuth = ss->serverCerts + kt_rsa;
- 		break;
- 	    case kea_ecdh_ecdsa:
-@@ -793,6 +825,8 @@ ssl3_config_match_init(sslSocket *ss)
- 		 * simultaneously. For now, both of them use
- 		 * whatever is in the certificate slot for kt_ecdh
- 		 */
-+	    case kea_dhe_dss_export:
-+	    case kea_dhe_rsa_export:
- 	    default:
- 		svrAuth = ss->serverCerts + exchKeyType;
- 		break;
-@@ -829,11 +863,22 @@ ssl3_config_match_init(sslSocket *ss)
-  * cipher suite. */
- static PRBool
- config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled,
--	     const SSLVersionRange *vrange)
-+	     const SSLVersionRange *vrange, const sslSocket *ss)
- {
-+    const ssl3CipherSuiteDef *cipher_def;
-+
-     PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE);
-     if (policy == SSL_NOT_ALLOWED || !enabled)
--    	return PR_FALSE;
-+	return PR_FALSE;
-+
-+    cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite);
-+    PORT_Assert(cipher_def != NULL);
-+
-+    PORT_Assert(ss != NULL);
-+    if (ss->sec.isServer && !ss->opt.enableServerDhe &&
-+        kea_defs[cipher_def->key_exchange_alg].exchKeyType == ssl_kea_dh)
-+	return PR_FALSE;
-+
-     return (PRBool)(suite->enabled &&
-                     suite->isPresent &&
- 	            suite->policy != SSL_NOT_ALLOWED &&
-@@ -854,7 +899,7 @@ count_cipher_suites(sslSocket *ss, int p
- 	return 0;
-     }
-     for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
--	if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange))
-+	if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange, ss))
- 	    count++;
-     }
-     if (count <= 0) {
-@@ -2321,6 +2366,9 @@ ssl3_ComputeRecordMAC(
+@@ -2348,6 +2384,9 @@ ssl3_ComputeRecordMAC(
  	case ssl_hmac_sha256: /* used with TLS */
  	    hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
  	    break;
@@ -1197,7 +415,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
  	default:
  	    break;
  	}
-@@ -3563,6 +3611,17 @@ ssl3_HandleChangeCipherSpecs(sslSocket *
+@@ -3592,6 +3631,18 @@ ssl3_HandleChangeCipherSpecs(sslSocket *
      return SECSuccess;
  }
  
@@ -1212,94 +430,70 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
 +   return prf_alg;
 +}
 +
- /* This method uses PKCS11 to derive the MS from the PMS, where PMS 
- ** is a PKCS11 symkey. This is used in all cases except the 
- ** "triple bypass" with RSA key exchange.
-@@ -3592,15 +3651,17 @@ ssl3_DeriveMasterSecret(sslSocket *ss, P
-     SECItem           params;
-     CK_FLAGS          keyFlags;
-     CK_VERSION        pms_version;
--    CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
-+    /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */
-+    CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
-+    unsigned int      master_params_len;
- 
-     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-     PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
-     PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
++
+ /* This method completes the derivation of the MS from the PMS.
+ **
+ ** 1. Derive the MS, if possible, else return an error.
+@@ -3682,6 +3733,9 @@ ssl3_ComputeMasterSecretInt(sslSocket *s
+     CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
+     unsigned int      master_params_len;
+ 
++    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
++    PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
++    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
      if (isTLS12) {
--	if(isDH) master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
--	else master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256;
--	key_derive    = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
-+	if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH;
-+	else master_derive = CKM_TLS12_MASTER_KEY_DERIVE;
-+	key_derive    = CKM_TLS12_KEY_AND_MAC_DERIVE;
- 	keyFlags      = CKF_SIGN | CKF_VERIFY;
-     } else if (isTLS) {
- 	if(isDH) master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH;
-@@ -3624,6 +3685,12 @@ ssl3_DeriveMasterSecret(sslSocket *ss, P
- 	master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
- 	master_params.RandomInfo.pServerRandom     = sr;
- 	master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
-+	if (isTLS12) {
-+	    master_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
-+	    master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
-+	} else {
-+	    master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS);
+ 	if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH;
+ 	else master_derive = CKM_TLS12_MASTER_KEY_DERIVE;
+@@ -3709,7 +3763,7 @@ ssl3_ComputeMasterSecretInt(sslSocket *s
+     master_params.RandomInfo.pServerRandom     = sr;
+     master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
+     if (isTLS12) {
+-        master_params.prfHashMechanism = CKM_SHA256;
++        master_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
+         master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
+     } else {
+         /* prfHashMechanism is not relevant with this PRF */
+@@ -3845,7 +3899,7 @@ ssl3_DeriveMasterSecret(sslSocket *ss, P
+ 	rv = PK11_ExtractKeyValue(pwSpec->master_secret);
+ 	if (rv != SECSuccess) {
+ 	    return rv;
+-        }
 +	}
+ 	/* This returns the address of the secItem inside the key struct,
+ 	 * not a copy or a reference.  So, there's no need to free it.
+ 	 */
+@@ -3954,7 +4008,7 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocke
  
- 	params.data = (unsigned char *) &master_params;
- 	params.len  = sizeof master_params;
-@@ -3756,7 +3823,9 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocke
-     PK11SymKey *           symKey = NULL;
-     void *                 pwArg  = ss->pkcs11PinArg;
-     int                    keySize;
--    CK_SSL3_KEY_MAT_PARAMS key_material_params;
-+    CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a
-+						  * CK_SSL3_KEY_MAT_PARAMS */
-+    unsigned int           key_material_params_len;
-     CK_SSL3_KEY_MAT_OUT    returnedKeys;
-     CK_MECHANISM_TYPE      key_derive;
-     CK_MECHANISM_TYPE      bulk_mechanism;
-@@ -3810,17 +3879,21 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocke
-     PORT_Assert(     alg2Mech[calg].calg == calg);
-     bulk_mechanism = alg2Mech[calg].cmech;
- 
--    params.data    = (unsigned char *)&key_material_params;
--    params.len     = sizeof(key_material_params);
--
      if (isTLS12) {
--	key_derive    = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
-+	key_derive    = CKM_TLS12_KEY_AND_MAC_DERIVE;
+ 	key_derive    = CKM_TLS12_KEY_AND_MAC_DERIVE;
+-	key_material_params.prfHashMechanism = CKM_SHA256;
 +	key_material_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
-+	key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS);
+ 	key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS);
      } else if (isTLS) {
  	key_derive    = CKM_TLS_KEY_AND_MAC_DERIVE;
-+	key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
-     } else {
- 	key_derive    = CKM_SSL3_KEY_AND_MAC_DERIVE;
-+	key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
-     }
- 
-+    params.data = (unsigned char *)&key_material_params;
-+    params.len  = key_material_params_len;
-+
-     /* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and
-      * DERIVE by DEFAULT */
-     symKey = PK11_Derive(pwSpec->master_secret, key_derive, &params,
-@@ -3883,9 +3956,9 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
- #ifndef NO_PKCS11_BYPASS
-     if (ss->opt.bypassPKCS11) {
- 	PORT_Assert(!ss->ssl3.hs.sha_obj && !ss->ssl3.hs.sha_clone);
-+	/* If we ever support ciphersuites where the PRF hash isn't SHA-256
-+	 * then this will need to be updated. */
+@@ -4032,7 +4086,20 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
  	if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
--	    /* If we ever support ciphersuites where the PRF hash isn't SHA-256
--	     * then this will need to be updated. */
- 	    ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256);
+ 	    /* If we ever support ciphersuites where the PRF hash isn't SHA-256
+ 	     * then this will need to be updated. */
+-	    ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256);
++	    HASH_HashType ht;
++	    CK_MECHANISM_TYPE hm;
++	    SECOidTag ot;
++	    SECOidData *hashOid;
++
++	    hm = ssl3_GetPrfHashMechanism(ss);
++	    hashOid = SECOID_FindOIDByMechanism(hm);
++	    if (hashOid == NULL) {
++	        ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
++	        return SECFailure;
++	    }
++	    ot = hashOid->offset;
++	    ht = HASH_GetHashTypeByOidTag(ot);
++	    ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(ht);
  	    if (!ss->ssl3.hs.sha_obj) {
  		ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-@@ -3909,9 +3982,19 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
+ 		return SECFailure;
+@@ -4055,9 +4122,20 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
  	 * that the master secret will wind up in ...
  	 */
  	if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
@@ -1311,9 +505,10 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
 +
 +	    PORT_Assert(ss->ssl3.hs.suite_def);
 +	    /* Get the PKCS #11 mechanism for the Hash from the cipher suite (prf_alg)
-+	     * Convert that to the OidTag.
-+	     * We can then use that OidTag to create our PK11Context */
++	     * Convert that to the OidTag. We can then use that OidTag to create our
++         * PK11Context */
 +	    hash_oid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
++	    PORT_Assert(hash_oid != NULL);
 +	    if (hash_oid == NULL) {
 +		ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
 +		return SECFailure;
@@ -1322,39 +517,63 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
  	    if (ss->ssl3.hs.sha == NULL) {
  		ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
  		return SECFailure;
-@@ -5279,7 +5362,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
-     }
-     for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- 	ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
--	if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
-+	if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange, ss)) {
- 	    actual_count++;
- 	    if (actual_count > num_suites) {
- 		if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
-@@ -6305,13 +6388,6 @@ ssl3_HandleServerHello(sslSocket *ss, SS
-     }
-     isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
+@@ -4378,6 +4456,11 @@ ssl3_AppendSignatureAndHashAlgorithm(
+     sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash)
+ {
+     PRUint8 serialized[2];
++    unsigned char hashAlg = ssl3_OIDToTLSHashAlgorithm(sigAndHash->hashAlg);
++    if (hashAlg == 0) {
++	PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
++	return SECFailure;
++    }
  
--    rv = ssl3_InitHandshakeHashes(ss);
--    if (rv != SECSuccess) {
--	desc = internal_error;
--	errCode = PORT_GetError();
--	goto alert_loser;
--    }
--
-     rv = ssl3_ConsumeHandshake(
- 	ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length);
-     if (rv != SECSuccess) {
-@@ -6338,7 +6414,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
- 	ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
- 	if (temp == suite->cipher_suite) {
- 	    SSLVersionRange vrange = {ss->version, ss->version};
--	    if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
-+	    if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
- 		/* config_match already checks whether the cipher suite is
- 		 * acceptable for the version, but the check is repeated here
- 		 * in order to give a more precise error code. */
-@@ -6390,6 +6466,14 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+     serialized[0] = (PRUint8)sigAndHash->hashAlg;
+     serialized[1] = (PRUint8)sigAndHash->sigAlg;
+@@ -4499,6 +4582,7 @@ static const struct {
+     SECOidTag oid;
+ } tlsHashOIDMap[] = {
+     { ssl_hash_sha1, SEC_OID_SHA1 },
++    { ssl_hash_sha224, SEC_OID_SHA224 },
+     { ssl_hash_sha256, SEC_OID_SHA256 },
+     { ssl_hash_sha384, SEC_OID_SHA384 },
+     { ssl_hash_sha512, SEC_OID_SHA512 }
+@@ -4521,6 +4605,23 @@ ssl3_TLSHashAlgorithmToOID(SSLHashType h
+     return SEC_OID_UNKNOWN;
+ }
+ 
++/* ssl3_OIDToTLSHashAlgorithm converts an OID to a TLS hash algorithm
++ * identifier. If the hash is not recognised, zero is returned.
++ *
++ * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
++static int
++ssl3_OIDToTLSHashAlgorithm(SECOidTag oid)
++{
++    unsigned int i;
++
++    for (i = 0; i < PR_ARRAY_SIZE(tlsHashOIDMap); i++) {
++	if (oid == tlsHashOIDMap[i].oid) {
++	    return tlsHashOIDMap[i].tlsHash;
++	}
++    }
++    return 0;
++}
++
+ /* ssl3_TLSSignatureAlgorithmForKeyType returns the TLS 1.2 signature algorithm
+  * identifier for a given KeyType. */
+ static SECStatus
+@@ -4843,6 +4944,11 @@ tls12_loser:
+ 	unsigned char md5StackBuf[256];
+ 	unsigned char shaStackBuf[512];
+ 
++	if (!spec->master_secret) {
++	    PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
++	    return SECFailure;
++	}
++
+ 	md5StateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.md5, md5StackBuf,
+ 					    sizeof md5StackBuf, &md5StateLen);
+ 	if (md5StateBuf == NULL) {
+@@ -6568,6 +6674,14 @@ ssl3_HandleServerHello(sslSocket *ss, SS
      }
      ss->ssl3.hs.compression = (SSLCompressionMethod)temp;
  
@@ -1369,96 +588,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
      /* Note that if !isTLS and the extra stuff is not extensions, we
       * do NOT goto alert_loser.
       * There are some old SSL 3.0 implementations that do send stuff
-@@ -7609,6 +7693,22 @@ ssl3_SendServerHelloSequence(sslSocket *
- /* An empty TLS Renegotiation Info (RI) extension */
- static const PRUint8 emptyRIext[5] = {0xff, 0x01, 0x00, 0x01, 0x00};
- 
-+static PRBool
-+ssl3_KEAAllowsSessionTicket(SSL3KeyExchangeAlgorithm kea)
-+{
-+    switch (kea) {
-+	case kea_dhe_dss:
-+	case kea_dhe_dss_export:
-+	case kea_dh_dss_export:
-+	case kea_dh_dss:
-+	    /* TODO: Fix session tickets for DSS. The server code rejects the
-+	     * session ticket received from the client. Bug 1174677 */
-+	    return PR_FALSE;
-+	default:
-+	    return PR_TRUE;
-+    };
-+}
-+
- /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
-  * ssl3 Client Hello message.
-  * Caller must hold Handshake and RecvBuf locks.
-@@ -7631,6 +7731,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS
-     SECItem             comps    = {siBuffer, NULL, 0};
-     PRBool              haveSpecWriteLock = PR_FALSE;
-     PRBool              haveXmitBufLock   = PR_FALSE;
-+    PRBool              canOfferSessionTicket = PR_FALSE;
- 
-     SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake",
-     	SSL_GETPID(), ss->fd));
-@@ -7704,13 +7805,6 @@ ssl3_HandleClientHello(sslSocket *ss, SS
- 	goto alert_loser;
-     }
- 
--    rv = ssl3_InitHandshakeHashes(ss);
--    if (rv != SECSuccess) {
--	desc = internal_error;
--	errCode = PORT_GetError();
--	goto alert_loser;
--    }
--
-     /* grab the client random data. */
-     rv = ssl3_ConsumeHandshake(
- 	ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length);
-@@ -7870,8 +7964,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS
-      * resuming.)
-      */
-     if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) && sid == NULL) {
--	ssl3_RegisterServerHelloExtensionSender(ss,
--	    ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn);
-+	canOfferSessionTicket = PR_TRUE;
-     }
- 
-     if (sid != NULL) {
-@@ -7950,7 +8043,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS
- 	 * The product policy won't change during the process lifetime.  
- 	 * Implemented ("isPresent") shouldn't change for servers.
- 	 */
--	if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange))
-+	if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss))
- 	    break;
- #else
- 	if (!suite->enabled)
-@@ -7999,7 +8092,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS
-     for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
- 	ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
- 	SSLVersionRange vrange = {ss->version, ss->version};
--	if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
-+	if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
- 	    continue;
- 	}
- 	for (i = 0; i + 1 < suites.len; i += 2) {
-@@ -8016,6 +8109,15 @@ ssl3_HandleClientHello(sslSocket *ss, SS
-     goto alert_loser;
- 
- suite_found:
-+    if (canOfferSessionTicket)
-+	canOfferSessionTicket = ssl3_KEAAllowsSessionTicket(
-+				    ss->ssl3.hs.suite_def->key_exchange_alg);
-+
-+    if (canOfferSessionTicket) {
-+	ssl3_RegisterServerHelloExtensionSender(ss,
-+	    ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn);
-+    }
-+
-     /* Select a compression algorithm. */
-     for (i = 0; i < comps.len; i++) {
- 	if (!compressionEnabled(ss, comps.data[i]))
-@@ -8036,6 +8138,14 @@ compression_found:
+@@ -8287,6 +8401,14 @@ compression_found:
      suites.data = NULL;
      comps.data = NULL;
  
@@ -1473,30 +603,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
      ss->sec.send = ssl3_SendApplicationData;
  
      /* If there are any failures while processing the old sid,
-@@ -8479,13 +8589,6 @@ ssl3_HandleV2ClientHello(sslSocket *ss,
- 	goto alert_loser;
-     }
- 
--    rv = ssl3_InitHandshakeHashes(ss);
--    if (rv != SECSuccess) {
--	desc = internal_error;
--	errCode = PORT_GetError();
--	goto alert_loser;
--    }
--
-     /* if we get a non-zero SID, just ignore it. */
-     if (length !=
-         SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) {
-@@ -8533,7 +8636,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss,
-     for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
- 	ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
- 	SSLVersionRange vrange = {ss->version, ss->version};
--	if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
-+	if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
- 	    continue;
- 	}
- 	for (i = 0; i+2 < suite_length; i += 3) {
-@@ -8572,6 +8675,15 @@ suite_found:
+@@ -8857,6 +8979,15 @@ suite_found:
      }
  
      ss->ssl3.hs.compression = ssl_compression_null;
@@ -1512,342 +619,34 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
      ss->sec.send            = ssl3_SendApplicationData;
  
      /* we don't even search for a cache hit here.  It's just a miss. */
-@@ -8732,6 +8844,154 @@ ssl3_SendServerHello(sslSocket *ss)
-     return SECSuccess;
- }
- 
-+static SECStatus
-+ssl3_PickSignatureHashAlgorithm(sslSocket *ss,
-+				SSL3SignatureAndHashAlgorithm* out);
-+
-+static SECStatus
-+ssl3_SendDHServerKeyExchange(sslSocket *ss)
-+{
-+    const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
-+    SECStatus          rv = SECFailure;
-+    int                length;
-+    PRBool             isTLS;
-+    SECItem            signed_hash = {siBuffer, NULL, 0};
-+    SSL3Hashes         hashes;
-+    SSL3SignatureAndHashAlgorithm sigAndHash;
-+    SECKEYDHParams dhParam;
-+
-+    ssl3KeyPair *keyPair = NULL;
-+    SECKEYPublicKey *pubKey = NULL; /* Ephemeral DH key */
-+    SECKEYPrivateKey *privKey = NULL; /* Ephemeral DH key */
-+    int certIndex = -1;
-+
-+    if (kea_def->kea != kea_dhe_dss && kea_def->kea != kea_dhe_rsa) {
-+	/* TODO: Support DH_anon. It might be sufficient to drop the signature.
-+	   See bug 1170510. */
-+	PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-+	return SECFailure;
-+    }
-+
-+    dhParam.prime.data = ss->dheParams->prime.data;
-+    dhParam.prime.len = ss->dheParams->prime.len;
-+    dhParam.base.data = ss->dheParams->base.data;
-+    dhParam.base.len = ss->dheParams->base.len;
-+
-+    PRINT_BUF(60, (NULL, "Server DH p", dhParam.prime.data,
-+                   dhParam.prime.len));
-+    PRINT_BUF(60, (NULL, "Server DH g", dhParam.base.data,
-+                   dhParam.base.len));
-+
-+    /* Generate ephemeral DH keypair */
-+    privKey = SECKEY_CreateDHPrivateKey(&dhParam, &pubKey, NULL);
-+    if (!privKey || !pubKey) {
-+        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-+        rv = SECFailure;
-+        goto loser;
-+    }
-+
-+    keyPair = ssl3_NewKeyPair(privKey, pubKey);
-+    if (!keyPair) {
-+        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-+        goto loser;
-+    }
-+
-+    PRINT_BUF(50, (ss, "DH public value:",
-+                   pubKey->u.dh.publicValue.data,
-+                   pubKey->u.dh.publicValue.len));
-+
-+    if (ssl3_PickSignatureHashAlgorithm(ss, &sigAndHash) != SECSuccess) {
-+        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-+        goto loser;
-+    }
-+
-+    rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg,
-+                               pubKey->u.dh.prime,
-+                               pubKey->u.dh.base,
-+                               pubKey->u.dh.publicValue,
-+                               &ss->ssl3.hs.client_random,
-+                               &ss->ssl3.hs.server_random,
-+                               &hashes, ss->opt.bypassPKCS11);
-+    if (rv != SECSuccess) {
-+        ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-+        goto loser;
-+    }
-+
-+    /* It has been suggested to test kea_def->signKeyType instead, and to use
-+     * ssl_auth_* instead. Investigate what to do. See bug 102794. */
-+    if (kea_def->kea == kea_dhe_rsa)
-+        certIndex = ssl_kea_rsa;
-+    else
-+        certIndex = ssl_kea_dh;
-+
-+    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-+    rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
-+                         &signed_hash, isTLS);
-+    if (rv != SECSuccess) {
-+        goto loser;		/* ssl3_SignHashes has set err. */
-+    }
-+    if (signed_hash.data == NULL) {
-+        PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-+        goto loser;
-+    }
-+    length = 2 + pubKey->u.dh.prime.len +
-+        2 + pubKey->u.dh.base.len +
-+        2 + pubKey->u.dh.publicValue.len +
-+        2 + signed_hash.len;
-+
-+    if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-+	length += 2;
-+    }
-+
-+    rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
-+    if (rv != SECSuccess) {
-+        goto loser; 	/* err set by AppendHandshake. */
-+    }
-+
-+    rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.prime.data,
-+                                      pubKey->u.dh.prime.len, 2);
-+    if (rv != SECSuccess) {
-+        goto loser; 	/* err set by AppendHandshake. */
-+    }
-+
-+    rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.base.data,
-+                                      pubKey->u.dh.base.len, 2);
-+    if (rv != SECSuccess) {
-+        goto loser; 	/* err set by AppendHandshake. */
-+    }
-+
-+    rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.publicValue.data,
-+                                      pubKey->u.dh.publicValue.len, 2);
-+    if (rv != SECSuccess) {
-+        goto loser; 	/* err set by AppendHandshake. */
-+    }
-+
-+    if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-+	rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash);
-+	if (rv != SECSuccess) {
-+	    goto loser; /* err set by AppendHandshake. */
-+	}
-+    }
-+
-+    rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
-+                                      signed_hash.len, 2);
-+    if (rv != SECSuccess) {
-+        goto loser; 	/* err set by AppendHandshake. */
-+    }
-+    PORT_Free(signed_hash.data);
-+    ss->dheKeyPair = keyPair;
-+    return SECSuccess;
-+
-+loser:
-+    if (signed_hash.data)
-+        PORT_Free(signed_hash.data);
-+    if (privKey)
-+        SECKEY_DestroyPrivateKey(privKey);
-+    if (pubKey)
-+        SECKEY_DestroyPublicKey(pubKey);
-+    return SECFailure;
-+}
-+
- /* ssl3_PickSignatureHashAlgorithm selects a hash algorithm to use when signing
-  * elements of the handshake. (The negotiated cipher suite determines the
-  * signature algorithm.) Prior to TLS 1.2, the MD5/SHA1 combination is always
-@@ -8906,6 +9166,11 @@ ssl3_SendServerKeyExchange(sslSocket *ss
- 	PORT_Free(signed_hash.data);
- 	return SECSuccess;
- 
-+    case ssl_kea_dh: {
-+	rv = ssl3_SendDHServerKeyExchange(ss);
-+	return rv;
-+    }
-+
- #ifndef NSS_DISABLE_ECC
-     case kt_ecdh: {
- 	rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash);
-@@ -8913,7 +9178,6 @@ ssl3_SendServerKeyExchange(sslSocket *ss
-     }
- #endif /* NSS_DISABLE_ECC */
- 
--    case kt_dh:
-     case kt_null:
-     default:
- 	PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-@@ -9322,6 +9586,59 @@ double_bypass:
-     return SECSuccess;
- }
- 
-+static SECStatus
-+ssl3_HandleDHClientKeyExchange(sslSocket *ss,
-+                               SSL3Opaque *b,
-+                               PRUint32 length,
-+                               SECKEYPublicKey *srvrPubKey,
-+                               SECKEYPrivateKey *serverKey)
-+{
-+    PK11SymKey            *pms;
-+    SECStatus              rv;
-+    SECKEYPublicKey        clntPubKey;
-+    CK_MECHANISM_TYPE	target;
-+    PRBool                 isTLS;
-+
-+    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
-+    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
-+    PORT_Assert( srvrPubKey );
-+
-+    clntPubKey.keyType = dhKey;
-+    clntPubKey.u.dh.prime.len = srvrPubKey->u.dh.prime.len;
-+    clntPubKey.u.dh.prime.data = srvrPubKey->u.dh.prime.data;
-+    clntPubKey.u.dh.base.len = srvrPubKey->u.dh.base.len;
-+    clntPubKey.u.dh.base.data = srvrPubKey->u.dh.base.data;
-+
-+    rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.dh.publicValue,
-+	                               2, &b, &length);
-+    if (rv != SECSuccess) {
-+	goto loser;
-+    }
-+
-+    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
-+
-+    if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH;
-+    else target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
-+
-+    /*  Determine the PMS */
-+    pms = PK11_PubDerive(serverKey, &clntPubKey, PR_FALSE, NULL, NULL,
-+                         CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL);
-+    if (pms == NULL) {
-+	ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-+	goto loser;
-+    }
-+
-+    rv = ssl3_InitPendingCipherSpec(ss,  pms);
-+    PK11_FreeSymKey(pms); pms = NULL;
-+
-+loser:
-+    if (ss->dheKeyPair) {
-+        ssl3_FreeKeyPair(ss->dheKeyPair);
-+        ss->dheKeyPair = NULL;
-+    }
-+    return rv;
-+}
-+
- 
- /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
-  * ssl3 ClientKeyExchange message from the remote client
-@@ -9334,9 +9651,7 @@ ssl3_HandleClientKeyExchange(sslSocket *
-     SECStatus         rv;
-     const ssl3KEADef *kea_def;
-     ssl3KeyPair     *serverKeyPair      = NULL;
--#ifndef NSS_DISABLE_ECC
-     SECKEYPublicKey *serverPubKey       = NULL;
--#endif /* NSS_DISABLE_ECC */
- 
-     SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
- 		SSL_GETPID(), ss->fd));
-@@ -9366,6 +9681,16 @@ ssl3_HandleClientKeyExchange(sslSocket *
- 	ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
-     } else 
- skip:
-+    if (kea_def->kea == kea_dhe_dss ||
-+        kea_def->kea == kea_dhe_rsa) {
-+        if (ss->dheKeyPair) {
-+            serverKeyPair = ss->dheKeyPair;
-+            if (serverKeyPair->pubKey) {
-+                ss->sec.keaKeyBits =
-+                    SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey);
-+            }
-+        }
-+    } else
- #ifndef NSS_DISABLE_ECC
-     /* XXX Using SSLKEAType to index server certifiates
-      * does not work for (EC)DHE ciphers. Until we have
-@@ -9411,6 +9736,21 @@ skip:
- 	}
- 	break;
- 
-+    case ssl_kea_dh:
-+	if (ss->dheKeyPair && ss->dheKeyPair->pubKey) {
-+	    serverPubKey = ss->dheKeyPair->pubKey;
-+	}
-+	if (!serverPubKey) {
-+	    PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
-+	    return SECFailure;
-+	}
-+	rv = ssl3_HandleDHClientKeyExchange(ss, b, length,
-+                                            serverPubKey, serverKey);
-+	if (rv != SECSuccess) {
-+	    SSL3_SendAlert(ss, alert_fatal, handshake_failure);
-+	    return SECFailure;	/* error code set */
-+	}
-+	break;
- 
- #ifndef NSS_DISABLE_ECC
-     case kt_ecdh:
-@@ -10181,21 +10521,39 @@ done:
+@@ -9388,7 +9519,7 @@ ssl3_EncodeCertificateRequestSigAlgs(ssl
+         /* Note that we don't support a handshake hash with anything other than
+          * SHA-256, so asking for a signature from clients for something else
+          * would be inviting disaster. */
+-        if (alg->hashAlg == ssl_hash_sha256) {
++        if (alg->hashAlg == ssl_hash_sha256 /* || alg->hashAlg == ssl_hash_sha384*/) {
+             buf[(*len)++] = (PRUint8)alg->hashAlg;
+             buf[(*len)++] = (PRUint8)alg->sigAlg;
+         }
+@@ -10841,7 +10972,7 @@ done:
  }
  
  static SECStatus
 -ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
-+ssl3_ComputeTLSFinished(sslSocket *ss,
-+                        ssl3CipherSpec *spec,
++ssl3_ComputeTLSFinished(sslSocket *ss, ssl3CipherSpec *spec,
  			PRBool          isServer,
                  const   SSL3Hashes   *  hashes,
                          TLSFinished  *  tlsFinished)
- {
--    const char * label;
--    unsigned int len;
--    SECStatus    rv;
--
--    label = isServer ? "server finished" : "client finished";
--    len   = 15;
--
--    rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw,
--	hashes->len, tlsFinished->verify_data,
--	sizeof tlsFinished->verify_data);
-+    SECStatus rv;
-+    CK_TLS12_MAC_PARAMS tls12_mac_params;
-+    SECItem param = {siBuffer, NULL, 0};
-+    PK11Context *prf_context;
-+    unsigned int retLen;
-+
-+    if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
-+	tls12_mac_params.prfHashMechanism = CKM_TLS_PRF;
-+    } else {
-+	tls12_mac_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
-+    }
-+    tls12_mac_params.ulMacLength = 12;
-+    tls12_mac_params.ulServerOrClient = isServer ? 1 : 2;
-+    param.data = (unsigned char *)&tls12_mac_params;
-+    param.len = sizeof(tls12_mac_params);
-+    prf_context = PK11_CreateContextBySymKey(CKM_TLS12_MAC, CKA_SIGN,
-+					     spec->master_secret, &param);
-+    if (!prf_context)
-+	return SECFailure;
-+
-+    rv  = PK11_DigestBegin(prf_context);
-+    rv |= PK11_DigestOp(prf_context, hashes->u.raw, hashes->len);
-+    rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, &retLen,
-+			   sizeof tlsFinished->verify_data);
-+    PORT_Assert(rv != SECSuccess || retLen == sizeof tlsFinished->verify_data);
-+ 
-+    PK11_DestroyContext(prf_context, PR_TRUE);
- 
-     return rv;
- }
-@@ -10380,7 +10738,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32
+@@ -10864,7 +10995,7 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *
+     if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
+ 	tls_mac_params.prfMechanism = CKM_TLS_PRF;
+     } else {
+-	tls_mac_params.prfMechanism = CKM_SHA256;
++	tls_mac_params.prfMechanism = ssl3_GetPrfHashMechanism(ss);
+     }
+     tls_mac_params.ulMacLength = 12;
+     tls_mac_params.ulServerOrClient = isServer ? 1 : 2;
+@@ -11066,7 +11197,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32
      isTLS = (PRBool)(cwSpec->version > SSL_LIBRARY_VERSION_3_0);
      rv = ssl3_ComputeHandshakeHashes(ss, cwSpec, &hashes, sender);
      if (isTLS && rv == SECSuccess) {
@@ -1856,7 +655,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
      }
      ssl_ReleaseSpecReadLock(ss);
      if (rv != SECSuccess) {
-@@ -10544,7 +10902,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
+@@ -11237,7 +11368,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
  	    PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
  	    return SECFailure;
  	}
@@ -1865,85 +664,10 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
  	                             hashes, &tlsFinished);
  	if (!isServer)
  	    ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
-@@ -10590,7 +10948,8 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
- 	 * ServerHello message.)
- 	 */
- 	if (isServer && !ss->ssl3.hs.isResuming &&
--	    ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) {
-+	    ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) &&
-+	    ssl3_KEAAllowsSessionTicket(ss->ssl3.hs.suite_def->key_exchange_alg)) {
- 	    /* RFC 5077 Section 3.3: "In the case of a full handshake, the
- 	     * server MUST verify the client's Finished message before sending
- 	     * the ticket." Presumably, this also means that the client's
-@@ -10638,7 +10997,8 @@ xmit_loser:
-         return rv;
-     }
- 
--    if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
-+    if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
-+        ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
- 	effectiveExchKeyType = kt_rsa;
-     } else {
- 	effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
-@@ -11856,8 +12216,6 @@ ssl3_FreeKeyPair(ssl3KeyPair * keyPair)
-     }
- }
- 
--
--
- /*
-  * Creates the public and private RSA keys for SSL Step down.
-  * Called from SSL_ConfigSecureServer in sslsecur.c
-@@ -11889,7 +12247,6 @@ ssl3_CreateRSAStepDownKeys(sslSocket *ss
-     return rv;
- }
- 
--
- /* record the export policy for this cipher suite */
- SECStatus
- ssl3_SetPolicy(ssl3CipherSuite which, int policy)
-@@ -12022,7 +12379,7 @@ ssl3_ConstructV2CipherSpecsHack(sslSocke
-     /* ssl3_config_match_init was called by the caller of this function. */
-     for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- 	ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
--	if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange)) {
-+	if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange, ss)) {
- 	    if (cs != NULL) {
- 		*cs++ = 0x00;
- 		*cs++ = (suite->cipher_suite >> 8) & 0xFF;
-@@ -12147,6 +12504,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
- 	}
-     }
- 
-+    if (ss->ssl3.dheGroups) {
-+	PORT_Free(ss->ssl3.dheGroups);
-+    }
-+
-     ss->ssl3.initialized = PR_FALSE;
- 
-     SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
 diff -up ./lib/ssl/ssl3ecc.c.dhe_and_sha384 ./lib/ssl/ssl3ecc.c
---- ./lib/ssl/ssl3ecc.c.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./lib/ssl/ssl3ecc.c	2015-06-24 23:09:45.987637456 +0200
-@@ -297,7 +297,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket
-                                         pubKey->u.ec.publicValue.len));
- 
-     if (isTLS12) {
--        target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
-+        target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
-     } else if (isTLS) {
-         target = CKM_TLS_MASTER_KEY_DERIVE_DH;
-     } else {
-@@ -388,7 +388,7 @@ ssl3_HandleECDHClientKeyExchange(sslSock
-     isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
- 
-     if (isTLS12) {
--        target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
-+        target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
-     } else if (isTLS) {
-         target = CKM_TLS_MASTER_KEY_DERIVE_DH;
-     } else {
-@@ -914,7 +914,9 @@ static const ssl3CipherSuite ecdhe_ecdsa
+--- ./lib/ssl/ssl3ecc.c.dhe_and_sha384	2015-11-08 21:12:59.000000000 -0800
++++ ./lib/ssl/ssl3ecc.c	2016-02-14 07:51:49.915312514 -0800
+@@ -919,7 +919,9 @@ static const ssl3CipherSuite ecdhe_ecdsa
      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -1953,7 +677,7 @@ diff -up ./lib/ssl/ssl3ecc.c.dhe_and_sha384 ./lib/ssl/ssl3ecc.c
      TLS_ECDHE_ECDSA_WITH_NULL_SHA,
      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
      0 /* end of list marker */
-@@ -925,7 +927,9 @@ static const ssl3CipherSuite ecdhe_rsa_s
+@@ -930,7 +932,9 @@ static const ssl3CipherSuite ecdhe_rsa_s
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -1963,7 +687,7 @@ diff -up ./lib/ssl/ssl3ecc.c.dhe_and_sha384 ./lib/ssl/ssl3ecc.c
      TLS_ECDHE_RSA_WITH_NULL_SHA,
      TLS_ECDHE_RSA_WITH_RC4_128_SHA,
      0 /* end of list marker */
-@@ -940,11 +944,15 @@ static const ssl3CipherSuite ecSuites[]
+@@ -945,11 +949,15 @@ static const ssl3CipherSuite ecSuites[]
      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
      TLS_ECDHE_ECDSA_WITH_NULL_SHA,
      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
@@ -1979,151 +703,138 @@ diff -up ./lib/ssl/ssl3ecc.c.dhe_and_sha384 ./lib/ssl/ssl3ecc.c
      TLS_ECDHE_RSA_WITH_NULL_SHA,
      TLS_ECDHE_RSA_WITH_RC4_128_SHA,
      TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-diff -up ./lib/ssl/ssl3ext.c.dhe_and_sha384 ./lib/ssl/ssl3ext.c
---- ./lib/ssl/ssl3ext.c.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./lib/ssl/ssl3ext.c	2015-06-24 23:06:00.457872472 +0200
-@@ -1125,7 +1125,8 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
-         sslSessionID sid;
-         PORT_Memset(&sid, 0, sizeof(sslSessionID));
- 
--        if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
-+        if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
-+            ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
-             effectiveExchKeyType = kt_rsa;
-         } else {
-             effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
-diff -up ./lib/ssl/ssl.def.dhe_and_sha384 ./lib/ssl/ssl.def
---- ./lib/ssl/ssl.def.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./lib/ssl/ssl.def	2015-06-24 23:06:00.454872529 +0200
-@@ -171,3 +171,13 @@ SSL_SetCanFalseStartCallback;
- ;+    local:
- ;+*;
- ;+};
-+;+NSS_3.20 {    # NSS 3.20 release
-+;+    global:
-+;+# If the 3.20 release includes any additional functions
-+;+# besides SSL_DHEGroupPrefSet and SSL_EnableWeakDHEPrimeGroup
-+;+# they should be labeled as NSS_3.20a
-+SSL_DHEGroupPrefSet;
-+SSL_EnableWeakDHEPrimeGroup;
-+;+    local:
-+;+*;
-+;+};
+diff -up ./lib/ssl/ssl3prot.h.dhe_and_sha384 ./lib/ssl/ssl3prot.h
+--- ./lib/ssl/ssl3prot.h.dhe_and_sha384	2015-11-08 21:12:59.000000000 -0800
++++ ./lib/ssl/ssl3prot.h	2016-02-14 07:51:49.915312514 -0800
+@@ -217,6 +217,32 @@ typedef struct {
+     } u;
+ } SSL3ServerParams;
+ 
++/* This enum reflects HashAlgorithm enum from
++ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
++ *
++ * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
++typedef enum {
++    tls_hash_md5 = 1,
++    tls_hash_sha1 = 2,
++    tls_hash_sha224 = 3,
++    tls_hash_sha256 = 4,
++    tls_hash_sha384 = 5,
++    tls_hash_sha512 = 6
++} TLSHashAlgorithm;
++
++/* This enum reflects SignatureAlgorithm enum from
++ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
++typedef enum {
++    tls_sig_rsa = 1,
++    tls_sig_dsa = 2,
++    tls_sig_ecdsa = 3
++} TLSSignatureAlgorithm;
++
++typedef struct {
++    SECOidTag hashAlg;
++    TLSSignatureAlgorithm sigAlg;
++} SSL3SignatureAndHashAlgorithm;
++
+ /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
+  * prior to 1.2. */
+ typedef struct {
 diff -up ./lib/ssl/sslenum.c.dhe_and_sha384 ./lib/ssl/sslenum.c
---- ./lib/ssl/sslenum.c.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./lib/ssl/sslenum.c	2015-06-24 23:06:00.457872472 +0200
-@@ -49,7 +49,11 @@
+--- ./lib/ssl/sslenum.c.dhe_and_sha384	2015-11-08 21:12:59.000000000 -0800
++++ ./lib/ssl/sslenum.c	2016-02-14 07:51:49.915312514 -0800
+@@ -48,23 +48,37 @@
+  */
  const PRUint16 SSL_ImplementedCiphers[] = {
  #ifndef NSS_DISABLE_ECC
-     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+-    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+-    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
++    /* Ephemeral ECDH */
 +    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-+    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
++    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
      /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
       * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
       */
-@@ -66,14 +70,19 @@ const PRUint16 SSL_ImplementedCiphers[]
+-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
++    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
++    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+-    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
++    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
++    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
++    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
++    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
++    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
++    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
++    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
  #endif /* NSS_DISABLE_ECC */
  
++    /* Ephemeral Finite Field DH */
++    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
++    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
++    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
++    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
++    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
++    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
++    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
++    TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
-+    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
      TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
-     TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
-     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+@@ -73,17 +87,12 @@ const PRUint16 SSL_ImplementedCiphers[]
+     TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
-+    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
-     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-     TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
-     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
-+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
-     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+-    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+-    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
+-    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+-    TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-@@ -91,6 +100,7 @@ const PRUint16 SSL_ImplementedCiphers[]
+     TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+     TLS_DHE_DSS_WITH_RC4_128_SHA,
+ 
+ #ifndef NSS_DISABLE_ECC
++    /* Non ephemeral ECDH */
+     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+@@ -94,18 +103,20 @@ const PRUint16 SSL_ImplementedCiphers[]
      TLS_ECDH_RSA_WITH_RC4_128_SHA,
  #endif /* NSS_DISABLE_ECC */
  
++    /* RSA */
 +    TLS_RSA_WITH_AES_256_GCM_SHA384,
++    TLS_RSA_WITH_AES_256_CBC_SHA,
++    TLS_RSA_WITH_AES_256_CBC_SHA256,
++    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
      TLS_RSA_WITH_AES_128_GCM_SHA256,
      TLS_RSA_WITH_AES_128_CBC_SHA,
      TLS_RSA_WITH_AES_128_CBC_SHA256,
-diff -up ./lib/ssl/ssl.h.dhe_and_sha384 ./lib/ssl/ssl.h
---- ./lib/ssl/ssl.h.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./lib/ssl/ssl.h	2015-06-24 23:06:00.454872529 +0200
-@@ -185,12 +185,17 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
- /* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is
-  * reused for multiple handshakes or generated each time.
-  * SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default.
-+ * This socket option is for ECDHE, only. It is unrelated to DHE.
-  */
- #define SSL_REUSE_SERVER_ECDHE_KEY 27
- 
- #define SSL_ENABLE_FALLBACK_SCSV       28 /* Send fallback SCSV in
-                                            * handshakes. */
- 
-+/* SSL_ENABLE_SERVER_DHE controls whether DHE is enabled for the server socket.
-+ */
-+#define SSL_ENABLE_SERVER_DHE 29
-+
- #ifdef SSL_DEPRECATED_FUNCTION 
- /* Old deprecated function names */
- SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
-@@ -292,6 +297,46 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDe
- SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
- SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
- 
-+/* SSL_DHEGroupPrefSet is used to configure the set of allowed/enabled DHE group
-+** parameters that can be used by NSS for the given server socket.
-+** The first item in the array is used as the default group, if no other
-+** selection criteria can be used by NSS.
-+** The set is provided as an array of identifiers as defined by SSLDHEGroupType.
-+** If more than one group identifier is provided, NSS will select the one to use.
-+** For example, a TLS extension sent by the client might indicate a preference.
-+*/
-+SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
-+                                         SSLDHEGroupType *groups,
-+                                         PRUint16 num_groups);
-+
-+/* Enable the use of a DHE group that's smaller than the library default,
-+** for backwards compatibility reasons. The DH parameters will be created
-+** at the time this function is called, which might take a very long time.
-+** The function will block until generation is completed.
-+** The intention is to enforce that fresh and safe parameters are generated
-+** each time a process is started.
-+** At the time this API was initially implemented, the API will enable the
-+** use of 1024 bit DHE parameters. This value might get increased in future
-+** versions of NSS.
-+**
-+** It is allowed to call this API will a NULL value for parameter fd,
-+** which will prepare the global parameters that NSS will reuse for the remainder
-+** of the process lifetime. This can be used early after startup of a process,
-+** to avoid a delay when handling incoming client connections.
-+** This preparation with a NULL for parameter fd will NOT enable the weak group
-+** on sockets. The function needs to be called again for every socket that
-+** should use the weak group.
-+**
-+** It is allowed to use this API in combination with the SSL_DHEGroupPrefSet API.
-+** If both APIs have been called, the weakest group will be used,
-+** unless it is certain that the client supports larger group parameters.
-+** The weak group will be used as the default group, overriding the preference
-+** for the first group potentially set with a call to SSL_DHEGroupPrefSet
-+** (The first group set using SSL_DHEGroupPrefSet will still be enabled, but
-+** it's no longer the default group.)
-+*/
-+SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
-+
- /* SSL Version Range API
- **
- ** This API should be used to control SSL 3.0 & TLS support instead of the
+     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
+-    TLS_RSA_WITH_AES_256_CBC_SHA,
+-    TLS_RSA_WITH_AES_256_CBC_SHA256,
+-    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS_RSA_WITH_SEED_CBC_SHA,
+-    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
+     TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS_RSA_WITH_RC4_128_SHA,
+     TLS_RSA_WITH_RC4_128_MD5,
++    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
+ 
+     /* 56-bit DES "domestic" cipher suites */
+     TLS_DHE_RSA_WITH_DES_CBC_SHA,
 diff -up ./lib/ssl/sslimpl.h.dhe_and_sha384 ./lib/ssl/sslimpl.h
---- ./lib/ssl/sslimpl.h.dhe_and_sha384	2015-06-24 23:06:00.449872622 +0200
-+++ ./lib/ssl/sslimpl.h	2015-06-24 23:06:00.457872472 +0200
-@@ -62,6 +62,7 @@ typedef SSLSignType     SSL3SignType;
+--- ./lib/ssl/sslimpl.h.dhe_and_sha384	2016-02-14 07:51:49.911312431 -0800
++++ ./lib/ssl/sslimpl.h	2016-02-14 07:51:49.915312514 -0800
+@@ -64,6 +64,7 @@ typedef SSLSignType     SSL3SignType;
  #define hmac_md5	ssl_hmac_md5
  #define hmac_sha	ssl_hmac_sha
  #define hmac_sha256	ssl_hmac_sha256
@@ -2131,35 +842,19 @@ diff -up ./lib/ssl/sslimpl.h.dhe_and_sha384 ./lib/ssl/sslimpl.h
  #define mac_aead	ssl_mac_aead
  
  #define SET_ERROR_CODE		/* reminder */
-@@ -179,6 +180,7 @@ typedef struct ssl3CertNodeStr
- typedef struct ssl3BulkCipherDefStr     ssl3BulkCipherDef;
- typedef struct ssl3MACDefStr            ssl3MACDef;
- typedef struct ssl3KeyPairStr		ssl3KeyPair;
-+typedef struct ssl3DHParamsStr          ssl3DHParams;
- 
- struct ssl3CertNodeStr {
-     struct ssl3CertNodeStr *next;
-@@ -298,9 +300,9 @@ typedef struct {
+@@ -300,9 +301,9 @@ typedef struct {
  } ssl3CipherSuiteCfg;
  
  #ifndef NSS_DISABLE_ECC
--#define ssl_V3_SUITES_IMPLEMENTED 61
+-#define ssl_V3_SUITES_IMPLEMENTED 64
 +#define ssl_V3_SUITES_IMPLEMENTED 71
  #else
--#define ssl_V3_SUITES_IMPLEMENTED 37
+-#define ssl_V3_SUITES_IMPLEMENTED 40
 +#define ssl_V3_SUITES_IMPLEMENTED 43
  #endif /* NSS_DISABLE_ECC */
  
  #define MAX_DTLS_SRTP_CIPHER_SUITES 4
-@@ -337,6 +339,7 @@ typedef struct sslOptionsStr {
-     unsigned int enableALPN             : 1;  /* 27 */
-     unsigned int reuseServerECDHEKey    : 1;  /* 28 */
-     unsigned int enableFallbackSCSV     : 1;  /* 29 */
-+    unsigned int enableServerDhe        : 1;  /* 30 */
- } sslOptions;
- 
- typedef enum { sslHandshakingUndetermined = 0,
-@@ -476,10 +479,18 @@ typedef enum {
+@@ -486,10 +487,18 @@ typedef enum {
      cipher_camellia_256,
      cipher_seed,
      cipher_aes_128_gcm,
@@ -2178,7 +873,7 @@ diff -up ./lib/ssl/sslimpl.h.dhe_and_sha384 ./lib/ssl/sslimpl.h
  typedef enum { type_stream, type_block, type_aead } CipherType;
  
  #define MAX_IV_LENGTH 24
-@@ -725,6 +736,7 @@ typedef struct ssl3CipherSuiteDefStr {
+@@ -736,6 +745,7 @@ typedef struct ssl3CipherSuiteDefStr {
      SSL3BulkCipher           bulk_cipher_alg;
      SSL3MACAlgorithm         mac_alg;
      SSL3KeyExchangeAlgorithm key_exchange_alg;
@@ -2186,51 +881,10 @@ diff -up ./lib/ssl/sslimpl.h.dhe_and_sha384 ./lib/ssl/sslimpl.h
  } ssl3CipherSuiteDef;
  
  /*
-@@ -997,6 +1009,9 @@ struct ssl3StateStr {
-     PRUint16             dtlsSRTPCipherCount;
-     PRUint16             dtlsSRTPCipherSuite;	/* 0 if not selected */
-     PRBool               fatalAlertSent;
-+    PRUint16             numDHEGroups;        /* used by server */
-+    SSLDHEGroupType *    dheGroups;           /* used by server */
-+    PRBool               dheWeakGroupEnabled; /* used by server */
- };
- 
- #define DTLS_MAX_MTU  1500      /* Ethernet MTU but without subtracting the
-@@ -1016,6 +1031,11 @@ struct ssl3KeyPairStr {
-     PRInt32               refCount;	/* use PR_Atomic calls for this. */
- };
- 
-+struct ssl3DHParamsStr {
-+    SECItem prime; /* p */
-+    SECItem base; /* g */
-+};
-+
- typedef struct SSLWrappedSymWrappingKeyStr {
-     SSL3Opaque        wrappedSymmetricWrappingkey[512];
-     CK_MECHANISM_TYPE symWrapMechanism;  
-@@ -1224,6 +1244,9 @@ const unsigned char *  preferredCipher;
- 
-     ssl3KeyPair *         stepDownKeyPair;	/* RSA step down keys */
- 
-+    const ssl3DHParams *dheParams;          /* DHE param */
-+    ssl3KeyPair *       dheKeyPair;         /* DHE keys */
-+
-     /* Callbacks */
-     SSLAuthCertificate        authCertificate;
-     void                     *authCertificateArg;
-@@ -1616,6 +1639,8 @@ int ssl3_GatherCompleteHandshake(sslSock
-  */
- extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
- 
-+extern SECStatus ssl3_SelectDHParams(sslSocket *ss);
-+
- #ifndef NSS_DISABLE_ECC
- extern void      ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
- extern PRBool    ssl3_IsECCEnabled(sslSocket *ss);
 diff -up ./lib/ssl/sslinfo.c.dhe_and_sha384 ./lib/ssl/sslinfo.c
---- ./lib/ssl/sslinfo.c.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./lib/ssl/sslinfo.c	2015-06-24 23:06:00.457872472 +0200
-@@ -122,6 +122,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLCh
+--- ./lib/ssl/sslinfo.c.dhe_and_sha384	2015-11-08 21:12:59.000000000 -0800
++++ ./lib/ssl/sslinfo.c	2016-02-14 07:51:49.915312514 -0800
+@@ -160,6 +160,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc
  
  #define M_AEAD_128 "AEAD", ssl_mac_aead, 128
  #define M_SHA256 "SHA256", ssl_hmac_sha256, 256
@@ -2238,25 +892,7 @@ diff -up ./lib/ssl/sslinfo.c.dhe_and_sha384 ./lib/ssl/sslinfo.c
  #define M_SHA	"SHA1", ssl_mac_sha, 160
  #define M_MD5	"MD5",  ssl_mac_md5, 128
  #define M_NULL	"NULL", ssl_mac_null,  0
-@@ -135,6 +136,7 @@ static const SSLCipherSuiteInfo suiteInf
- {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256),   S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
- {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA),      S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
- {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA),      S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
-+{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256),   S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
- {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA),     S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
- {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256),       S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, },
- {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA),          S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, },
-@@ -145,7 +147,9 @@ static const SSLCipherSuiteInfo suiteInf
- {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256),   S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
- {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256),   S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
- {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA),      S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
-+{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256),   S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
- {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA),      S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
-+{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256),   S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
- {0,CS(TLS_RSA_WITH_SEED_CBC_SHA),             S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
- {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA),     S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
- {0,CS(TLS_RSA_WITH_RC4_128_SHA),              S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
-@@ -201,8 +205,21 @@ static const SSLCipherSuiteInfo suiteInf
+@@ -242,8 +243,21 @@ static const SSLCipherSuiteInfo suiteInf
  {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA),    S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
  {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
  {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA),    S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
@@ -2273,31 +909,15 @@ diff -up ./lib/ssl/sslinfo.c.dhe_and_sha384 ./lib/ssl/sslinfo.c
 +{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
 +{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
 +{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
-+{0,CS(TLS_RSA_WITH_AES_256_GCM_SHA384),     S_RSA, K_RSA, C_AESGCM, B_256, M_SHA384, 1, 0, 0, },
++{0,CS(TLS_RSA_WITH_AES_256_GCM_SHA384),     S_RSA, K_RSA, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
 +
  /* SSL 2 table */
  {0,CK(SSL_CK_RC4_128_WITH_MD5),               S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
  {0,CK(SSL_CK_RC2_128_CBC_WITH_MD5),           S_RSA, K_RSA, C_RC2, B_128, M_MD5, 0, 0, 0, },
 diff -up ./lib/ssl/sslproto.h.dhe_and_sha384 ./lib/ssl/sslproto.h
---- ./lib/ssl/sslproto.h.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./lib/ssl/sslproto.h	2015-06-24 23:06:00.457872472 +0200
-@@ -177,6 +177,7 @@
- #define TLS_RSA_WITH_AES_128_CBC_SHA256         0x003C
- #define TLS_RSA_WITH_AES_256_CBC_SHA256         0x003D
- 
-+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256     0x0040
- #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA       0x0041
- #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA    0x0042
- #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA    0x0043
-@@ -191,6 +192,7 @@
- #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065
- #define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066
- #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067
-+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256     0x006A
- #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B
- 
- #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA       0x0084
-@@ -203,8 +205,11 @@
+--- ./lib/ssl/sslproto.h.dhe_and_sha384	2015-11-08 21:12:59.000000000 -0800
++++ ./lib/ssl/sslproto.h	2016-02-14 07:51:49.916312535 -0800
+@@ -205,8 +205,11 @@
  #define TLS_RSA_WITH_SEED_CBC_SHA               0x0096
  
  #define TLS_RSA_WITH_AES_128_GCM_SHA256         0x009C
@@ -2309,7 +929,7 @@ diff -up ./lib/ssl/sslproto.h.dhe_and_sha384 ./lib/ssl/sslproto.h
  
  /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
   * Must NEVER be chosen by server.  SSL 3.0 server acknowledges by sending
-@@ -251,11 +256,15 @@
+@@ -253,11 +256,15 @@
  #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA      0xC019
  
  #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
@@ -2326,20 +946,12 @@ diff -up ./lib/ssl/sslproto.h.dhe_and_sha384 ./lib/ssl/sslproto.h
  
  /* Netscape "experimental" cipher suites. */
 diff -up ./lib/ssl/sslsecur.c.dhe_and_sha384 ./lib/ssl/sslsecur.c
---- ./lib/ssl/sslsecur.c.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./lib/ssl/sslsecur.c	2015-06-24 23:06:00.457872472 +0200
-@@ -693,6 +693,7 @@ NSS_FindCertKEAType(CERTCertificate * ce
-   case SEC_OID_PKCS1_RSA_ENCRYPTION:
-     keaType = kt_rsa;
-     break;
-+  case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */
-   case SEC_OID_X942_DIFFIE_HELMAN_KEY:
-     keaType = kt_dh;
-     break;
-@@ -789,6 +790,11 @@ ssl_ConfigSecureServer(sslSocket *ss, CE
+--- ./lib/ssl/sslsecur.c.dhe_and_sha384	2015-11-08 21:12:59.000000000 -0800
++++ ./lib/ssl/sslsecur.c	2016-02-14 07:51:49.916312535 -0800
+@@ -808,6 +808,11 @@ ssl_ConfigSecureServer(sslSocket *ss, CE
              goto loser;
          }
-     }
+      }
 +    if (kea == ssl_kea_dh || kea == ssl_kea_rsa) {
 +        if (ssl3_SelectDHParams(ss) != SECSuccess) {
 +            goto loser;
@@ -2348,330 +960,10 @@ diff -up ./lib/ssl/sslsecur.c.dhe_and_sha384 ./lib/ssl/sslsecur.c
      return SECSuccess;
  
  loser:
-diff -up ./lib/ssl/sslsock.c.dhe_and_sha384 ./lib/ssl/sslsock.c
---- ./lib/ssl/sslsock.c.dhe_and_sha384	2015-06-24 23:06:00.446872679 +0200
-+++ ./lib/ssl/sslsock.c	2015-06-24 23:06:00.458872453 +0200
-@@ -18,6 +18,7 @@
- #include "blapi.h"
- #endif
- #include "nss.h"
-+#include "pk11pqg.h"
- 
- #define SET_ERROR_CODE   /* reminder */
- 
-@@ -82,7 +83,8 @@ static sslOptions ssl_defaults = {
-     PR_TRUE,    /* enableNPN          */
-     PR_FALSE,   /* enableALPN         */
-     PR_TRUE,    /* reuseServerECDHEKey */
--    PR_FALSE    /* enableFallbackSCSV */
-+    PR_FALSE,   /* enableFallbackSCSV */
-+    PR_FALSE,   /* enableServerDhe */
- };
- 
- /*
-@@ -225,6 +227,20 @@ ssl_DupSocket(sslSocket *os)
-                     sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
-         ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
- 
-+        ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled;
-+        ss->ssl3.numDHEGroups = os->ssl3.numDHEGroups;
-+        if (os->ssl3.dheGroups) {
-+            ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType,
-+                                               os->ssl3.numDHEGroups);
-+            if (!ss->ssl3.dheGroups) {
-+                goto loser;
-+            }
-+            PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups,
-+                        sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups);
-+        } else {
-+            ss->ssl3.dheGroups = NULL;
-+        }
-+
-         if (os->cipherSpecs) {
-             ss->cipherSpecs  = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
-             if (ss->cipherSpecs)
-@@ -267,6 +283,10 @@ ssl_DupSocket(sslSocket *os)
-                                   ssl3_GetKeyPairRef(os->stepDownKeyPair);
-             ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
-                                   ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
-+            ss->dheKeyPair = !os->dheKeyPair ? NULL :
-+                             ssl3_GetKeyPairRef(os->dheKeyPair);
-+            ss->dheParams = os->dheParams;
-+
- /*
-  * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
-  * XXX We should detect this, and not just march on with NULL pointers.
-@@ -384,6 +404,10 @@ ssl_DestroySocketContents(sslSocket *ss)
-         ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
-         ss->ephemeralECDHKeyPair = NULL;
-     }
-+    if (ss->dheKeyPair) {
-+        ssl3_FreeKeyPair(ss->dheKeyPair);
-+        ss->dheKeyPair = NULL;
-+    }
-     SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
-     PORT_Assert(!ss->xtnData.sniNameArr);
-     if (ss->xtnData.sniNameArr) {
-@@ -815,6 +839,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
-         ss->opt.enableFallbackSCSV = on;
-         break;
- 
-+      case SSL_ENABLE_SERVER_DHE:
-+        ss->opt.enableServerDhe = on;
-+        break;
-+
-       default:
-         PORT_SetError(SEC_ERROR_INVALID_ARGS);
-         rv = SECFailure;
-@@ -890,6 +918,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
-     case SSL_REUSE_SERVER_ECDHE_KEY:
-                                   on = ss->opt.reuseServerECDHEKey; break;
-     case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
-+    case SSL_ENABLE_SERVER_DHE:   on = ss->opt.enableServerDhe; break;
- 
-     default:
-         PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -959,6 +988,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
-     case SSL_ENABLE_FALLBACK_SCSV:
-        on = ssl_defaults.enableFallbackSCSV;
-        break;
-+    case SSL_ENABLE_SERVER_DHE:
-+       on = ssl_defaults.enableServerDhe;
-+       break;
- 
-     default:
-         PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1142,6 +1174,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
-         ssl_defaults.enableFallbackSCSV = on;
-         break;
- 
-+      case SSL_ENABLE_SERVER_DHE:
-+        ssl_defaults.enableServerDhe = on;
-+        break;
-+
-       default:
-         PORT_SetError(SEC_ERROR_INVALID_ARGS);
-         return SECFailure;
-@@ -1365,7 +1401,204 @@ NSS_SetFrancePolicy(void)
-     return NSS_SetDomesticPolicy();
- }
- 
-+SECStatus
-+SSL_DHEGroupPrefSet(PRFileDesc *fd,
-+                    SSLDHEGroupType *groups,
-+                    PRUint16 num_groups)
-+{
-+    sslSocket *ss;
-+
-+    if ((num_groups && !groups) || (!num_groups && groups)) {
-+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-+        return SECFailure;
-+    }
-+
-+    ss = ssl_FindSocket(fd);
-+    if (!ss) {
-+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
-+        return SECFailure;
-+    }
-+
-+    if (ss->ssl3.dheGroups) {
-+        PORT_Free(ss->ssl3.dheGroups);
-+        ss->ssl3.dheGroups = NULL;
-+        ss->ssl3.numDHEGroups = 0;
-+    }
-+
-+    if (groups) {
-+        ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, num_groups);
-+        if (!ss->ssl3.dheGroups) {
-+            PORT_SetError(SEC_ERROR_NO_MEMORY);
-+            return SECFailure;
-+        }
-+        PORT_Memcpy(ss->ssl3.dheGroups, groups,
-+                    sizeof(SSLDHEGroupType) * num_groups);
-+    }
-+    return SECSuccess;
-+}
-+
-+
-+PRCallOnceType gWeakDHParamsRegisterOnce;
-+int gWeakDHParamsRegisterError;
-+
-+PRCallOnceType gWeakDHParamsOnce;
-+int gWeakDHParamsError;
-+/* As our code allocates type PQGParams, we'll keep it around,
-+ * even though we only make use of it's parameters through gWeakDHParam. */
-+static PQGParams *gWeakParamsPQG;
-+static ssl3DHParams *gWeakDHParams;
-+
-+static PRStatus
-+ssl3_CreateWeakDHParams()
-+{
-+    PQGVerify *vfy;
-+    SECStatus rv, passed;
-+
-+    PORT_Assert(!gWeakDHParams && !gWeakParamsPQG);
-+
-+    rv = PK11_PQG_ParamGenV2(1024, 160, 64 /*maximum seed that will work*/,
-+                             &gWeakParamsPQG, &vfy);
-+    if (rv != SECSuccess) {
-+        gWeakDHParamsError = PORT_GetError();
-+        return PR_FAILURE;
-+    }
-+
-+    rv = PK11_PQG_VerifyParams(gWeakParamsPQG, vfy, &passed);
-+    if (rv != SECSuccess || passed != SECSuccess) {
-+        SSL_DBG(("%d: PK11_PQG_VerifyParams failed in ssl3_CreateWeakDHParams",
-+                SSL_GETPID()));
-+        gWeakDHParamsError = PORT_GetError();
-+        return PR_FAILURE;
-+    }
-+
-+    gWeakDHParams = PORT_ArenaNew(gWeakParamsPQG->arena, ssl3DHParams);
-+    if (!gWeakDHParams) {
-+        gWeakDHParamsError = PORT_GetError();
-+        return PR_FAILURE;
-+    }
-+
-+    gWeakDHParams->prime.data = gWeakParamsPQG->prime.data;
-+    gWeakDHParams->prime.len = gWeakParamsPQG->prime.len;
-+    gWeakDHParams->base.data = gWeakParamsPQG->base.data;
-+    gWeakDHParams->base.len = gWeakParamsPQG->base.len;
-+
-+    PK11_PQG_DestroyVerify(vfy);
-+    return PR_SUCCESS;
-+}
-+
-+static SECStatus
-+ssl3_WeakDHParamsShutdown(void *appData, void *nssData)
-+{
-+    if (gWeakParamsPQG) {
-+        PK11_PQG_DestroyParams(gWeakParamsPQG);
-+        gWeakParamsPQG = NULL;
-+        gWeakDHParams = NULL;
-+    }
-+    return SECSuccess;
-+}
-+
-+static PRStatus
-+ssl3_WeakDHParamsRegisterShutdown(void)
-+{
-+    SECStatus rv;
-+    rv = NSS_RegisterShutdown(ssl3_WeakDHParamsShutdown, NULL);
-+    if (rv != SECSuccess) {
-+        gWeakDHParamsRegisterError = PORT_GetError();
-+    }
-+    return (PRStatus)rv;
-+}
-+
-+/* global init strategy inspired by ssl3_CreateECDHEphemeralKeys */
-+SECStatus
-+SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled)
-+{
-+    sslSocket *ss;
-+    PRStatus status;
-+
-+    if (enabled) {
-+        status = PR_CallOnce(&gWeakDHParamsRegisterOnce,
-+                             ssl3_WeakDHParamsRegisterShutdown);
-+        if (status != PR_SUCCESS) {
-+            PORT_SetError(gWeakDHParamsRegisterError);
-+            return SECFailure;
-+        }
-+
-+        status = PR_CallOnce(&gWeakDHParamsOnce, ssl3_CreateWeakDHParams);
-+        if (status != PR_SUCCESS) {
-+            PORT_SetError(gWeakDHParamsError);
-+            return SECFailure;
-+        }
-+    }
-+
-+    if (!fd)
-+        return SECSuccess;
-+
-+    ss = ssl_FindSocket(fd);
-+    if (!ss) {
-+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
-+        return SECFailure;
-+    }
-+
-+    ss->ssl3.dheWeakGroupEnabled = enabled;
-+    return SECSuccess;
-+}
-+
-+#include "dhe-param.c"
-+
-+static const SSLDHEGroupType ssl_default_dhe_groups[] = {
-+    ssl_ff_dhe_2048_group
-+};
-+
-+/* Keep this array synchronized with the index definitions in SSLDHEGroupType */
-+static const ssl3DHParams *all_ssl3DHParams[] = {
-+    NULL, /* ssl_dhe_group_none */
-+    &ff_dhe_2048,
-+    &ff_dhe_3072,
-+    &ff_dhe_4096,
-+    &ff_dhe_6144,
-+    &ff_dhe_8192,
-+};
-+
-+static SSLDHEGroupType
-+selectDHEGroup(sslSocket *ss, const SSLDHEGroupType *groups, PRUint16 num_groups)
-+{
-+    if (!groups || !num_groups)
-+        return ssl_dhe_group_none;
-+
-+    /* We don't have automatic group parameter selection yet
-+     * (potentially) based on socket parameters, e.g. key sizes.
-+     * For now, we return the first available group from the allowed list. */
-+    return groups[0];
-+}
-+
-+/* Ensure DH parameters have been selected */
-+SECStatus
-+ssl3_SelectDHParams(sslSocket *ss)
-+{
-+    SSLDHEGroupType selectedGroup = ssl_dhe_group_none;
-+
-+    if (ss->ssl3.dheWeakGroupEnabled) {
-+        ss->dheParams = gWeakDHParams;
-+    } else {
-+        if (ss->ssl3.dheGroups) {
-+            selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups,
-+                               ss->ssl3.numDHEGroups);
-+        } else {
-+            size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups);
-+            selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups,
-+                               number_of_default_groups);
-+        }
-+
-+        if (selectedGroup == ssl_dhe_group_none ||
-+            selectedGroup >= ssl_dhe_group_max) {
-+            return SECFailure;
-+        }
-+
-+        ss->dheParams = all_ssl3DHParams[selectedGroup];
-+    }
- 
-+    return SECSuccess;
-+}
- 
- /* LOCKS ??? XXX */
- static PRFileDesc *
-@@ -2992,6 +3225,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
-             ss->certStatusArray[i] = NULL;
-         }
-         ss->stepDownKeyPair    = NULL;
-+
-+        ss->dheParams = NULL;
-+        ss->dheKeyPair = NULL;
-+
-         ss->dbHandle           = CERT_GetDefaultCertDB();
- 
-         /* Provide default implementation of hooks */
 diff -up ./lib/ssl/sslt.h.dhe_and_sha384 ./lib/ssl/sslt.h
---- ./lib/ssl/sslt.h.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./lib/ssl/sslt.h	2015-06-24 23:06:00.458872453 +0200
-@@ -91,7 +91,8 @@ typedef enum {
+--- ./lib/ssl/sslt.h.dhe_and_sha384	2015-11-08 21:12:59.000000000 -0800
++++ ./lib/ssl/sslt.h	2016-02-14 07:51:49.916312535 -0800
+@@ -114,7 +114,8 @@ typedef enum {
      ssl_hmac_md5      = 3, 	/* TLS HMAC version of mac_md5 */
      ssl_hmac_sha      = 4, 	/* TLS HMAC version of mac_sha */
      ssl_hmac_sha256   = 5,
@@ -2681,535 +973,3 @@ diff -up ./lib/ssl/sslt.h.dhe_and_sha384 ./lib/ssl/sslt.h
  } SSLMACAlgorithm;
  
  typedef enum {
-@@ -197,4 +198,14 @@ typedef enum {
- 
- #define SSL_MAX_EXTENSIONS             11 /* doesn't include ssl_padding_xtn. */
- 
-+typedef enum {
-+    ssl_dhe_group_none = 0,
-+    ssl_ff_dhe_2048_group = 1,
-+    ssl_ff_dhe_3072_group = 2,
-+    ssl_ff_dhe_4096_group = 3,
-+    ssl_ff_dhe_6144_group = 4,
-+    ssl_ff_dhe_8192_group = 5,
-+    ssl_dhe_group_max
-+} SSLDHEGroupType;
-+
- #endif /* __sslt_h_ */
-diff -up ./tests/cert/cert.sh.dhe_and_sha384 ./tests/cert/cert.sh
---- ./tests/cert/cert.sh.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./tests/cert/cert.sh	2015-06-24 23:06:00.458872453 +0200
-@@ -292,6 +292,14 @@ cert_create_cert()
-         return $RET
-     fi
- 
-+	CU_ACTION="Import DSA Root CA for $CERTNAME"
-+	certu -A -n "TestCA-dsa" -t "TC,TC,TC" -f "${R_PWFILE}" \
-+	    -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-dsa.ca.cert" 2>&1
-+	if [ "$RET" -ne 0 ]; then
-+            return $RET
-+	fi
-+
-+
-     if [ -z "$NSS_DISABLE_ECC" ] ; then
- 	CU_ACTION="Import EC Root CA for $CERTNAME"
- 	certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
-@@ -338,6 +346,60 @@ cert_add_cert()
-     cert_log "SUCCESS: $CERTNAME's Cert Created"
- 
- #
-+#   Generate and add DSA cert
-+#
-+	CU_ACTION="Generate DSA Cert Request for $CERTNAME"
-+	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-+	certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-+	    -z "${R_NOISE_FILE}" -o req  2>&1
-+	if [ "$RET" -ne 0 ]; then
-+            return $RET
-+	fi
-+
-+	CU_ACTION="Sign ${CERTNAME}'s DSA Request"
-+	certu -C -c "TestCA-dsa" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
-+            -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" "$1" 2>&1
-+	if [ "$RET" -ne 0 ]; then
-+            return $RET
-+	fi
-+
-+	CU_ACTION="Import $CERTNAME's DSA Cert"
-+	certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \
-+	    -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1
-+	if [ "$RET" -ne 0 ]; then
-+            return $RET
-+	fi
-+	cert_log "SUCCESS: $CERTNAME's DSA Cert Created"
-+
-+#    Generate DSA certificate signed with RSA
-+	CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME"
-+	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-+	certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-+	    -z "${R_NOISE_FILE}" -o req  2>&1
-+	if [ "$RET" -ne 0 ]; then
-+            return $RET
-+	fi
-+
-+	CU_ACTION="Sign ${CERTNAME}'s DSA Request with RSA"
-+# Avoid conflicting serial numbers with TestCA issuer by keeping
-+# this set far away. A smaller number risks colliding with the
-+# extended ssl user certificates.
-+	NEWSERIAL=`expr ${CERTSERIAL} + 20000`
-+        certu -C -c "TestCA" -m "$NEWSERIAL" -v 60 -d "${P_R_CADIR}" \
-+            -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" "$1" 2>&1
-+	if [ "$RET" -ne 0 ]; then
-+            return $RET
-+	fi
-+
-+	CU_ACTION="Import $CERTNAME's mixed DSA Cert"
-+	certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \
-+	    -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1
-+	if [ "$RET" -ne 0 ]; then
-+            return $RET
-+	fi
-+	cert_log "SUCCESS: $CERTNAME's mixed DSA Cert Created"
-+
-+#
- #   Generate and add EC cert
- #
-     if [ -z "$NSS_DISABLE_ECC" ] ; then
-@@ -430,6 +492,34 @@ cert_all_CA()
-     # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
-     # in the chain
- 
-+
-+#
-+#       Create DSA version of TestCA
-+	ALL_CU_SUBJECT="CN=NSS Test CA (DSA), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-+	cert_dsa_CA $CADIR TestCA-dsa -x "CTu,CTu,CTu" ${D_CA} "1"
-+#
-+#       Create DSA versions of the intermediate CA certs
-+	ALL_CU_SUBJECT="CN=NSS Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
-+	cert_dsa_CA $SERVER_CADIR serverCA-dsa -x "Cu,Cu,Cu" ${D_SERVER_CA} "2"
-+	ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
-+	cert_dsa_CA $SERVER_CADIR chain-1-serverCA-dsa "-c serverCA-dsa" "u,u,u" ${D_SERVER_CA} "3"
-+	ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" 
-+	cert_dsa_CA $SERVER_CADIR chain-2-serverCA-dsa "-c chain-1-serverCA-dsa" "u,u,u" ${D_SERVER_CA} "4"
-+
-+	ALL_CU_SUBJECT="CN=NSS Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
-+	cert_dsa_CA $CLIENT_CADIR clientCA-dsa -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5"
-+	ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
-+	cert_dsa_CA $CLIENT_CADIR chain-1-clientCA-dsa "-c clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "6"
-+	ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
-+	cert_dsa_CA $CLIENT_CADIR chain-2-clientCA-dsa "-c chain-1-clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "7"
-+
-+	rm $CLIENT_CADIR/dsaroot.cert $SERVER_CADIR/dsaroot.cert
-+#	dsaroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
-+#	in the chain
-+
-+
-+
-+
-     if [ -z "$NSS_DISABLE_ECC" ] ; then
- #
- #       Create EC version of TestCA
-@@ -540,6 +630,76 @@ CERTSCRIPT
-   cp root.cert ${NICKNAME}.ca.cert
- }
- 
-+
-+
-+
-+
-+################################ cert_dsa_CA #############################
-+# local shell function to build the Temp. Certificate Authority (CA)
-+# used for testing purposes, creating  a CA Certificate and a root cert
-+# This is the ECC version of cert_CA.
-+##########################################################################
-+cert_dsa_CA()
-+{
-+  CUR_CADIR=$1
-+  NICKNAME=$2
-+  SIGNER=$3
-+  TRUSTARG=$4
-+  DOMAIN=$5
-+  CERTSERIAL=$6
-+
-+  echo "$SCRIPTNAME: Creating an DSA CA Certificate $NICKNAME =========================="
-+
-+  if [ ! -d "${CUR_CADIR}" ]; then
-+      mkdir -p "${CUR_CADIR}"
-+  fi
-+  cd ${CUR_CADIR}
-+  pwd
-+
-+  LPROFILE=.
-+  if [ -n "${MULTIACCESS_DBM}" ]; then
-+	LPROFILE="multiaccess:${DOMAIN}"
-+  fi
-+
-+  ################# Creating an DSA CA Cert ###############################
-+  #
-+  CU_ACTION="Creating DSA CA Cert $NICKNAME "
-+  CU_SUBJECT=$ALL_CU_SUBJECT
-+  certu -S -n $NICKNAME -k dsa -t $TRUSTARG -v 600 $SIGNER \
-+    -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \
-+    -m $CERTSERIAL 2>&1 <<CERTSCRIPT
-+5
-+6
-+9
-+n
-+y
-+-1
-+n
-+5
-+6
-+7
-+9
-+n
-+CERTSCRIPT
-+
-+  if [ "$RET" -ne 0 ]; then
-+      echo "return value is $RET"
-+      Exit 6 "Fatal - failed to create DSA CA cert"
-+  fi
-+
-+  ################# Exporting DSA Root Cert ###############################
-+  #
-+  CU_ACTION="Exporting DSA Root Cert"
-+  certu -L -n  $NICKNAME -r -d ${LPROFILE} -o dsaroot.cert 
-+  if [ "$RET" -ne 0 ]; then
-+      Exit 7 "Fatal - failed to export dsa root cert"
-+  fi
-+  cp dsaroot.cert ${NICKNAME}.ca.cert
-+}
-+
-+
-+
-+
- ################################ cert_ec_CA ##############################
- # local shell function to build the Temp. Certificate Authority (CA)
- # used for testing purposes, creating  a CA Certificate and a root cert
-@@ -742,6 +902,50 @@ cert_extended_ssl()
-   certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
-           -i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1
- 
-+#
-+#     Repeat the above for DSA certs
-+#
-+      CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)"
-+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-+      certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
-+	  -z "${R_NOISE_FILE}" -o req 2>&1
-+
-+      CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)"
-+      cp ${CERTDIR}/req ${SERVER_CADIR}
-+      certu -C -c "chain-2-serverCA-dsa" -m 200 -v 60 -d "${P_SERVER_CADIR}" \
-+          -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1
-+
-+      CU_ACTION="Import $CERTNAME's DSA Cert  -t u,u,u (ext)"
-+      certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \
-+	  -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1
-+
-+      CU_ACTION="Import Client DSA Root CA -t T,, for $CERTNAME (ext.)"
-+      certu -A -n "clientCA-dsa" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
-+          -i "${CLIENT_CADIR}/clientCA-dsa.ca.cert" 2>&1
-+#
-+#     done with DSA certs
-+#
-+#     Repeat again for mixed DSA certs
-+#
-+      CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)"
-+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-+      certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
-+	  -z "${R_NOISE_FILE}" -o req 2>&1
-+
-+      CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)"
-+      cp ${CERTDIR}/req ${SERVER_CADIR}
-+      certu -C -c "chain-2-serverCA" -m 202 -v 60 -d "${P_SERVER_CADIR}" \
-+          -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1
-+
-+      CU_ACTION="Import $CERTNAME's mixed DSA Cert  -t u,u,u (ext)"
-+      certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \
-+	  -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1
-+
-+#      CU_ACTION="Import Client mixed DSA Root CA -t T,, for $CERTNAME (ext.)"
-+#      certu -A -n "clientCA-dsamixed" -t "T,," -f "${R_PWFILE}" \
-+#	  -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-dsamixed.ca.cert" \
-+#	  2>&1
-+
-   if [ -z "$NSS_DISABLE_ECC" ] ; then
- #
- #     Repeat the above for EC certs
-@@ -794,7 +998,7 @@ cert_extended_ssl()
-   for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ;
-   do
-       N=`basename $CA | sed -e "s/.ca.cert//"`
--      if [ $N = "serverCA" -o $N = "serverCA-ec" ] ; then
-+      if [ $N = "serverCA" -o $N = "serverCA-ec" -o $N = "serverCA-dsa" ] ; then
-           T="-t C,C,C"
-       else
-           T="-t u,u,u"
-@@ -830,6 +1034,53 @@ cert_extended_ssl()
-   certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
-           -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1
- 
-+#
-+#     Repeat the above for DSA certs
-+#
-+      CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)"
-+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-+      certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
-+	  -z "${R_NOISE_FILE}" -o req 2>&1
-+
-+      CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)"
-+      cp ${CERTDIR}/req ${CLIENT_CADIR}
-+      certu -C -c "chain-2-clientCA-dsa" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \
-+          -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1
-+
-+      CU_ACTION="Import $CERTNAME's DSA Cert -t u,u,u (ext)"
-+      certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \
-+	  -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1
-+
-+      CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)"
-+      certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \
-+	  -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1
-+#
-+# done with DSA certs
-+#
-+#
-+#     Repeat the above for mixed DSA certs
-+#
-+      CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)"
-+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-+      certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
-+	  -z "${R_NOISE_FILE}" -o req 2>&1
-+
-+      CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)"
-+      cp ${CERTDIR}/req ${CLIENT_CADIR}
-+      certu -C -c "chain-2-clientCA" -m 302 -v 60 -d "${P_CLIENT_CADIR}" \
-+          -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1
-+
-+      CU_ACTION="Import $CERTNAME's mixed DSA Cert -t u,u,u (ext)"
-+      certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \
-+	  -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1
-+
-+#      CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)"
-+#      certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \
-+#	  -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1
-+#
-+# done with mixed DSA certs
-+#
-+
-   if [ -z "$NSS_DISABLE_ECC" ] ; then
- #
- #     Repeat the above for EC certs
-@@ -883,7 +1134,7 @@ cert_extended_ssl()
-   for CA in `find ${CLIENT_CADIR} -name "?*.ca.cert"` ;
-   do
-       N=`basename $CA | sed -e "s/.ca.cert//"`
--      if [ $N = "clientCA" -o $N = "clientCA-ec" ] ; then
-+      if [ $N = "clientCA" -o $N = "clientCA-ec" -o $N = "clientCA-dsa" ] ; then
-           T="-t T,C,C"
-       else
-           T="-t u,u,u"
-@@ -920,6 +1171,10 @@ cert_ssl()
-   cert_add_cert 
-   CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC"
-   certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
-+
-+  CU_ACTION="Modify trust attributes of DSA Root CA -t TC,TC,TC"
-+  certu -M -n "TestCA-dsa" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
-+
-   if [ -z "$NSS_DISABLE_ECC" ] ; then
-       CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
-       certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
-@@ -1467,6 +1722,24 @@ EOF_CRLINI
-   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
-   chmod 600 ${CRL_FILE_GRP_1}_or
- 
-+
-+      CU_ACTION="Generating CRL (DSA) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-dsa authority"
-+
-+#     Until Bug 292285 is resolved, do not encode x400 Addresses. After
-+#     the bug is resolved, reintroduce "x400Address:x400Address" within
-+#     addext issuerAltNames ...
-+      crlu -q -d $CADIR -G -n "TestCA-dsa" -f ${R_PWFILE} \
-+	  -o ${CRL_FILE_GRP_1}_or-dsa <<EOF_CRLINI
-+update=$CRLUPDATE
-+addcert ${CRL_GRP_1_BEGIN}-${CRL_GRP_END_} $CRL_GRP_DATE
-+addext reasonCode 0 4
-+addext issuerAltNames 0 "rfc822Name:ca-dsaemail@ca.com|dnsName:ca-dsa.com|directoryName:CN=NSS Test CA (DSA),O=BOGUS NSS,L=Mountain View,ST=California,C=US|URI:http://ca-dsa.com|ipAddress:192.168.0.1|registerID=reg CA (DSA)"
-+EOF_CRLINI
-+      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
-+      chmod 600 ${CRL_FILE_GRP_1}_or-dsa
-+
-+
-+
-   if [ -z "$NSS_DISABLE_ECC" ] ; then
-       CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority"
- 
-@@ -1500,6 +1773,19 @@ EOF_CRLINI
-   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
-   chmod 600 ${CRL_FILE_GRP_1}_or1
-   TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or"
-+
-+
-+  CU_ACTION="Modify CRL (DSA) by adding one more cert"
-+  crlu -d $CADIR -M -n "TestCA-dsa" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}_or1-dsa \
-+      -i ${CRL_FILE_GRP_1}_or-dsa <<EOF_CRLINI
-+update=$CRLUPDATE
-+addcert ${CRL_GRP_END} $CRL_GRP_DATE
-+EOF_CRLINI
-+  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
-+  chmod 600 ${CRL_FILE_GRP_1}_or1-dsa
-+  TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or-dsa"
-+
-+
-   if [ -z "$NSS_DISABLE_ECC" ] ; then
-       CU_ACTION="Modify CRL (ECC) by adding one more cert"
-       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \
-@@ -1524,6 +1810,21 @@ rmcert  ${UNREVOKED_CERT_GRP_1}
- EOF_CRLINI
-   chmod 600 ${CRL_FILE_GRP_1}
-   TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1"
-+
-+
-+  CU_ACTION="Modify CRL (DSA) by removing one cert"
-+  sleep 2
-+  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
-+  crlu -d $CADIR -M -n "TestCA-dsa" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1} \
-+      -i ${CRL_FILE_GRP_1}_or1 <<EOF_CRLINI
-+update=$CRLUPDATE
-+rmcert  ${UNREVOKED_CERT_GRP_1}
-+EOF_CRLINI
-+  chmod 600 ${CRL_FILE_GRP_1}
-+  TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1-dsa"
-+
-+
-+
-   if [ -z "$NSS_DISABLE_ECC" ] ; then
-       CU_ACTION="Modify CRL (ECC) by removing one cert"
-       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}-ec \
-diff -up ./tests/ssl/sslcov.txt.dhe_and_sha384 ./tests/ssl/sslcov.txt
---- ./tests/ssl/sslcov.txt.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./tests/ssl/sslcov.txt	2015-06-24 23:06:00.459872435 +0200
-@@ -35,6 +35,9 @@
-   noECC  SSL3   v    SSL3_RSA_WITH_AES_128_CBC_SHA
-   noECC  SSL3   y    SSL3_RSA_WITH_AES_256_CBC_SHA
-   noECC  SSL3   z    SSL3_RSA_WITH_NULL_SHA
-+  noECC  TLS12 :009F  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
-+  noECC  TLS12 :00A3  TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
-+  noECC  TLS12 :009D  TLS_RSA_WITH_AES_256_GCM_SHA384
- #  noECC  SSL3  :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- #  noECC  SSL3  :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- #
-@@ -86,10 +89,21 @@
-   noECC  TLS12   v    TLS12_RSA_WITH_AES_128_CBC_SHA
-   noECC  TLS12   y    TLS12_RSA_WITH_AES_256_CBC_SHA
-   noECC  TLS12   z    TLS12_RSA_WITH_NULL_SHA
-+  noECC  TLS12 :0016  TLS12_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-+  noECC  TLS12 :0032  TLS12_DHE_DSS_WITH_AES_128_CBC_SHA
-+  noECC  TLS12 :0033  TLS12_DHE_RSA_WITH_AES_128_CBC_SHA
-+  noECC  TLS12 :0038  TLS12_DHE_DSS_WITH_AES_256_CBC_SHA
-+  noECC  TLS12 :0039  TLS12_DHE_RSA_WITH_AES_256_CBC_SHA
-   noECC  TLS12 :003B  TLS12_RSA_WITH_NULL_SHA256
-   noECC  TLS12 :003C  TLS12_RSA_WITH_AES_128_CBC_SHA256
-   noECC  TLS12 :003D  TLS12_RSA_WITH_AES_256_CBC_SHA256
-+  noECC  TLS12 :0040  TLS12_DHE_DSS_WITH_AES_128_CBC_SHA256
-+  noECC  TLS12 :0067  TLS12_DHE_RSA_WITH_AES_128_CBC_SHA256
-+  noECC  TLS12 :006A  TLS12_DHE_DSS_WITH_AES_256_CBC_SHA256
-+  noECC  TLS12 :006B  TLS12_DHE_RSA_WITH_AES_256_CBC_SHA256
-   noECC  TLS12 :009C  TLS12_RSA_WITH_AES_128_GCM_SHA256
-+  noECC  TLS12 :009E  TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256
-+  noECC  TLS12 :00A2  TLS12_DHE_DSS_WITH_AES_128_GCM_SHA256
- #
- # ECC ciphers (TLS)
- #
-@@ -156,6 +170,10 @@
-    ECC   TLS12  :C013 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA
-    ECC   TLS12  :C014 TLS12_ECDHE_RSA_WITH_AES_256_CBC_SHA
-    ECC   TLS12  :C023 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-+   ECC   TLS12  :C024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-    ECC   TLS12  :C027 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-+   ECC   TLS12  :C028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-    ECC   TLS12  :C02B TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-+   ECC   TLS12  :C02C TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384
-    ECC   TLS12  :C02F TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-+   ECC   TLS12  :0030 TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA384
-diff -up ./tests/ssl/ssl.sh.dhe_and_sha384 ./tests/ssl/ssl.sh
---- ./tests/ssl/ssl.sh.dhe_and_sha384	2015-06-24 23:06:00.442872754 +0200
-+++ ./tests/ssl/ssl.sh	2015-06-24 23:06:00.459872435 +0200
-@@ -92,8 +92,8 @@ ssl_init()
-       ECC_STRING=""
-   fi
- 
--  CSHORT="-c ABCDEF:003B:003C:003D:0041:0084:009Ccdefgijklmnvyz"
--  CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:003B:003C:003D:0041:0084:009Ccdefgijklmnvyz"
-+  CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz"
-+  CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz"
- 
-   if [ "${OS_ARCH}" != "WINNT" ]; then
-       ulimit -n 1000 # make sure we have enough file descriptors
-@@ -225,15 +225,16 @@ start_selfserv()
-   fi
-   echo "selfserv starting at `date`"
-   echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
--  echo "         ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
-+  echo "         ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID}\\"
-+  echo "         $verbose -H 1 &"
-   if [ ${fileout} -eq 1 ]; then
-       ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
--               ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose \
-+               ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 \
-                > ${SERVEROUTFILE} 2>&1 &
-       RET=$?
-   else
-       ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
--               ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &
-+               ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 &
-       RET=$?
-   fi
- 
-diff -up ./tests/ssl/sslstress.txt.dhe_and_sha384 ./tests/ssl/sslstress.txt
---- ./tests/ssl/sslstress.txt.dhe_and_sha384	2015-05-28 19:50:45.000000000 +0200
-+++ ./tests/ssl/sslstress.txt	2015-06-24 23:06:00.459872435 +0200
-@@ -44,6 +44,7 @@
-    ECC      0      -c_:C027  -V_ssl3:_-c_1000_-C_:C027    Stress TLS  ECDHE-RSA   AES 128 CBC with SHA256
-    ECC      0      -c_:C02F  -V_ssl3:_-c_1000_-C_:C02F    Stress TLS  ECDHE-RSA   AES 128 GCM
-    ECC      0   -c_:C004_-u  -V_ssl3:_-c_1000_-C_:C004_-u Stress TLS  ECDH-ECDSA  AES 128 CBC with SHA (session ticket)
-+   ECC      0   -c_:C009_-u  -V_ssl3:_-c_100_-C_:C009_-u  Stress TLS  ECDHE-ECDSA AES 128 CBC with SHA (session ticket)
- #
- # add client auth versions here...
- #
-@@ -53,3 +54,33 @@
-    ECC      0      -r_-r_-c_:C00E  -V_ssl3:_-c_10_-C_:C00E_-N_-n_TestUser-ecmixed Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth)
-    ECC      0      -r_-r_-c_:C013  -V_ssl3:_-c_100_-C_:C013_-n_TestUser-ec Stress TLS ECDHE-RSA AES 128 CBC with SHA(client auth)
-    ECC      0      -r_-r_-c_:C013_-u -V_ssl3:_-c_100_-C_:C013_-n_TestUser-ec_-u Stress TLS ECDHE-RSA AES 128 CBC with SHA(session ticket, client auth)
-+
-+#
-+# ############################ DHE ciphers ############################
-+#
-+   noECC    0      -c_:0016  -V_ssl3:_-c_100_-C_:0016_-N  Stress TLS DHE_RSA_WITH_3DES_EDE_CBC_SHA (no reuse)
-+   noECC    0      -c_:0033  -V_ssl3:_-c_1000_-C_:0033    Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA
-+
-+
-+   noECC    0      -c_:0039  -V_ssl3:_-c_100_-C_:0039_-N  Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA (no reuse)
-+   noECC    0      -c_:0040  -V_ssl3:_-c_100_-C_:0040_-N  Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA256 (no reuse)
-+
-+#  noECC    0   -c_:0038_-u  -V_ssl3:_-c_1000_-C_:0038_-u Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (session ticket)
-+# use the above session ticket test, once session tickets with DHE_DSS are working
-+   noECC    0      -c_:0038  -V_ssl3:_-c_1000_-C_:0038_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (no reuse)
-+
-+#  noECC    0      -c_:006A  -V_ssl3:_-c_1000_-C_:006A    Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256
-+# use the above reuse test, once the session cache with DHE_DSS is working
-+   noECC    0      -c_:006A  -V_ssl3:_-c_1000_-C_:006A_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256 (no reuse
-+
-+   noECC    0      -c_:006B  -V_ssl3:_-c_100_-C_:006B_-N  Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA256 (no reuse)
-+   noECC    0      -c_:009E  -V_ssl3:_-c_100_-C_:009E_-N  Stress TLS DHE_RSA_WITH_AES_128_GCM_SHA256 (no reuse)
-+#
-+# add client auth versions here...
-+#
-+   noECC    0      -r_-r_-c_:0032  -V_ssl3:_-c_100_-C_:0032_-N_-n_TestUser-dsa     Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA (no reuse, client auth)
-+   noECC    0      -r_-r_-c_:0067  -V_ssl3:_-c_1000_-C_:0067_-n_TestUser-dsamixed  Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA256 (client auth)
-+
-+#  noECC    0   -r_-r_-c_:00A2_-u  -V_ssl3:_-c_1000_-C_:00A2_-n_TestUser-dsa_-u       Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (session ticket, client auth)
-+# use the above session ticket test, once session tickets with DHE_DSS are working
-+   noECC    0   -r_-r_-c_:00A2_-u  -V_ssl3:_-c_1000_-C_:00A2_-N_-n_TestUser-dsa    Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (no reuse, client auth)
diff --git a/SOURCES/disable-extended-master-secret-with-old-softoken.patch b/SOURCES/disable-extended-master-secret-with-old-softoken.patch
new file mode 100644
index 0000000..b385819
--- /dev/null
+++ b/SOURCES/disable-extended-master-secret-with-old-softoken.patch
@@ -0,0 +1,33 @@
+diff -up ./lib/ssl/sslsock.c.disable-ems ./lib/ssl/sslsock.c
+--- ./lib/ssl/sslsock.c.disable-ems	2016-02-04 16:49:04.148123592 -0800
++++ ./lib/ssl/sslsock.c	2016-02-04 16:50:15.483801476 -0800
+@@ -85,6 +85,7 @@ static sslOptions ssl_defaults = {
+     PR_TRUE,    /* reuseServerECDHEKey */
+     PR_FALSE,   /* enableFallbackSCSV */
+     PR_TRUE,    /* enableServerDhe */
++/* Keep extended-master-secret disabled until we have a compatible softokn. */
+     PR_FALSE    /* enableExtendedMS    */
+ };
+ 
+@@ -848,7 +849,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+         break;
+ 
+       case SSL_ENABLE_EXTENDED_MASTER_SECRET:
++#if 0
++/* No-Op until we have a compatible softokn. */
+         ss->opt.enableExtendedMS = on;
++#endif
+         break;
+ 
+       default:
+@@ -1192,7 +1203,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
+         break;
+ 
+       case SSL_ENABLE_EXTENDED_MASTER_SECRET:
++#if 0
++/* No-Op until we have a compatible softokn. */
+         ssl_defaults.enableExtendedMS = on;
++#endif
+         break;
+ 
+       default:
diff --git a/SOURCES/enable-ecdsa-ciphers-by-default.patch b/SOURCES/enable-ecdsa-ciphers-by-default.patch
deleted file mode 100644
index bb1a948..0000000
--- a/SOURCES/enable-ecdsa-ciphers-by-default.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-diff -up ./nss/lib/ssl/ssl3con.c.enable_ecdsa ./nss/lib/ssl/ssl3con.c
---- ./nss/lib/ssl/ssl3con.c.enable_ecdsa	2015-08-18 07:34:41.627936333 -0700
-+++ ./nss/lib/ssl/ssl3con.c	2015-08-18 07:37:19.781532228 -0700
-@@ -97,7 +97,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
-   */
-  { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-    /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
-     * bug 946147.
-@@ -105,12 +105,12 @@ static ssl3CipherSuiteCfg cipherSuites[s
-  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
- #endif /* NSS_DISABLE_ECC */
- 
-@@ -135,13 +135,13 @@ static ssl3CipherSuiteCfg cipherSuites[s
-  { TLS_DHE_DSS_WITH_RC4_128_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
- 
- #ifndef NSS_DISABLE_ECC
-- { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDH_ECDSA_WITH_RC4_128_SHA,         SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDH_ECDSA_WITH_RC4_128_SHA,         SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDH_RSA_WITH_RC4_128_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
- #endif /* NSS_DISABLE_ECC */
- 
diff --git a/SOURCES/enable-fips-when-system-is-in-fips-mode.patch b/SOURCES/enable-fips-when-system-is-in-fips-mode.patch
index 3870cfc..0ee13bb 100644
--- a/SOURCES/enable-fips-when-system-is-in-fips-mode.patch
+++ b/SOURCES/enable-fips-when-system-is-in-fips-mode.patch
@@ -1,7 +1,12 @@
-diff -up nss/lib/pk11wrap/pk11pars.c.fips nss/lib/pk11wrap/pk11pars.c
---- nss/lib/pk11wrap/pk11pars.c.fips	2013-05-28 14:43:24.000000000 -0700
-+++ nss/lib/pk11wrap/pk11pars.c	2013-07-10 18:54:16.733465910 -0700
-@@ -150,6 +150,10 @@ SECMOD_CreateModule(const char *library,
+diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
+--- a/lib/pk11wrap/pk11pars.c
++++ b/lib/pk11wrap/pk11pars.c
+@@ -159,16 +159,20 @@ SECMOD_CreateModuleEx(const char *librar
+     if (parameters) {
+ 	mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters);
+     }
+     if (config) {
+ 	/* XXX: Apply configuration */
      }
      mod->internal   = NSSUTIL_ArgHasFlag("flags","internal",nssc);
      mod->isFIPS     = NSSUTIL_ArgHasFlag("flags","FIPS",nssc);
@@ -12,10 +17,20 @@ diff -up nss/lib/pk11wrap/pk11pars.c.fips nss/lib/pk11wrap/pk11pars.c
      mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc);
      slotParams      = NSSUTIL_ArgGetParamValue("slotParams",nssc);
      mod->slotInfo   = NSSUTIL_ArgParseSlotInfo(mod->arena,slotParams,
-diff -up nss/lib/pk11wrap/pk11util.c.fips nss/lib/pk11wrap/pk11util.c
---- nss/lib/pk11wrap/pk11util.c.fips	2013-05-28 14:43:24.000000000 -0700
-+++ nss/lib/pk11wrap/pk11util.c	2013-07-10 18:54:16.734465927 -0700
-@@ -95,6 +95,25 @@ SECMOD_Shutdown() 
+ 							&mod->slotInfoCount);
+     if (slotParams) PORT_Free(slotParams);
+     /* new field */
+     mod->trustOrder  = NSSUTIL_ArgReadLong("trustOrder",nssc,
+ 					NSSUTIL_DEFAULT_TRUST_ORDER,NULL);
+diff --git a/lib/pk11wrap/pk11util.c b/lib/pk11wrap/pk11util.c
+--- a/lib/pk11wrap/pk11util.c
++++ b/lib/pk11wrap/pk11util.c
+@@ -90,16 +90,35 @@ SECMOD_Shutdown()
+ #endif
+     if (secmod_PrivateModuleCount) {
+     	PORT_SetError(SEC_ERROR_BUSY);
+ 	return SECFailure;
+     }
      return SECSuccess;
  }
  
@@ -41,7 +56,17 @@ diff -up nss/lib/pk11wrap/pk11util.c.fips nss/lib/pk11wrap/pk11util.c
  
  /*
   * retrieve the internal module
-@@ -417,7 +436,7 @@ SECMOD_DeleteInternalModule(const char *
+  */
+ SECMODModule *
+ SECMOD_GetInternalModule(void)
+ {
+    return internalModule;
+@@ -412,17 +431,17 @@ SECMOD_DeleteModule(const char *name, in
+  */
+ SECStatus
+ SECMOD_DeleteInternalModule(const char *name) 
+ {
+     SECMODModuleList *mlp;
      SECMODModuleList **mlpp;
      SECStatus rv = SECFailure;
  
@@ -50,19 +75,39 @@ diff -up nss/lib/pk11wrap/pk11util.c.fips nss/lib/pk11wrap/pk11util.c
  	PORT_SetError(SEC_ERROR_MODULE_STUCK);
  	return rv;
      }
-@@ -888,7 +907,7 @@ SECMOD_DestroyModuleList(SECMODModuleLis
+     if (!moduleLock) {
+     	PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+ 	return rv;
+     }
+ 
+@@ -883,17 +902,17 @@ SECMOD_DestroyModuleList(SECMODModuleLis
+     SECMODModuleList *lp;
+ 
+     for ( lp = list; lp != NULL; lp = SECMOD_DestroyModuleListElement(lp)) ;
+ }
+ 
  PRBool
  SECMOD_CanDeleteInternalModule(void)
  {
 -    return (PRBool) (pendingModule == NULL);
-+    return (PRBool) ((pendingModule == NULL) && !SECMOD_GetSystemFIPSEnabled()); 
++    return (PRBool) ((pendingModule == NULL) && !SECMOD_GetSystemFIPSEnabled());
  }
  
  /*
-diff -up nss/lib/pk11wrap/secmodi.h.fips nss/lib/pk11wrap/secmodi.h
---- nss/lib/pk11wrap/secmodi.h.fips	2013-07-10 18:55:06.358298154 -0700
-+++ nss/lib/pk11wrap/secmodi.h	2013-07-10 18:56:52.050069372 -0700
-@@ -116,7 +116,12 @@ PK11SymKey *pk11_TokenKeyGenWithFlagsAnd
+  * check to see if the module has added new slots. PKCS 11 v2.20 allows for
+  * modules to add new slots, but never remove them. Slots cannot be added 
+  * between a call to C_GetSlotLlist(Flag, NULL, &count) and the subsequent
+  * C_GetSlotList(flag, &data, &count) so that the array doesn't accidently
+  * grow on the caller. It is permissible for the slots to increase between
+diff --git a/lib/pk11wrap/secmodi.h b/lib/pk11wrap/secmodi.h
+--- a/lib/pk11wrap/secmodi.h
++++ b/lib/pk11wrap/secmodi.h
+@@ -108,17 +108,22 @@ SECStatus PBE_PK11ParamToAlgid(SECOidTag
+ PK11SymKey *pk11_TokenKeyGenWithFlagsAndKeyType(PK11SlotInfo *slot,
+ 	CK_MECHANISM_TYPE type, SECItem *param, CK_KEY_TYPE keyType, 
+ 	int keySize, SECItem *keyId, CK_FLAGS opFlags, 
+ 	PK11AttrFlags attrFlags, void *wincx);
+ 
  CK_MECHANISM_TYPE pk11_GetPBECryptoMechanism(SECAlgorithmID *algid,
                     SECItem **param, SECItem *pwd, PRBool faulty3DES);
  
@@ -76,3 +121,8 @@ diff -up nss/lib/pk11wrap/secmodi.h.fips nss/lib/pk11wrap/secmodi.h
  
  extern void pk11sdr_Init(void);
  extern void pk11sdr_Shutdown(void);
+ 
+ /*
+  * Private to pk11wrap.
+  */
+ 
diff --git a/SOURCES/fix-allowed-sig-alg.patch b/SOURCES/fix-allowed-sig-alg.patch
new file mode 100644
index 0000000..ca908b6
--- /dev/null
+++ b/SOURCES/fix-allowed-sig-alg.patch
@@ -0,0 +1,90 @@
+--- nss/lib/ssl/ssl3con.prekai	2016-03-23 08:29:25.000000000 -0400
++++ nss/lib/ssl/ssl3con.c	2016-03-29 15:00:44.457697131 -0400
+@@ -204,6 +204,7 @@
+     {ssl_hash_sha512, ssl_sign_ecdsa},
+     {ssl_hash_sha1, ssl_sign_ecdsa},
+ #endif
++    {ssl_hash_sha384, ssl_sign_dsa},
+     {ssl_hash_sha256, ssl_sign_dsa},
+     {ssl_hash_sha1, ssl_sign_dsa}
+ };
+@@ -270,27 +271,6 @@
+     ct_DSS_sign,
+ };
+ 
+-/* This block is the contents of the supported_signature_algorithms field of
+- * our TLS 1.2 CertificateRequest message, in wire format. See
+- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
+- *
+- * We only support TLS 1.2
+- * CertificateVerify messages that use the handshake PRF hash. */
+-static const PRUint8 supported_signature_algorithms_sha256[] = {
+-    tls_hash_sha256, tls_sig_rsa,
+-#ifndef NSS_DISABLE_ECC
+-    tls_hash_sha256, tls_sig_ecdsa,
+-#endif
+-    tls_hash_sha256, tls_sig_dsa,
+-};
+-static const PRUint8 supported_signature_algorithms_sha384[] = {
+-    tls_hash_sha384, tls_sig_rsa,
+-#ifndef NSS_DISABLE_ECC
+-    tls_hash_sha384, tls_sig_ecdsa,
+-#endif
+-    tls_hash_sha384, tls_sig_dsa,
+-};
+-
+ #define EXPORT_RSA_KEY_LENGTH 64	/* bytes */
+ 
+ 
+@@ -9561,7 +9541,8 @@
+ }
+ 
+ static SECStatus
+-ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf,
++ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 allowedHashAlg,
++                                     PRUint8 *buf,
+                                      unsigned maxLen, PRUint32 *len)
+ {
+     unsigned int i;
+@@ -9578,7 +9559,7 @@
+         /* Note that we don't support a handshake hash with anything other than
+          * SHA-256, so asking for a signature from clients for something else
+          * would be inviting disaster. */
+-        if (alg->hashAlg == ssl_hash_sha256 || alg->hashAlg == ssl_hash_sha384) {
++        if (alg->hashAlg == allowedHashAlg) {
+             buf[(*len)++] = (PRUint8)alg->hashAlg;
+             buf[(*len)++] = (PRUint8)alg->sigAlg;
+         }
+@@ -9608,6 +9589,7 @@
+     PRUint8        sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2];
+     unsigned int   sigAlgsLength = 0;
+     SECOidData *hashOid;
++    PRUint8        allowedHashAlg;
+ 
+     SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake",
+ 		SSL_GETPID(), ss->fd));
+@@ -9639,19 +9621,19 @@
+     if (hashOid == NULL) {
+ 	return SECFailure; 		/* err set by AppendHandshake. */
+     }
++
+     if (hashOid->offset == SEC_OID_SHA256) {
+-	sigAlgsLength = sizeof supported_signature_algorithms_sha256;
+-    PORT_Memcpy(sigAlgs, supported_signature_algorithms_sha256, sigAlgsLength);
++        allowedHashAlg = ssl_hash_sha256;
+     } else if (hashOid->offset == SEC_OID_SHA384) {
+-	sigAlgsLength = sizeof supported_signature_algorithms_sha384;
+-    PORT_Memcpy(sigAlgs, supported_signature_algorithms_sha384, sigAlgsLength);
++        allowedHashAlg = ssl_hash_sha384;
+     } else {
+ 	return SECFailure; 		/* err set by AppendHandshake. */
+     }
+ 
+     length = 1 + certTypesLength + 2 + calen;
+     if (isTLS12) {
+-        rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs),
++        rv = ssl3_EncodeCertificateRequestSigAlgs(ss, allowedHashAlg,
++                                                  sigAlgs, sizeof(sigAlgs),
+                                                   &sigAlgsLength);
+         if (rv != SECSuccess) {
+             return rv;
diff --git a/SOURCES/fix-disable-sslv2-libssl.patch b/SOURCES/fix-disable-sslv2-libssl.patch
deleted file mode 100644
index 92715db..0000000
--- a/SOURCES/fix-disable-sslv2-libssl.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff -up ./nss/lib/ssl/sslsock.c.handle_null ./nss/lib/ssl/sslsock.c
---- ./nss/lib/ssl/sslsock.c.handle_null	2015-08-07 11:14:17.664389222 -0700
-+++ ./nss/lib/ssl/sslsock.c	2015-08-07 11:15:33.690950335 -0700
-@@ -1193,8 +1193,17 @@ ssl_IsRemovedCipherSuite(PRInt32 suite)
-     /* both ssl2 and export cipher suites disabled */
-     if (SSL_IS_SSL2_CIPHER(suite))
-         return PR_TRUE;
--    if (SSL_IsExportCipherSuite(suite))
--      return PR_TRUE;
-+    if (SSL_IsExportCipherSuite(suite)) {
-+        SSLCipherSuiteInfo csdef;
-+        if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess) {
-+            /* failure to retrieve info, disable */
-+            return PR_TRUE;
-+        }
-+        if (csdef.symCipher != ssl_calg_null) {
-+            /* disable all except NULL ciphersuites */
-+            return PR_TRUE;
-+        }
-+    }
- #endif /* NSS_NO_SSL2_NO_EXPORT */
-     switch (suite) {
-     case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
diff --git a/SOURCES/fix-disable-sslv2-tests.patch b/SOURCES/fix-disable-sslv2-tests.patch
deleted file mode 100644
index cc1689c..0000000
--- a/SOURCES/fix-disable-sslv2-tests.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-diff -up ./nss/tests/ssl/ssl.sh.fix_skipping ./nss/tests/ssl/ssl.sh
---- ./nss/tests/ssl/ssl.sh.fix_skipping	2015-08-09 08:19:47.771702882 -0700
-+++ ./nss/tests/ssl/ssl.sh	2015-08-09 08:21:35.749328230 -0700
-@@ -125,7 +125,7 @@ is_selfserv_alive()
-   fi
- 
-   echo "kill -0 ${PID} >/dev/null 2>/dev/null" 
--  if [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then
-+  if [ "${NSS_NO_SSL2}" = "1" ] && [ ${EXP} -eq 0 -o ${SSL2} -eq 0 ]; then
-   echo "No server to kill"
-   else
-   kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable"
-@@ -152,7 +152,7 @@ wait_for_selfserv()
-       ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
-               -d ${P_R_CLIENTDIR} -v < ${REQUEST_FILE}
-       if [ $? -ne 0 ]; then
--          if [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then
-+          if [ "${NSS_NO_SSL2}" = "1" ] && [ ${EXP} -eq 0 -o ${SSL2} -eq 0 ]; then
-               html_passed "Server never started"
-           else
-           html_failed "Waiting for Server"
-@@ -294,7 +294,10 @@ ssl_cov()
-       SSL2=$?
- 
-       #  skip export and ssl2 tests when build has disabled SSL2
--      [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ] && continue
-+      if [ "${NSS_NO_SSL2}" = "1" ] && [ ${EXP} -eq 0 || ${SSL2} -eq 0 ]; then
-+         echo "yyy exp/ssl2 test skipped: (NSS_NO_SSL2,EXP,SSL2)=(${NSS_NO_SSL2},${EXP},${SSL2})"
-+         continue
-+      fi
- 
-       if [ "${SSL2}" -eq 0 ] ; then
-           # We cannot use asynchronous cert verification with SSL2
diff --git a/SOURCES/fix-min-library-version-in-SSLVersionRange.patch b/SOURCES/fix-min-library-version-in-SSLVersionRange.patch
index 49026a2..00facbf 100644
--- a/SOURCES/fix-min-library-version-in-SSLVersionRange.patch
+++ b/SOURCES/fix-min-library-version-in-SSLVersionRange.patch
@@ -1,7 +1,7 @@
-diff -up ./nss/lib/ssl/sslsock.c.1171318 ./nss/lib/ssl/sslsock.c
---- ./nss/lib/ssl/sslsock.c.1171318	2015-08-26 13:21:57.225290386 -0700
-+++ ./nss/lib/ssl/sslsock.c	2015-08-26 13:23:28.037507487 -0700
-@@ -91,7 +91,7 @@ static sslOptions ssl_defaults = {
+diff -up ./lib/ssl/sslsock.c.1171318 ./lib/ssl/sslsock.c
+--- ./lib/ssl/sslsock.c.1171318	2016-02-04 10:57:08.489310227 -0800
++++ ./lib/ssl/sslsock.c	2016-02-04 11:02:59.290818001 -0800
+@@ -92,7 +92,7 @@ static sslOptions ssl_defaults = {
   * default range of enabled SSL/TLS protocols
   */
  static SSLVersionRange versions_defaults_stream = {
diff --git a/SOURCES/fix-nss-test-filtering.patch b/SOURCES/fix-nss-test-filtering.patch
new file mode 100644
index 0000000..43714d5
--- /dev/null
+++ b/SOURCES/fix-nss-test-filtering.patch
@@ -0,0 +1,23 @@
+diff --git a/tests/all.sh b/tests/all.sh
+--- a/tests/all.sh
++++ b/tests/all.sh
+@@ -106,17 +106,18 @@
+ ############################## run_tests ###############################
+ # run test suites defined in TESTS variable, skip scripts defined in
+ # TESTS_SKIP variable
+ ########################################################################
+ run_tests()
+ {
+     for TEST in ${TESTS}
+     do
+-        echo "${TESTS_SKIP}" | grep "${TEST}" > /dev/null
++        echo "Checking if ${TEST} should be skipped based on skip list [${TESTS_SKIP}]"
++        echo "${TESTS_SKIP}" | grep -w "${TEST}" > /dev/null
+         if [ $? -eq 0 ]; then
+             continue
+         fi
+ 
+         SCRIPTNAME=${TEST}.sh
+         echo "Running tests for ${TEST}"
+         echo "TIMESTAMP ${TEST} BEGIN: `date`" 
+         (cd ${QADIR}/${TEST}; . ./${SCRIPTNAME} 2>&1)
diff --git a/SOURCES/iquote.patch b/SOURCES/iquote.patch
index 02f9de8..c032c77 100644
--- a/SOURCES/iquote.patch
+++ b/SOURCES/iquote.patch
@@ -1,29 +1,19 @@
-diff -up ./nss/cmd/bltest/Makefile.iquote ./nss/cmd/bltest/Makefile
---- ./nss/cmd/bltest/Makefile.iquote	2014-01-03 11:59:10.000000000 -0800
-+++ ./nss/cmd/bltest/Makefile	2014-01-18 11:31:32.277404478 -0800
-@@ -45,6 +45,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
- # (6) Execute "component" rules. (OPTIONAL)                           #
- #######################################################################
- 
-+INCLUDES += -iquote $(DIST)/../private/nss
- 
- 
- #######################################################################
 diff -up ./nss/cmd/certutil/Makefile.iquote ./nss/cmd/certutil/Makefile
---- ./nss/cmd/certutil/Makefile.iquote	2015-03-25 15:52:30.276938803 -0700
-+++ ./nss/cmd/certutil/Makefile	2015-03-25 15:53:53.044536721 -0700
-@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+--- ./nss/cmd/certutil/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/cmd/certutil/Makefile	2016-02-06 08:03:25.509936899 -0800
+@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
  
-+INCLUDES += -iquote $(DIST)/../private/nss
+-
 +INCLUDES += -iquote $(DIST)/../public/nss
- 
++INCLUDES += -iquote $(DIST)/../private/nss
  
  #######################################################################
+ # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/httpserv/Makefile.iquote ./nss/cmd/httpserv/Makefile
---- ./nss/cmd/httpserv/Makefile.iquote	2014-01-18 11:33:15.058108851 -0800
-+++ ./nss/cmd/httpserv/Makefile	2014-01-18 11:34:08.913478276 -0800
+--- ./nss/cmd/httpserv/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/cmd/httpserv/Makefile	2016-02-06 08:00:39.403191706 -0800
 @@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -35,8 +25,8 @@ diff -up ./nss/cmd/httpserv/Makefile.iquote ./nss/cmd/httpserv/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/lib/Makefile.iquote ./nss/cmd/lib/Makefile
---- ./nss/cmd/lib/Makefile.iquote	2014-01-03 11:59:10.000000000 -0800
-+++ ./nss/cmd/lib/Makefile	2014-01-18 11:31:32.309404697 -0800
+--- ./nss/cmd/lib/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/cmd/lib/Makefile	2016-02-06 08:00:39.403191706 -0800
 @@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -48,8 +38,8 @@ diff -up ./nss/cmd/lib/Makefile.iquote ./nss/cmd/lib/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/modutil/Makefile.iquote ./nss/cmd/modutil/Makefile
---- ./nss/cmd/modutil/Makefile.iquote	2014-05-31 11:14:36.880951209 -0700
-+++ ./nss/cmd/modutil/Makefile	2014-05-31 11:15:13.423253804 -0700
+--- ./nss/cmd/modutil/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/cmd/modutil/Makefile	2016-02-06 08:00:39.403191706 -0800
 @@ -41,7 +41,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -61,8 +51,8 @@ diff -up ./nss/cmd/modutil/Makefile.iquote ./nss/cmd/modutil/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/selfserv/Makefile.iquote ./nss/cmd/selfserv/Makefile
---- ./nss/cmd/selfserv/Makefile.iquote	2014-05-31 10:41:33.790380931 -0700
-+++ ./nss/cmd/selfserv/Makefile	2014-05-31 10:42:12.319696191 -0700
+--- ./nss/cmd/selfserv/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/cmd/selfserv/Makefile	2016-02-06 08:00:39.403191706 -0800
 @@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -74,21 +64,21 @@ diff -up ./nss/cmd/selfserv/Makefile.iquote ./nss/cmd/selfserv/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/ssltap/Makefile.iquote ./nss/cmd/ssltap/Makefile
---- ./nss/cmd/ssltap/Makefile.iquote	2014-05-31 10:46:19.661718435 -0700
-+++ ./nss/cmd/ssltap/Makefile	2014-05-31 10:47:11.269140037 -0700
+--- ./nss/cmd/ssltap/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/cmd/ssltap/Makefile	2016-02-06 08:04:21.595228841 -0800
 @@ -39,7 +39,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
  
 -
-+INCLUDES += -iquote $(DIST)/../public/nss
 +INCLUDES += -iquote $(DIST)/../private/nss
++INCLUDES += -iquote $(DIST)/../public/nss
  
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/strsclnt/Makefile.iquote ./nss/cmd/strsclnt/Makefile
---- ./nss/cmd/strsclnt/Makefile.iquote	2014-05-31 10:51:00.833015089 -0700
-+++ ./nss/cmd/strsclnt/Makefile	2014-05-31 10:51:30.397255298 -0700
+--- ./nss/cmd/strsclnt/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/cmd/strsclnt/Makefile	2016-02-06 08:00:39.404191687 -0800
 @@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -100,32 +90,32 @@ diff -up ./nss/cmd/strsclnt/Makefile.iquote ./nss/cmd/strsclnt/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/tstclnt/Makefile.iquote ./nss/cmd/tstclnt/Makefile
---- ./nss/cmd/tstclnt/Makefile.iquote	2014-05-01 20:27:18.000000000 -0700
-+++ ./nss/cmd/tstclnt/Makefile	2014-05-31 10:57:43.740326022 -0700
-@@ -42,5 +42,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
- # (7) Execute "local" rules. (OPTIONAL).                              #
+--- ./nss/cmd/tstclnt/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/cmd/tstclnt/Makefile	2016-02-06 08:04:40.506961353 -0800
+@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  #######################################################################
  
+ #include ../platlibs.mk
 +INCLUDES += -iquote $(DIST)/../public/nss
 +INCLUDES += -iquote $(DIST)/../private/nss
-+
- include ../platrules.mk
  
-diff -up ./nss/cmd/vfyserv/Makefile.iquote ./nss/cmd/vfyserv/Makefile
---- ./nss/cmd/vfyserv/Makefile.iquote	2014-05-31 11:00:19.522669067 -0700
-+++ ./nss/cmd/vfyserv/Makefile	2014-05-31 11:00:42.954870502 -0700
-@@ -42,5 +42,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
+diff -up ./nss/cmd/vfyserv/Makefile.iquote ./nss/cmd/vfyserv/Makefile
+--- ./nss/cmd/vfyserv/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/cmd/vfyserv/Makefile	2016-02-06 08:04:55.758745631 -0800
+@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  #######################################################################
  
+ #include ../platlibs.mk
 +INCLUDES += -iquote $(DIST)/../public/nss
 +INCLUDES += -iquote $(DIST)/../private/nss
-+
- include ../platrules.mk
  
+ #######################################################################
+ # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/coreconf/location.mk.iquote ./nss/coreconf/location.mk
---- ./nss/coreconf/location.mk.iquote	2014-01-03 11:59:10.000000000 -0800
-+++ ./nss/coreconf/location.mk	2014-01-18 11:31:32.309404697 -0800
+--- ./nss/coreconf/location.mk.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/coreconf/location.mk	2016-02-06 08:00:39.404191687 -0800
 @@ -45,6 +45,10 @@ endif
  
  ifdef NSS_INCLUDE_DIR
@@ -138,8 +128,8 @@ diff -up ./nss/coreconf/location.mk.iquote ./nss/coreconf/location.mk
  
  ifndef NSS_LIB_DIR
 diff -up ./nss/lib/certhigh/Makefile.iquote ./nss/lib/certhigh/Makefile
---- ./nss/lib/certhigh/Makefile.iquote	2014-01-03 11:59:10.000000000 -0800
-+++ ./nss/lib/certhigh/Makefile	2014-01-18 11:31:32.310404704 -0800
+--- ./nss/lib/certhigh/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/lib/certhigh/Makefile	2016-02-06 08:00:39.404191687 -0800
 @@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -150,8 +140,8 @@ diff -up ./nss/lib/certhigh/Makefile.iquote ./nss/lib/certhigh/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/lib/cryptohi/Makefile.iquote ./nss/lib/cryptohi/Makefile
---- ./nss/lib/cryptohi/Makefile.iquote	2014-01-03 11:59:10.000000000 -0800
-+++ ./nss/lib/cryptohi/Makefile	2014-01-18 11:31:32.310404704 -0800
+--- ./nss/lib/cryptohi/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/lib/cryptohi/Makefile	2016-02-06 08:00:39.404191687 -0800
 @@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -162,21 +152,21 @@ diff -up ./nss/lib/cryptohi/Makefile.iquote ./nss/lib/cryptohi/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/lib/libpkix/pkix/checker/Makefile.iquote ./nss/lib/libpkix/pkix/checker/Makefile
---- ./nss/lib/libpkix/pkix/checker/Makefile.iquote	2014-01-03 11:59:10.000000000 -0800
-+++ ./nss/lib/libpkix/pkix/checker/Makefile	2014-01-18 11:31:32.310404704 -0800
+--- ./nss/lib/libpkix/pkix/checker/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/lib/libpkix/pkix/checker/Makefile	2016-02-06 08:05:24.277342263 -0800
 @@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
  
 -
-+INCLUDES += -iquote $(DIST)/../public/nss
 +INCLUDES += -iquote $(DIST)/../private/nss
++INCLUDES += -iquote $(DIST)/../public/nss
  
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/lib/nss/Makefile.iquote ./nss/lib/nss/Makefile
---- ./nss/lib/nss/Makefile.iquote	2014-01-03 11:59:10.000000000 -0800
-+++ ./nss/lib/nss/Makefile	2014-01-18 11:31:32.310404704 -0800
+--- ./nss/lib/nss/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/lib/nss/Makefile	2016-02-06 08:00:39.404191687 -0800
 @@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -188,8 +178,8 @@ diff -up ./nss/lib/nss/Makefile.iquote ./nss/lib/nss/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/lib/ssl/Makefile.iquote ./nss/lib/ssl/Makefile
---- ./nss/lib/ssl/Makefile.iquote	2015-06-05 15:42:16.661963153 -0700
-+++ ./nss/lib/ssl/Makefile	2015-06-05 15:43:25.862697604 -0700
+--- ./nss/lib/ssl/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/lib/ssl/Makefile	2016-02-06 08:00:39.404191687 -0800
 @@ -49,6 +49,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -198,3 +188,15 @@ diff -up ./nss/lib/ssl/Makefile.iquote ./nss/lib/ssl/Makefile
  
  
  #######################################################################
+diff -up ./nss/external_tests/ssl_gtest/Makefile.iquote ./nss/external_tests/ssl_gtest/Makefile
+--- ./nss/external_tests/ssl_gtest/Makefile.iquote	2016-02-18 21:51:23.746893964 -0500
++++ ./nss/external_tests/ssl_gtest/Makefile	2016-02-18 21:52:32.825583479 -0500
+@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (6) Execute "component" rules. (OPTIONAL)                           #
+ #######################################################################
+ 
++INCLUDES += -iquote $(DIST)/../public/nss
++INCLUDES += -iquote $(DIST)/../private/nss
+ 
+ #######################################################################
+ # (7) Execute "local" rules. (OPTIONAL).                              #
diff --git a/SOURCES/nss-3.16-token-init-race.patch b/SOURCES/nss-3.16-token-init-race.patch
new file mode 100644
index 0000000..08524b8
--- /dev/null
+++ b/SOURCES/nss-3.16-token-init-race.patch
@@ -0,0 +1,349 @@
+diff -up ./nss/lib/pk11wrap/dev3hack.c.init-token-race ./nss/lib/pk11wrap/dev3hack.c
+--- ./nss/lib/pk11wrap/dev3hack.c.init-token-race	2014-10-24 15:55:55.000000000 -0700
++++ ./nss/lib/pk11wrap/dev3hack.c	2015-02-18 12:37:03.184120865 -0800
+@@ -245,6 +245,16 @@ nssSlot_Refresh
+     if (slot->token && slot->token->base.name[0] == 0) {
+ 	doit = PR_TRUE;
+     }
++    /* invalidate the session in the nss3slot if we haven't done an init
++     * token since we noticed that the token->default session is invalid.
++     * This works because the monitor lock and the token session lock are the
++     * same locks */
++    PK11_EnterSlotMonitor(nss3slot);
++    if ((slot->token == NULL) || (slot->token->defaultSession == NULL) || 
++		(slot->token->defaultSession->handle == CK_INVALID_SESSION)) {
++	nss3slot->session = CK_INVALID_SESSION;
++    }
++    PK11_ExitSlotMonitor(nss3slot);
+     if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {
+ 	return PR_FAILURE;
+     }
+@@ -252,7 +262,8 @@ nssSlot_Refresh
+ 	nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain, 
+ 	                                      slot->token);
+     }
+-    return nssToken_Refresh(slot->token);
++    /* no need to call nssToken_Refresh since PK11_Init has already done so */
++    return PR_SUCCESS;
+ }
+ 
+ NSS_IMPLEMENT PRStatus
+diff -up ./nss/lib/pk11wrap/pk11auth.c.init-token-race ./nss/lib/pk11wrap/pk11auth.c
+--- ./nss/lib/pk11wrap/pk11auth.c.init-token-race	2014-10-24 15:55:55.000000000 -0700
++++ ./nss/lib/pk11wrap/pk11auth.c	2015-02-18 12:37:03.184120865 -0800
+@@ -73,7 +73,6 @@ pk11_CheckPassword(PK11SlotInfo *slot, C
+ 						(unsigned char *)pw,len);
+ 	slot->lastLoginCheck = 0;
+ 	mustRetry = PR_FALSE;
+-	if (!alreadyLocked) PK11_ExitSlotMonitor(slot);
+ 	switch (crv) {
+ 	/* if we're already logged in, we're good to go */
+ 	case CKR_OK:
+@@ -100,7 +99,16 @@ pk11_CheckPassword(PK11SlotInfo *slot, C
+ 		break;
+ 	    }
+ 	    if (retry++ == 0) {
++		/* we already know the this session is invalid */
++		slot->session = CK_INVALID_SESSION; 
++		/* can't enter PK11_InitToken holding the lock
++		 * This is safe because the only places that tries to
++		 * hold the slot monitor over this call pass their own
++		 * session, which would have failed above.
++		 * (session != slot->session) */
++		PK11_ExitSlotMonitor(slot);
+ 		rv = PK11_InitToken(slot,PR_FALSE);
++		PK11_EnterSlotMonitor(slot);
+ 		if (rv == SECSuccess) {
+ 		    if (slot->session != CK_INVALID_SESSION) {
+ 			session = slot->session; /* we should have 
+@@ -118,6 +126,7 @@ pk11_CheckPassword(PK11SlotInfo *slot, C
+ 	    PORT_SetError(PK11_MapError(crv));
+ 	    rv = SECFailure; /* some failure we can't fix by retrying */
+ 	}
++	if (!alreadyLocked) PK11_ExitSlotMonitor(slot);
+     } while (mustRetry);
+     return rv;
+ }
+@@ -455,14 +464,18 @@ done:
+     slot->lastLoginCheck = 0;
+     PK11_RestoreROSession(slot,rwsession);
+     if (rv == SECSuccess) {
++	PK11_EnterSlotMonitor(slot);
+         /* update our view of the world */
++	if (slot->session != CK_INVALID_SESSION) {
++		PK11_GETTAB(slot)->C_CloseSession(slot->session);
++		slot->session = CK_INVALID_SESSION;
++	}
++	PK11_ExitSlotMonitor(slot);
+         PK11_InitToken(slot,PR_TRUE);
+ 	if (slot->needLogin) {
+-	    PK11_EnterSlotMonitor(slot);
+ 	    PK11_GETTAB(slot)->C_Login(slot->session,CKU_USER,
+ 						(unsigned char *)userpw,len);
+ 	    slot->lastLoginCheck = 0;
+-	    PK11_ExitSlotMonitor(slot);
+ 	}
+     }
+     return rv;
+@@ -506,7 +519,7 @@ PK11_ChangePW(PK11SlotInfo *slot, const 
+     PK11_RestoreROSession(slot,rwsession);
+ 
+     /* update our view of the world */
+-    PK11_InitToken(slot,PR_TRUE);
++    /* PK11_InitToken(slot,PR_TRUE); */
+     return rv;
+ }
+ 
+diff -up ./nss/lib/pk11wrap/pk11slot.c.init-token-race ./nss/lib/pk11wrap/pk11slot.c
+--- ./nss/lib/pk11wrap/pk11slot.c.init-token-race	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/lib/pk11wrap/pk11slot.c	2016-01-12 17:58:34.519114993 -0800
+@@ -1053,6 +1053,7 @@ PK11_ReadMechanismList(PK11SlotInfo *slo
+     CK_ULONG count;
+     CK_RV crv;
+     PRUint32 i;
++    char mechanismBits[sizeof(slot->mechanismBits)];
+ 
+     if (slot->mechanismList) {
+ 	PORT_Free(slot->mechanismList);
+@@ -1060,10 +1061,8 @@ PK11_ReadMechanismList(PK11SlotInfo *slo
+     }
+     slot->mechanismCount = 0;
+ 
+-    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
+     crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID,NULL,&count);
+     if (crv != CKR_OK) {
+-	if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
+ 	PORT_SetError(PK11_MapError(crv));
+ 	return SECFailure;
+     }
+@@ -1071,12 +1070,10 @@ PK11_ReadMechanismList(PK11SlotInfo *slo
+     slot->mechanismList = (CK_MECHANISM_TYPE *)
+ 			    PORT_Alloc(count *sizeof(CK_MECHANISM_TYPE));
+     if (slot->mechanismList == NULL) {
+-	if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
+ 	return SECFailure;
+     }
+     crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID,
+ 						slot->mechanismList, &count);
+-    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
+     if (crv != CKR_OK) {
+ 	PORT_Free(slot->mechanismList);
+ 	slot->mechanismList = NULL;
+@@ -1084,14 +1081,16 @@ PK11_ReadMechanismList(PK11SlotInfo *slo
+ 	return SECSuccess;
+     }
+     slot->mechanismCount = count;
+-    PORT_Memset(slot->mechanismBits, 0, sizeof(slot->mechanismBits));
++    PORT_Memset(mechanismBits, 0, sizeof(slot->mechanismBits));
+ 
+     for (i=0; i < count; i++) {
+ 	CK_MECHANISM_TYPE mech = slot->mechanismList[i];
+ 	if (mech < 0x7ff) {
+-	    slot->mechanismBits[mech & 0xff] |= 1 << (mech >> 8);
++	    mechanismBits[mech & 0xff] |= 1 << (mech >> 8);
+ 	}
+     }
++    PORT_Memcpy(slot->mechanismBits, mechanismBits, 
++					sizeof(slot->mechanismBits));
+     return SECSuccess;
+ }
+ 
+@@ -1108,12 +1107,20 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo
+     CK_RV crv;
+     SECStatus rv;
+     PRStatus status;
++    CK_SESSION_HANDLE session;
++ 
++    PK11_EnterSlotMonitor(slot);
++    if (slot->session != CK_INVALID_SESSION) {
++	/* The reason for doing an InitToken has already been satisfied by
++         * another thread. Just return */
++	PK11_ExitSlotMonitor(slot);
++	return SECSuccess;
++    }
+ 
+     /* set the slot flags to the current token values */
+-    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
+     crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,&tokenInfo);
+-    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
+     if (crv != CKR_OK) {
++	PK11_ExitSlotMonitor(slot);
+ 	PORT_SetError(PK11_MapError(crv));
+ 	return SECFailure;
+     }
+@@ -1150,7 +1157,10 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo
+     slot->defRWSession = (PRBool)((!slot->readOnly) && 
+ 					(tokenInfo.ulMaxSessionCount == 1));
+     rv = PK11_ReadMechanismList(slot);
+-    if (rv != SECSuccess) return rv;
++    if (rv != SECSuccess)  {
++	PK11_ExitSlotMonitor(slot);
++ 	return rv;
++    }
+ 
+     slot->hasRSAInfo = PR_FALSE;
+     slot->RSAInfoFlags = 0;
+@@ -1165,50 +1175,23 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo
+ 	slot->maxKeyCount = tokenInfo.ulMaxSessionCount/2;
+     }
+ 
+-    /* Make sure our session handle is valid */
+-    if (slot->session == CK_INVALID_SESSION) {
+-	/* we know we don't have a valid session, go get one */
+-	CK_SESSION_HANDLE session;
+-
+-	/* session should be Readonly, serial */
+-	if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
+-	crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
++    /* we know we don't have a valid session, go get one */
++    /* session should be Readonly, serial */
++    crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
+ 	      (slot->defRWSession ? CKF_RW_SESSION : 0) | CKF_SERIAL_SESSION,
+ 				  slot,pk11_notify,&session);
+-	if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
+-	if (crv != CKR_OK) {
+-	    PORT_SetError(PK11_MapError(crv));
+-	    return SECFailure;
+-	}
+-	slot->session = session;
+-    } else {
+-	/* The session we have may be defunct (the token associated with it)
+-	 * has been removed   */
+-	CK_SESSION_INFO sessionInfo;
+-
+-	if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
+-	crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session,&sessionInfo);
+-        if (crv == CKR_DEVICE_ERROR) {
+-	    PK11_GETTAB(slot)->C_CloseSession(slot->session);
+-	    crv = CKR_SESSION_CLOSED;
+-	}
+-	if ((crv==CKR_SESSION_CLOSED) || (crv==CKR_SESSION_HANDLE_INVALID)) {
+-	    crv =PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
+-	      (slot->defRWSession ? CKF_RW_SESSION : 0) | CKF_SERIAL_SESSION,
+-					slot,pk11_notify,&slot->session);
+-	    if (crv != CKR_OK) {
+-	        PORT_SetError(PK11_MapError(crv));
+-		slot->session = CK_INVALID_SESSION;
+-		if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
+-		return SECFailure;
+-	    }
+-	}
+-	if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
++    if (crv != CKR_OK) {
++	PK11_ExitSlotMonitor(slot);
++	PORT_SetError(PK11_MapError(crv));
++	return SECFailure;
+     }
++    slot->session = session;
+ 
+     status = nssToken_Refresh(slot->nssToken);
+-    if (status != PR_SUCCESS)
++    if (status != PR_SUCCESS) {
++	PK11_ExitSlotMonitor(slot);
+     	return SECFailure;
++     }
+ 
+     if (!(slot->isInternal) && (slot->hasRandom)) {
+ 	/* if this slot has a random number generater, use it to add entropy
+@@ -1221,28 +1204,20 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo
+ 	    /* if this slot can issue random numbers, get some entropy from
+ 	     * that random number generater and give it to our internal token.
+ 	     */
+-	    PK11_EnterSlotMonitor(slot);
+ 	    crv = PK11_GETTAB(slot)->C_GenerateRandom
+ 			(slot->session,random_bytes, sizeof(random_bytes));
+-	    PK11_ExitSlotMonitor(slot);
+ 	    if (crv == CKR_OK) {
+-	        PK11_EnterSlotMonitor(int_slot);
+ 		PK11_GETTAB(int_slot)->C_SeedRandom(int_slot->session,
+ 					random_bytes, sizeof(random_bytes));
+-	        PK11_ExitSlotMonitor(int_slot);
+ 	    }
+ 
+ 	    /* Now return the favor and send entropy to the token's random 
+ 	     * number generater */
+-	    PK11_EnterSlotMonitor(int_slot);
+ 	    crv = PK11_GETTAB(int_slot)->C_GenerateRandom(int_slot->session,
+ 					random_bytes, sizeof(random_bytes));
+-	    PK11_ExitSlotMonitor(int_slot);
+ 	    if (crv == CKR_OK) {
+-	        PK11_EnterSlotMonitor(slot);
+ 		crv = PK11_GETTAB(slot)->C_SeedRandom(slot->session,
+ 					random_bytes, sizeof(random_bytes));
+-	        PK11_ExitSlotMonitor(slot);
+ 	    }
+ 	    PK11_FreeSlot(int_slot);
+ 	}
+@@ -1274,6 +1249,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo
+ 	    PK11_GETTAB(slot)->C_CloseSession(session);
+ 	}
+     }
++    PK11_ExitSlotMonitor(slot);
+ 	
+     return SECSuccess;
+ }
+@@ -1387,6 +1363,8 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT
+     }
+     /* if the token is present, initialize it */
+     if ((slotInfo.flags & CKF_TOKEN_PRESENT) != 0) {
++	/* session was initialized to CK_INVALID_SESSION when the slot
++  	 * was created */
+ 	rv = PK11_InitToken(slot,PR_TRUE);
+ 	/* the only hard failures are on permanent devices, or function
+ 	 * verify failures... function verify failures are already handled
+@@ -1826,10 +1804,15 @@ PK11_DoesMechanism(PK11SlotInfo *slot, C
+ 	return (slot->mechanismBits[type & 0xff] & (1 << (type >> 8)))  ?
+ 		PR_TRUE : PR_FALSE;
+     }
+-	   
++
++    PK11_EnterSlotMonitor(slot);  
+     for (i=0; i < (int) slot->mechanismCount; i++) {
+-	if (slot->mechanismList[i] == type) return PR_TRUE;
++	if (slot->mechanismList[i] == type) {
++	    PK11_ExitSlotMonitor(slot);
++	    return PR_TRUE;
++	}
+     }
++    PK11_ExitSlotMonitor(slot);
+     return PR_FALSE;
+ }
+ 
+diff -up ./nss/lib/pk11wrap/pk11util.c.init-token-race ./nss/lib/pk11wrap/pk11util.c
+--- ./nss/lib/pk11wrap/pk11util.c.init-token-race	2015-02-18 12:37:03.176120865 -0800
++++ ./nss/lib/pk11wrap/pk11util.c	2015-02-18 12:39:44.158120658 -0800
+@@ -1560,6 +1560,11 @@ SECMOD_RestartModules(PRBool force)
+              * older modules require it, and it doesn't hurt (compliant modules
+              * will return CKR_NOT_INITIALIZED */
+ 	    (void) PK11_GETTAB(mod)->C_Finalize(NULL);
++	    /* finalize clears the session, mark them dead in the 
++	     * slot as well */
++	    for (i=0; i < mod->slotCount; i++) {
++		mod->slots[i]->session = CK_INVALID_SESSION;
++	    }
+ 	    /* now initialize the module, this function reinitializes
+ 	     * a module in place, preserving existing slots (even if they
+ 	     * no longer exist) */
+@@ -1579,17 +1584,18 @@ SECMOD_RestartModules(PRBool force)
+ 		/* get new token sessions, bump the series up so that
+ 		 * we refresh other old sessions. This will tell much of
+ 		 * NSS to flush cached handles it may hold as well */
+-		rv = PK11_InitToken(mod->slots[i],PR_TRUE);
++		PK11SlotInfo *slot = mod->slots[i];
++		rv = PK11_InitToken(slot,PR_TRUE);
+ 		/* PK11_InitToken could fail if the slot isn't present.
+ 		 * If it is present, though, something is wrong and we should
+ 		 * disable the slot and let the caller know. */
+-		if (rv != SECSuccess && PK11_IsPresent(mod->slots[i])) {
++		if (rv != SECSuccess && PK11_IsPresent(slot)) {
+ 		    /* save the last error code */
+ 		    lastError = PORT_GetError();
+ 		    rrv = rv;
+ 		    /* disable the token */
+-		    mod->slots[i]->disabled = PR_TRUE;
+-		    mod->slots[i]->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
++		    slot->disabled = PR_TRUE;
++		    slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
+ 		}
+ 	    }
+ 	}
diff --git a/SOURCES/nss-539183.patch b/SOURCES/nss-539183.patch
index 3798c35..d07ecdd 100644
--- a/SOURCES/nss-539183.patch
+++ b/SOURCES/nss-539183.patch
@@ -1,11 +1,9 @@
 diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c
 --- nss/cmd/httpserv/httpserv.c.539183	2013-05-28 14:43:24.000000000 -0700
 +++ nss/cmd/httpserv/httpserv.c	2013-05-30 22:16:46.685373471 -0700
-@@ -661,14 +661,18 @@ getBoundListenSocket(unsigned short port
-     PRStatus	       prStatus;
+@@ -938,13 +938,13 @@ getBoundListenSocket(unsigned short port
      PRNetAddr          addr;
      PRSocketOptionData opt;
-+    PRUint16           socketDomain = PR_AF_INET;
  
 -    addr.inet.family = PR_AF_INET;
 -    addr.inet.ip     = PR_INADDR_ANY;
@@ -15,9 +13,6 @@ diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c
 +    }
  
 -    listen_sock = PR_NewTCPSocket();
-+    if (PR_GetEnv("NSS_USE_SDP")) {
-+        socketDomain = PR_AF_INET_SDP;
-+    }
 +    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
      if (listen_sock == NULL) {
 -	errExit("PR_NewTCPSocket");
@@ -28,11 +23,9 @@ diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c
 diff -up nss/cmd/selfserv/selfserv.c.539183 nss/cmd/selfserv/selfserv.c
 --- nss/cmd/selfserv/selfserv.c.539183	2013-05-28 14:43:24.000000000 -0700
 +++ nss/cmd/selfserv/selfserv.c	2013-05-30 22:16:46.688373495 -0700
-@@ -1687,14 +1687,18 @@ getBoundListenSocket(unsigned short port
-     PRStatus	       prStatus;
+@@ -1707,13 +1707,13 @@ getBoundListenSocket(unsigned short port
      PRNetAddr          addr;
      PRSocketOptionData opt;
-+    PRUint16           socketDomain = PR_AF_INET;
  
 -    addr.inet.family = PR_AF_INET;
 -    addr.inet.ip     = PR_INADDR_ANY;
@@ -42,9 +35,6 @@ diff -up nss/cmd/selfserv/selfserv.c.539183 nss/cmd/selfserv/selfserv.c
 +    }
  
 -    listen_sock = PR_NewTCPSocket();
-+    if (PR_GetEnv("NSS_USE_SDP")) {
-+        socketDomain = PR_AF_INET_SDP;
-+    }
 +    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
      if (listen_sock == NULL) {
 -	errExit("PR_NewTCPSocket");
diff --git a/SOURCES/nss-enable-384-cipher-tests.patch b/SOURCES/nss-enable-384-cipher-tests.patch
new file mode 100644
index 0000000..2b8d597
--- /dev/null
+++ b/SOURCES/nss-enable-384-cipher-tests.patch
@@ -0,0 +1,14 @@
+diff -up ./nss/tests/ssl/ssl.sh.384 ./nss/tests/ssl/ssl.sh
+--- ./nss/tests/ssl/ssl.sh.384	2016-02-24 19:00:23.135079185 -0500
++++ ./nss/tests/ssl/ssl.sh	2016-02-24 19:00:41.963720050 -0500
+@@ -93,8 +93,8 @@ ssl_init()
+       ECC_STRING=""
+   fi
+ 
+-  CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz"
+-  CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz"
++  CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009D:009E:009F:00A2:00A3cdefgijklmnvyz"
++  CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C024:C027:C028:C02B:C02C:C02F:C030:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009D:009E:009F:00A2:00A3cdefgijklmnvyz"
+ 
+   if [ "${OS_ARCH}" != "WINNT" ]; then
+       ulimit -n 1000 # make sure we have enough file descriptors
diff --git a/SOURCES/nss-fix-client-auth-init-hashes.patch b/SOURCES/nss-fix-client-auth-init-hashes.patch
new file mode 100644
index 0000000..f0f60a3
--- /dev/null
+++ b/SOURCES/nss-fix-client-auth-init-hashes.patch
@@ -0,0 +1,48 @@
+diff -up ./nss/lib/ssl/ssl3con.c.fix_client_auth_crash ./nss/lib/ssl/ssl3con.c
+--- ./nss/lib/ssl/ssl3con.c.fix_client_auth_crash	2016-02-24 10:40:56.249523174 -0800
++++ ./nss/lib/ssl/ssl3con.c	2016-02-24 10:56:24.180107667 -0800
+@@ -6626,12 +6626,14 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+     ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
+     isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
+ 
++#ifdef notdef
+     rv = ssl3_InitHandshakeHashes(ss);
+     if (rv != SECSuccess) {
+ 	desc = internal_error;
+ 	errCode = PORT_GetError();
+ 	goto alert_loser;
+     }
++#endif
+ 
+     rv = ssl3_ConsumeHandshake(
+ 	ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length);
+@@ -8115,12 +8117,14 @@ ssl3_HandleClientHello(sslSocket *ss, SS
+     }
+     ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
+ 
++#ifdef notdef
+     rv = ssl3_InitHandshakeHashes(ss);
+     if (rv != SECSuccess) {
+ 	desc = internal_error;
+ 	errCode = PORT_GetError();
+ 	goto alert_loser;
+     }
++#endif
+ 
+     /* grab the client random data. */
+     rv = ssl3_ConsumeHandshake(
+@@ -8941,12 +8945,14 @@ ssl3_HandleV2ClientHello(sslSocket *ss,
+     }
+     ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
+ 
++#ifdef notdef
+     rv = ssl3_InitHandshakeHashes(ss);
+     if (rv != SECSuccess) {
+ 	desc = internal_error;
+ 	errCode = PORT_GetError();
+ 	goto alert_loser;
+     }
++#endif
+ 
+     /* if we get a non-zero SID, just ignore it. */
+     if (length !=
diff --git a/SOURCES/nss-fix-deadlock-squash.patch b/SOURCES/nss-fix-deadlock-squash.patch
new file mode 100644
index 0000000..4950f7b
--- /dev/null
+++ b/SOURCES/nss-fix-deadlock-squash.patch
@@ -0,0 +1,146 @@
+diff --git a/lib/pki/tdcache.c b/lib/pki/tdcache.c
+--- a/lib/pki/tdcache.c
++++ b/lib/pki/tdcache.c
+@@ -379,23 +379,29 @@ nssTrustDomain_UnlockCertCache (
+ 
+ struct token_cert_dtor {
+     NSSToken *token;
+     nssTDCertificateCache *cache;
+     NSSCertificate **certs;
+     PRUint32 numCerts, arrSize;
+ };
+ 
++static void cert_iter(const void *k, void *v, void *a)
++{
++    nssList *certList = (nssList *)a;
++    NSSCertificate *c = (NSSCertificate *)k;
++    nssList_Add(certList, nssCertificate_AddRef(c));
++}
++
+ static void 
+-remove_token_certs(const void *k, void *v, void *a)
++remove_token_certs(NSSCertificate *c, struct token_cert_dtor *dtor) 
+ {
+-    NSSCertificate *c = (NSSCertificate *)k;
+     nssPKIObject *object = &c->object;
+-    struct token_cert_dtor *dtor = a;
+     PRUint32 i;
++
+     nssPKIObject_AddRef(object);
+     nssPKIObject_Lock(object);
+     for (i=0; i<object->numInstances; i++) {
+ 	if (object->instances[i]->token == dtor->token) {
+ 	    nssCryptokiObject_Destroy(object->instances[i]);
+ 	    object->instances[i] = object->instances[object->numInstances-1];
+ 	    object->instances[object->numInstances-1] = NULL;
+ 	    object->numInstances--;
+@@ -422,45 +428,83 @@ NSS_IMPLEMENT PRStatus
+ nssTrustDomain_RemoveTokenCertsFromCache (
+   NSSTrustDomain *td,
+   NSSToken *token
+ )
+ {
+     NSSCertificate **certs;
+     PRUint32 i, arrSize = 10;
+     struct token_cert_dtor dtor;
++    nssList *certList;
++    PRStatus nspr_rv = PR_FAILURE;
++    nssListIterator *iter;
++    NSSCertificate *c;
++
+     certs = nss_ZNEWARRAY(NULL, NSSCertificate *, arrSize);
+     if (!certs) {
+ 	return PR_FAILURE;
+     }
+     dtor.cache = td->cache;
+     dtor.token = token;
+     dtor.certs = certs;
+     dtor.numCerts = 0;
+     dtor.arrSize = arrSize;
++
++    certList = nssList_Create(NULL, PR_FALSE);
++    if (!certList) {
++	goto loser;
++    }
++    /* fetch the list of certs in the cache */
+     PZ_Lock(td->cache->lock);
+-    nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, &dtor);
++    nssHash_Iterate(td->cache->issuerAndSN, cert_iter, (void *)certList);
++    PZ_Unlock(td->cache->lock);
++
++    /* find the certs that match this token without olding the td cache lock */
++    iter=nssList_CreateIterator(certList);
++    if (!iter) {
++	goto loser;
++    }
++    for (c  = (NSSCertificate *)nssListIterator_Start(iter);
++	 c != (NSSCertificate *)NULL;
++	 c  = (NSSCertificate *)nssListIterator_Next(iter)) {
++	remove_token_certs( c, &dtor);
++    }
++    nssListIterator_Finish(iter);
++    nssListIterator_Destroy(iter);
++    nssList_Destroy(certList);
++    certList = NULL;
++
++    /* now remove theose certs attached to this token */
++    PZ_Lock(td->cache->lock);
+     for (i=0; i<dtor.numCerts; i++) {
+ 	if (dtor.certs[i]->object.numInstances == 0) {
+ 	    nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]);
+ 	    dtor.certs[i] = NULL;  /* skip this cert in the second for loop */
+ 	} else {
+ 	    /* make sure it doesn't disappear on us before we finish */
+ 	    nssCertificate_AddRef(dtor.certs[i]);
+ 	}
+     }
+     PZ_Unlock(td->cache->lock);
++
++    /* clean up */
+     for (i=0; i<dtor.numCerts; i++) {
+ 	if (dtor.certs[i]) {
+ 	    STAN_ForceCERTCertificateUpdate(dtor.certs[i]);
+ 	    nssCertificate_Destroy(dtor.certs[i]);
+ 	}
+     }
++
++    nspr_rv = PR_SUCCESS;
++loser:
++    if (certList) {
++	nssList_Destroy(certList);
++    }
+     nss_ZFreeIf(dtor.certs);
+-    return PR_SUCCESS;
++    return nspr_rv;
+ }
+ 
+ NSS_IMPLEMENT PRStatus
+ nssTrustDomain_UpdateCachedTokenCerts (
+   NSSTrustDomain *td,
+   NSSToken *token
+ )
+ {
+@@ -1073,23 +1117,16 @@ nssTrustDomain_GetCertByDERFromCache (
+ #endif
+     rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td, 
+                                                            &issuer, &serial);
+     PORT_Free(issuer.data);
+     PORT_Free(serial.data);
+     return rvCert;
+ }
+ 
+-static void cert_iter(const void *k, void *v, void *a)
+-{
+-    nssList *certList = (nssList *)a;
+-    NSSCertificate *c = (NSSCertificate *)k;
+-    nssList_Add(certList, nssCertificate_AddRef(c));
+-}
+-
+ NSS_EXTERN NSSCertificate **
+ nssTrustDomain_GetCertsFromCache (
+   NSSTrustDomain *td,
+   nssList *certListOpt
+ )
+ {
+     NSSCertificate **rvArray = NULL;
+     nssList *certList;
diff --git a/SOURCES/nss-fix-signature-and-hash.patch b/SOURCES/nss-fix-signature-and-hash.patch
new file mode 100644
index 0000000..91adf5a
--- /dev/null
+++ b/SOURCES/nss-fix-signature-and-hash.patch
@@ -0,0 +1,14 @@
+diff -up ./nss/lib/ssl/ssl3con.c.fixSignatureAndHash ./nss/lib/ssl/ssl3con.c
+--- ./nss/lib/ssl/ssl3con.c.fixSignatureAndHash	2016-02-24 20:06:36.697164368 -0500
++++ ./nss/lib/ssl/ssl3con.c	2016-02-24 20:09:19.690055466 -0500
+@@ -4474,8 +4474,8 @@ ssl3_AppendSignatureAndHashAlgorithm(
+     sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash)
+ {
+     PRUint8 serialized[2];
+-    unsigned char hashAlg = ssl3_OIDToTLSHashAlgorithm(sigAndHash->hashAlg);
+-    if (hashAlg == 0) {
++    SECOidTag hashAlg = ssl3_TLSHashAlgorithmToOID(sigAndHash->hashAlg);
++    if (hashAlg == SEC_OID_UNKNOWN) {
+ 	PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
+ 	return SECFailure;
+     }
diff --git a/SOURCES/nss-map-oid-to-hashalg.patch b/SOURCES/nss-map-oid-to-hashalg.patch
new file mode 100644
index 0000000..f056f5c
--- /dev/null
+++ b/SOURCES/nss-map-oid-to-hashalg.patch
@@ -0,0 +1,21 @@
+diff -up ./nss/lib/ssl/ssl3con.c.use_oids ./nss/lib/ssl/ssl3con.c
+--- ./nss/lib/ssl/ssl3con.c.use_oids	2016-02-24 12:01:55.488253556 -0800
++++ ./nss/lib/ssl/ssl3con.c	2016-02-24 12:09:18.099513245 -0800
+@@ -4950,7 +4950,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *
+         rv = SECFailure;
+         goto tls12_loser;
+     }
+-    hashes->hashAlg = hashOid->offset;
++    hashes->hashAlg = ssl3_OIDToTLSHashAlgorithm(hashOid->offset);
+     PORT_Assert(hashes->hashAlg == ssl_hash_sha256 ||
+                 hashes->hashAlg == ssl_hash_sha384);
+     if (hashes->hashAlg != ssl_hash_sha256 &&
+@@ -9581,7 +9581,7 @@ ssl3_EncodeCertificateRequestSigAlgs(ssl
+         /* Note that we don't support a handshake hash with anything other than
+          * SHA-256, so asking for a signature from clients for something else
+          * would be inviting disaster. */
+-        if (alg->hashAlg == ssl_hash_sha256 /* || alg->hashAlg == ssl_hash_sha384*/) {
++        if (alg->hashAlg == ssl_hash_sha256 || alg->hashAlg == ssl_hash_sha384) {
+             buf[(*len)++] = (PRUint8)alg->hashAlg;
+             buf[(*len)++] = (PRUint8)alg->sigAlg;
+         }
diff --git a/SOURCES/nss-old-pkcs11-num.patch b/SOURCES/nss-old-pkcs11-num.patch
new file mode 100644
index 0000000..d2b51f7
--- /dev/null
+++ b/SOURCES/nss-old-pkcs11-num.patch
@@ -0,0 +1,14 @@
+diff -up ./nss/lib/ssl/ssl3con.c.old_pkcs11_num ./nss/lib/ssl/ssl3con.c
+--- ./nss/lib/ssl/ssl3con.c.old_pkcs11_num	2016-02-24 17:53:31.936203961 -0500
++++ ./nss/lib/ssl/ssl3con.c	2016-02-24 17:54:34.643037802 -0500
+@@ -11075,7 +11075,9 @@ ssl3_ComputeTLSFinished(sslSocket *ss, s
+     tls_mac_params.ulServerOrClient = isServer ? 1 : 2;
+     param.data = (unsigned char *)&tls_mac_params;
+     param.len = sizeof(tls_mac_params);
+-    prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN,
++    /* RHEL 7.2 had the wrong number for CKM_TLS12_MACH instead of CKM_TLS_MAC. In the new scheme that
++     * number matches with CKM_TLS_KDF, so until softoken gets updated, use CKM_TLS_KDF on RHEL7 */
++    prf_context = PK11_CreateContextBySymKey(CKM_TLS_KDF, CKA_SIGN,
+ 					     spec->master_secret, &param);
+     if (!prf_context)
+ 	return SECFailure;
diff --git a/SOURCES/nss-prevent-abi-issue.patch b/SOURCES/nss-prevent-abi-issue.patch
new file mode 100644
index 0000000..afc979f
--- /dev/null
+++ b/SOURCES/nss-prevent-abi-issue.patch
@@ -0,0 +1,44 @@
+diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c
+--- a/lib/ssl/sslinfo.c
++++ b/lib/ssl/sslinfo.c
+@@ -62,17 +62,17 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLCh
+ 	    ssl_ReleaseSpecReadLock(ss);
+ 	    inf.compressionMethodName =
+ 		ssl_GetCompressionMethodName(inf.compressionMethod);
+ 	}
+ 	if (sid) {
+ 	    inf.creationTime   = sid->creationTime;
+ 	    inf.lastAccessTime = sid->lastAccessTime;
+ 	    inf.expirationTime = sid->expirationTime;
+-            inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecretUsed;
++            inf.reservedNotSupported = PR_FALSE;
+ 
+ 	    if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
+ 	        inf.sessionIDLength = SSL2_SESSIONID_BYTES;
+ 		memcpy(inf.sessionID, sid->u.ssl2.sessionID, 
+ 		       SSL2_SESSIONID_BYTES);
+ 	    } else {
+ 		unsigned int sidLen = sid->u.ssl3.sessionIDLength;
+ 	        sidLen = PR_MIN(sidLen, sizeof inf.sessionID);
+diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h
+--- a/lib/ssl/sslt.h
++++ b/lib/ssl/sslt.h
+@@ -145,17 +145,17 @@ typedef struct SSLChannelInfoStr {
+     /* compression method info */
+     const char *         compressionMethodName;
+     SSLCompressionMethod compressionMethod;
+ 
+     /* The following fields are added in NSS 3.21.
+      * This field only has meaning in TLS < 1.3 and will be set to
+      *  PR_FALSE in TLS 1.3.
+      */
+-    PRBool               extendedMasterSecretUsed;
++    PRBool               reservedNotSupported; /* don't use */
+ } SSLChannelInfo;
+ 
+ /* Preliminary channel info */
+ #define ssl_preinfo_version (1U << 0)
+ #define ssl_preinfo_cipher_suite (1U << 1)
+ #define ssl_preinfo_all (ssl_preinfo_version|ssl_preinfo_cipher_suite)
+ 
+ typedef struct SSLPreliminaryChannelInfoStr {
diff --git a/SOURCES/nss-remove-bogus-assert.patch b/SOURCES/nss-remove-bogus-assert.patch
new file mode 100644
index 0000000..423b524
--- /dev/null
+++ b/SOURCES/nss-remove-bogus-assert.patch
@@ -0,0 +1,13 @@
+diff -up ./nss/lib/ssl/ssl3con.c.remove_bogus_assert ./nss/lib/ssl/ssl3con.c
+--- ./nss/lib/ssl/ssl3con.c.remove_bogus_assert	2016-02-24 16:55:18.430172675 -0500
++++ ./nss/lib/ssl/ssl3con.c	2016-02-24 16:55:56.000473980 -0500
+@@ -3754,9 +3754,6 @@ ssl3_ComputeMasterSecretInt(sslSocket *s
+     CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
+     unsigned int      master_params_len;
+ 
+-    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+-    PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
+-    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
+     if (isTLS12) {
+ 	if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH;
+ 	else master_derive = CKM_TLS12_MASTER_KEY_DERIVE;
diff --git a/SOURCES/nss-sni-c-v-fix.patch b/SOURCES/nss-sni-c-v-fix.patch
new file mode 100644
index 0000000..6cfbb4f
--- /dev/null
+++ b/SOURCES/nss-sni-c-v-fix.patch
@@ -0,0 +1,21 @@
+diff -up ./nss/tests/ssl/sslauth.txt.c_v_fix ./nss/tests/ssl/sslauth.txt
+--- ./nss/tests/ssl/sslauth.txt.c_v_fix	2016-02-24 19:30:43.630282607 -0500
++++ ./nss/tests/ssl/sslauth.txt	2016-02-24 19:33:59.848516577 -0500
+@@ -54,13 +54,13 @@
+ #
+ # SNI Tests
+ #
+-  SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:_-w_nss_-n_TestUser                     TLS Server hello response without SNI
++  SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:_-c_v_-w_nss_-n_TestUser                     TLS Server hello response without SNI
+   SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom     TLS Server hello response with SNI
+   SNI     1       -r_-a_Host-sni.Dom       -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom    TLS Server response with alert
+-  SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:ssl3_-w_nss_-n_TestUser                  SSL3 Server hello response without SNI
++  SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser                  SSL3 Server hello response without SNI
+   SNI     1       -r_-a_Host-sni.Dom       -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom  SSL3 Server hello response with SNI: SSL don't have SH extensions
+-  SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser                     TLS Server hello response without SNI
++  SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser                     TLS Server hello response without SNI
+   SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom     TLS Server hello response with SNI
+-  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS
++  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS
+   SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS
+   SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom    TLS Server response with alert
diff --git a/SOURCES/nss-ssl-ssl3con-delete-duplicates.patch b/SOURCES/nss-ssl-ssl3con-delete-duplicates.patch
new file mode 100644
index 0000000..fc0b697
--- /dev/null
+++ b/SOURCES/nss-ssl-ssl3con-delete-duplicates.patch
@@ -0,0 +1,21 @@
+--- ./nss/lib/ssl/ssl3con.c.delete_duplicates	2016-04-04 10:13:34.310883577 -0700
++++ ./nss/lib/ssl/ssl3con.c	2016-04-04 10:18:32.544936462 -0700
+@@ -426,18 +426,16 @@
+                                     cipher_rc4_56, mac_sha,kea_rsa_export_1024, 0},
+ 
+     {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips, 0},
+     {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des,    mac_sha, kea_rsa_fips, 0},
+ 
+     {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa, prf_256},
+     {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa, prf_256},
+ #ifndef NSS_DISABLE_ECC
+-    {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
+-    {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
+     {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_256},
+     {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256},
+     {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, prf_384},
+     {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, prf_384},
+     {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_ecdsa, prf_384},
+     {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_rsa, prf_384},
+ #endif /* NSS_DISABLE_ECC */
+     {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_rsa, prf_384},
diff --git a/SOURCES/nss-sslstress-txt-ssl3-lower-value-in-range.patch b/SOURCES/nss-sslstress-txt-ssl3-lower-value-in-range.patch
new file mode 100644
index 0000000..c838dae
--- /dev/null
+++ b/SOURCES/nss-sslstress-txt-ssl3-lower-value-in-range.patch
@@ -0,0 +1,27 @@
+diff -up ./nss/tests/ssl/sslstress.txt.ssl3_as_min_value ./nss/tests/ssl/sslstress.txt
+--- ./nss/tests/ssl/sslstress.txt.ssl3_as_min_value	2015-11-08 21:12:59.000000000 -0800
++++ ./nss/tests/ssl/sslstress.txt	2016-02-26 11:07:42.036366203 -0800
+@@ -9,9 +9,9 @@
+ #  ECC    value   params     params
+ # ------- ------  ------     ------                         ---------------
+   noECC     0      _         -c_1000_-C_A                  Stress SSL2 RC4 128 with MD5
+-  noECC     0      _         -c_1000_-C_c_-V_:ssl3               Stress SSL3 RC4 128 with MD5
+-  noECC     0      _         -c_1000_-C_c                  Stress TLS  RC4 128 with MD5
+-  noECC     0      _         -c_1000_-C_c_-g               Stress TLS  RC4 128 with MD5 (false start)
++  noECC     0      _         -c_1000_-C_c_-V_ssl3:ssl3               Stress SSL3 RC4 128 with MD5
++  noECC     0      _         -c_1000_-C_c_-V_ssl3:_                  Stress TLS  RC4 128 with MD5
++  noECC     0      _         -V_ssl3:_-c_1000_-C_c_-g               Stress TLS  RC4 128 with MD5 (false start)
+   noECC     0      -u        -V_ssl3:_-c_1000_-C_c_-u            Stress TLS  RC4 128 with MD5 (session ticket)
+   noECC     0      -z        -V_ssl3:_-c_1000_-C_c_-z            Stress TLS  RC4 128 with MD5 (compression)
+   noECC     0      -u_-z     -V_ssl3:_-c_1000_-C_c_-u_-z         Stress TLS  RC4 128 with MD5 (session ticket, compression)
+@@ -22,8 +22,8 @@
+ # add client auth versions here...
+ #
+   noECC     0      -r_-r     -c_100_-C_A_-N_-n_TestUser    Stress SSL2 RC4 128 with MD5 (no reuse, client auth)
+-  noECC     0      -r_-r     -c_100_-C_c_-V_:ssl3_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth)
+-  noECC     0      -r_-r     -c_100_-C_c_-N_-n_TestUser    Stress TLS RC4 128 with MD5 (no reuse, client auth)
++  noECC     0      -r_-r     -c_100_-C_c_-V_ssl3:ssl3_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth)
++  noECC     0      -r_-r     -c_100_-C_c_-V_ssl3:_-N_-n_TestUser    Stress TLS RC4 128 with MD5 (no reuse, client auth)
+   noECC     0      -r_-r_-u  -V_ssl3:_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 with MD5 (session ticket, client auth)
+   noECC     0      -r_-r_-z  -V_ssl3:_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth)
+   noECC     0      -r_-r_-z  -V_ssl3:_-c_100_-C_c_-n_TestUser_-z_-g Stress TLS RC4 128 with MD5 (compression, client auth, false start)
diff --git a/SOURCES/nss-tests-prevent-abi-issue.patch b/SOURCES/nss-tests-prevent-abi-issue.patch
new file mode 100644
index 0000000..b6d726f
--- /dev/null
+++ b/SOURCES/nss-tests-prevent-abi-issue.patch
@@ -0,0 +1,36 @@
+diff -up ./cmd/selfserv/selfserv.c.abi_test ./cmd/selfserv/selfserv.c
+--- ./cmd/selfserv/selfserv.c.abi_test	2016-02-22 06:12:27.089047751 -0800
++++ ./cmd/selfserv/selfserv.c	2016-02-22 06:15:46.969659328 -0800
+@@ -432,7 +432,7 @@ printSecurityInfo(PRFileDesc *fd)
+ 	       channel.authKeyBits, suite.authAlgorithmName,
+ 	       channel.keaKeyBits,  suite.keaTypeName,
+                channel.compressionMethodName,
+-               channel.extendedMasterSecretUsed ? "Yes": "No");
++               channel.reservedNotSupported ? "Yes": "No");
+     	}
+     }
+     if (verbose) {
+diff -up ./cmd/tstclnt/tstclnt.c.abi_test ./cmd/tstclnt/tstclnt.c
+--- ./cmd/tstclnt/tstclnt.c.abi_test	2016-02-22 06:16:49.820593866 -0800
++++ ./cmd/tstclnt/tstclnt.c	2016-02-22 06:18:16.908117535 -0800
+@@ -133,7 +133,7 @@ void printSecurityInfo(PRFileDesc *fd)
+ 	       channel.authKeyBits, suite.authAlgorithmName,
+ 	       channel.keaKeyBits,  suite.keaTypeName,
+                channel.compressionMethodName,
+-               channel.extendedMasterSecretUsed ? "Yes": "No");
++               channel.reservedNotSupported ? "Yes": "No");
+     	}
+     }
+     cert = SSL_RevealCert(fd);
+diff -up ./external_tests/ssl_gtest/tls_agent.cc.abi_test ./external_tests/ssl_gtest/tls_agent.cc
+--- ./external_tests/ssl_gtest/tls_agent.cc.abi_test	2016-02-22 06:18:56.890439746 -0800
++++ ./external_tests/ssl_gtest/tls_agent.cc	2016-02-22 06:19:59.264382368 -0800
+@@ -405,7 +405,7 @@ void TlsAgent::EnableExtendedMasterSecre
+ }
+ 
+ void TlsAgent::CheckExtendedMasterSecret(bool expected) {
+-  ASSERT_EQ(expected, info_.extendedMasterSecretUsed != PR_FALSE)
++  ASSERT_EQ(expected, info_.reservedNotSupported != PR_FALSE)
+       << "unexpected extended master secret state for " << name_;
+ }
+ 
diff --git a/SOURCES/ocsp_stapling_sslauth_sni_tests_client_side_fixes.patch b/SOURCES/ocsp_stapling_sslauth_sni_tests_client_side_fixes.patch
deleted file mode 100644
index 3ba7ae1..0000000
--- a/SOURCES/ocsp_stapling_sslauth_sni_tests_client_side_fixes.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-diff -up ./nss/tests/ssl/sslauth.txt.ocsp_sni ./nss/tests/ssl/sslauth.txt
---- ./nss/tests/ssl/sslauth.txt.ocsp_sni	2015-05-28 10:50:45.000000000 -0700
-+++ ./nss/tests/ssl/sslauth.txt	2015-08-30 08:49:22.025299419 -0700
-@@ -65,12 +65,12 @@
- # SNI Tests
- #
-   SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:_-w_nss_-n_TestUser                     TLS Server hello response without SNI
--  SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom     TLS Server hello response with SNI
--  SNI     1       -r_-a_Host-sni.Dom       -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom    TLS Server response with alert
-+  SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom     TLS Server hello response with SNI
-+  SNI     1       -r_-a_Host-sni.Dom       -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom    TLS Server response with alert
-   SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:ssl3_-w_nss_-n_TestUser                  SSL3 Server hello response without SNI
--  SNI     1       -r_-a_Host-sni.Dom       -V_ssl3:ssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom  SSL3 Server hello response with SNI: SSL don't have SH extensions
-+  SNI     1       -r_-a_Host-sni.Dom       -V_ssl3:_-c_vssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom  SSL3 Server hello response with SNI: SSL don't have SH extensions
-   SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser                     TLS Server hello response without SNI
--  SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom     TLS Server hello response with SNI
-+  SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom     TLS Server hello response with SNI
-   SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS
--  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS
--  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom    TLS Server response with alert
-+  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS
-+  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom    TLS Server response with alert
-diff -up ./nss/tests/ssl/ssl.sh.ocsp_sni ./nss/tests/ssl/ssl.sh
---- ./nss/tests/ssl/ssl.sh.ocsp_sni	2015-08-30 08:49:21.905301105 -0700
-+++ ./nss/tests/ssl/ssl.sh	2015-08-30 08:49:22.017299531 -0700
-@@ -457,10 +457,10 @@ ssl_stapling_sub()
-     start_selfserv
- 
-     echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} -v ${CLIENT_OPTIONS} \\"
--    echo "        -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}"
-+    echo "        -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}"
-     rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-     ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
--	    -d ${P_R_CLIENTDIR} -v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \
-+	    -d ${P_R_CLIENTDIR} -v -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \
- 	    >${TMP}/$HOST.tmp.$$  2>&1
-     ret=$?
-     cat ${TMP}/$HOST.tmp.$$
diff --git a/SOURCES/p-ignore-setpolicy.patch b/SOURCES/p-ignore-setpolicy.patch
index 741781d..f9564df 100644
--- a/SOURCES/p-ignore-setpolicy.patch
+++ b/SOURCES/p-ignore-setpolicy.patch
@@ -1,17 +1,31 @@
-diff -up ./nsslib/ssl/sslsock.c.1026677 ./nsslib/ssl/sslsock.c
---- ./nss/lib/ssl/sslsock.c.1026677	2014-07-05 08:56:37.137268923 -0700
-+++ ./nss/lib/ssl/sslsock.c	2014-07-05 09:01:20.149518959 -0700
-@@ -1315,11 +1315,9 @@ NSS_SetDomesticPolicy(void)
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -1364,25 +1364,22 @@ SSL_CipherPrefGet(PRFileDesc *fd, PRInt3
+         rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
+     }
+     return rv;
+ }
+ 
+ SECStatus
+ NSS_SetDomesticPolicy(void)
+ {
+-    SECStatus      status = SECSuccess;
      const PRUint16 *cipher;
  
      for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
 -        status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
 -        if (status != SECSuccess)
 -            break;
-+       SSL_SetPolicy(*cipher, SSL_ALLOWED);
++        (void) SSL_SetPolicy(*cipher, SSL_ALLOWED);
      }
 -    return status;
 +    return SECSuccess;
  }
  
  SECStatus
+ NSS_SetExportPolicy(void)
+ {
+     return NSS_SetDomesticPolicy();
+ }
+
diff --git a/SOURCES/pem-compile-with-Werror.patch b/SOURCES/pem-compile-with-Werror.patch
new file mode 100644
index 0000000..392d74a
--- /dev/null
+++ b/SOURCES/pem-compile-with-Werror.patch
@@ -0,0 +1,146 @@
+diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
+--- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror	2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/ckpem.h	2015-11-13 12:07:29.219887390 -0800
+@@ -233,6 +233,9 @@ struct pemLOWKEYPrivateKeyStr {
+ };
+ typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
+ 
++/* NOTE: Discrepancy with the the way callers use of the return value as a count
++ * Fix this when we sync. up with the cleanup work being done at nss-pem project.
++ */
+ SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly);
+ const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
+ void pem_PopulateModulusExponent(pemInternalObject *io);
+diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
+--- ./nss/lib/ckfw/pem/pinst.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/pinst.c	2015-11-13 12:07:29.219887390 -0800
+@@ -472,7 +472,9 @@ AddCertificate(char *certfile, char *key
+     char *ivstring = NULL;
+     int cipher;
+ 
+-    nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
++    /* TODO: Fix discrepancy between our usage of the return value as
++     * as an int (a count) and the declaration as a SECStatus. */
++    nobjs = (int) ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+     if (nobjs <= 0) {
+         nss_ZFreeIf(objs);
+         return CKR_GENERAL_ERROR;
+@@ -515,8 +517,10 @@ AddCertificate(char *certfile, char *key
+         if (keyfile) {          /* add the private key */
+             SECItem **keyobjs = NULL;
+             int kobjs = 0;
++            /* TODO: Fix discrepancy between our usage of the return value as
++             * as an int and the declaration as a SECStatus. */
+             kobjs =
+-                ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
++                (int) ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
+                                 &ivstring, PR_FALSE);
+             if (kobjs < 1) {
+                 error = CKR_GENERAL_ERROR;
+diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c
+--- ./nss/lib/ckfw/pem/pobject.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/pobject.c	2015-11-13 12:07:29.220887368 -0800
+@@ -630,6 +630,11 @@ pem_DestroyInternalObject
+         if (io->u.key.ivstring)
+             free(io->u.key.ivstring);
+         break;
++    case pemAll:
++        /* pemAll is not used, keep the compiler happy
++         * TODO: investigate a proper solution
++         */
++        return;
+     }
+ 
+     if (NULL != gobj)
+@@ -1044,7 +1049,9 @@ pem_CreateObject
+     int nobjs = 0;
+     int i;
+     int objid;
++#if 0
+     pemToken *token;
++#endif
+     int cipher;
+     char *ivstring = NULL;
+     pemInternalObject *listObj = NULL;
+@@ -1073,7 +1080,9 @@ pem_CreateObject
+     }
+     slotID = nssCKFWSlot_GetSlotID(fwSlot);
+ 
++#if 0
+     token = (pemToken *) mdToken->etc;
++#endif
+ 
+     /*
+      * only create keys and certs.
+@@ -1114,7 +1123,11 @@ pem_CreateObject
+     }
+ 
+     if (objClass == CKO_CERTIFICATE) {
+-        nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
++        /* TODO: Fix discrepancy between our usage of the return value as
++         * as an int and the declaration as a SECStatus. Typecasting as a
++         * temporary workaround.
++         */
++        nobjs = (int) ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+         if (nobjs < 1)
+             goto loser;
+ 
+diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c
+--- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/rsawrapr.c	2015-11-13 12:07:29.220887368 -0800
+@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
+     return 0;
+ }
+ 
++/* unused functions */
++#if 0
+ static SHA1Context *SHA1_CloneContext(SHA1Context * original)
+ {
+     SHA1Context *clone = NULL;
+@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un
+ 
+     return SECSuccess;
+ }
++#endif /* unused functions */
+ 
+ /*
+  * Format one block of data for public/private key encryption using
+diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c
+--- ./nss/lib/ckfw/pem/util.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/util.c	2015-11-13 12:22:52.282196306 -0800
+@@ -131,7 +131,8 @@ static SECStatus FileToItem(SECItem * ds
+     return SECFailure;
+ }
+ 
+-int
++/* FIX: Returns a SECStatus yet callers take result as a count */
++SECStatus
+ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
+ 		int *cipher, char **ivstring, PRBool certsonly)
+ {
+@@ -237,7 +238,12 @@ ReadDERFromFile(SECItem *** derlist, cha
+ 		    goto loser;
+ 		}
+                 if ((certsonly && !key) || (!certsonly && key)) {
++		    error = CKR_OK;
+ 		    PUT_Object(der, error);
++		    if (error != CKR_OK) {
++			free(der);
++			goto loser;
++		    }
+                 } else {
+                     free(der->data);
+                     free(der);
+@@ -255,7 +261,12 @@ ReadDERFromFile(SECItem *** derlist, cha
+ 	    }
+ 
+ 	    /* NOTE: This code path has never been tested. */
++	    error = CKR_OK;
+ 	    PUT_Object(der, error);
++	    if (error != CKR_OK) {
++		free(der);
++		goto loser;
++	    }
+ 	}
+ 
+ 	nss_ZFreeIf(filedata.data);
diff --git a/SOURCES/prfnonsha256.patch b/SOURCES/prfnonsha256.patch
deleted file mode 100644
index 0f40bd7..0000000
--- a/SOURCES/prfnonsha256.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-diff -up ./lib/ssl/ssl3con.c.prfnonsha256 ./lib/ssl/ssl3con.c
---- ./lib/ssl/ssl3con.c.prfnonsha256	2015-06-24 23:06:00.456872491 +0200
-+++ ./lib/ssl/ssl3con.c	2015-06-26 01:11:50.986824797 +0200
-@@ -3959,7 +3959,20 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
- 	/* If we ever support ciphersuites where the PRF hash isn't SHA-256
- 	 * then this will need to be updated. */
- 	if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
--	    ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256);
-+        HASH_HashType ht;
-+        CK_MECHANISM_TYPE hm;
-+        SECOidTag ot;
-+        SECOidData *hashOid;
-+        
-+        hm = ssl3_GetPrfHashMechanism(ss);
-+        hashOid = SECOID_FindOIDByMechanism(hm);
-+        if (hashOid == NULL) {
-+            ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-+            return SECFailure;
-+        }
-+        ot = hashOid->offset;
-+        ht = HASH_GetHashTypeByOidTag(ot);
-+	    ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(ht);
- 	    if (!ss->ssl3.hs.sha_obj) {
- 		ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
- 		return SECFailure;
-@@ -4601,6 +4614,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *
- 	ss->ssl3.hs.hashType == handshake_hash_single) {
- 	/* compute them without PKCS11 */
- 	PRUint64      sha_cx[MAX_MAC_CONTEXT_LLONGS];
-+    SECOidData *hashOid;
- 
- 	if (!spec->msItem.data) {
- 	    PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
-@@ -4611,11 +4625,15 @@ ssl3_ComputeHandshakeHashes(sslSocket *
- 	ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len,
- 				 sizeof(hashes->u.raw));
- 
--	PRINT_BUF(60, (NULL, "SHA-256: result", hashes->u.raw, hashes->len));
-+	PRINT_BUF(60, (NULL, "Hash: result", hashes->u.raw, hashes->len));
-+
-+    hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
-+    if (hashOid == NULL) {
-+	    PORT_SetError(SSL_ERROR_DIGEST_FAILURE);
-+	    return SECFailure;
-+    }
-+    hashes->hashAlg = hashOid->offset;
- 
--	/* If we ever support ciphersuites where the PRF hash isn't SHA-256
--	 * then this will need to be updated. */
--	hashes->hashAlg = SEC_OID_SHA256;
- 	rv = SECSuccess;
-     } else if (ss->opt.bypassPKCS11) {
- 	/* compute them without PKCS11 */
-@@ -4708,6 +4726,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *
- 	unsigned int  stateLen;
- 	unsigned char stackBuf[1024];
- 	unsigned char *stateBuf = NULL;
-+    SECOidData *hashOid;
- 
- 	if (!spec->master_secret) {
- 	    PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
-@@ -4728,9 +4747,15 @@ ssl3_ComputeHandshakeHashes(sslSocket *
- 	    rv = SECFailure;
- 	    goto tls12_loser;
- 	}
--	/* If we ever support ciphersuites where the PRF hash isn't SHA-256
--	 * then this will need to be updated. */
--	hashes->hashAlg = SEC_OID_SHA256;
-+
-+    hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
-+    if (hashOid == NULL) {
-+        ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-+        rv = SECFailure;
-+        goto tls12_loser;
-+    }
-+    hashes->hashAlg = hashOid->offset;
-+
- 	rv = SECSuccess;
- 
- tls12_loser:
diff --git a/SOURCES/race.patch b/SOURCES/race.patch
new file mode 100644
index 0000000..f83a7f9
--- /dev/null
+++ b/SOURCES/race.patch
@@ -0,0 +1,161 @@
+diff --git a/lib/pk11wrap/pk11util.c b/lib/pk11wrap/pk11util.c
+--- a/lib/pk11wrap/pk11util.c
++++ b/lib/pk11wrap/pk11util.c
+@@ -1258,53 +1258,62 @@ SECMOD_HasRemovableSlots(SECMODModule *m
+     return ret;
+ }
+ 
+ /*
+  * helper function to actually create and destroy user defined slots
+  */
+ static SECStatus
+ secmod_UserDBOp(PK11SlotInfo *slot, CK_OBJECT_CLASS objClass, 
+-		const char *sendSpec)
++		const char *sendSpec, PRBool needlock)
+ {
+     CK_OBJECT_HANDLE dummy;
+     CK_ATTRIBUTE template[2] ;
+     CK_ATTRIBUTE *attrs = template;
+     CK_RV crv;
+ 
+     PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass)); attrs++;
+     PK11_SETATTRS(attrs, CKA_NETSCAPE_MODULE_SPEC , (unsigned char *)sendSpec,
+ 					 strlen(sendSpec)+1); attrs++;
+ 
+     PORT_Assert(attrs-template <= 2);
+ 
+ 
+-    PK11_EnterSlotMonitor(slot);
++    if (needlock) PK11_EnterSlotMonitor(slot);
+     crv = PK11_CreateNewObject(slot, slot->session,
+ 	template, attrs-template, PR_FALSE, &dummy);
+-    PK11_ExitSlotMonitor(slot);
++    if (needlock) PK11_ExitSlotMonitor(slot);
+ 
+     if (crv != CKR_OK) {
+ 	PORT_SetError(PK11_MapError(crv));
+ 	return SECFailure;
+     }
+-    return SECMOD_UpdateSlotList(slot->module);
++    return SECSuccess;
+ }
+ 
+ /*
+  * return true if the selected slot ID is not present or doesn't exist
+  */
+ static PRBool
+ secmod_SlotIsEmpty(SECMODModule *mod,  CK_SLOT_ID slotID)
+ {
+-    PK11SlotInfo *slot = SECMOD_LookupSlot(mod->moduleID, slotID);
++    PK11SlotInfo *slot = SECMOD_FindSlotByID(mod, slotID);
+     if (slot) {
+-	PRBool present = PK11_IsPresent(slot);
++	CK_SLOT_INFO slotInfo;
++	CK_RV crv;
++	/* check if the slot is present, skip any slot reinit stuff,
++	 * or cached present values, or locking. (we don't need to lock 
++	 * even if the module is not thread safe because we are already 
++	 * holding the module refLock, which is the same as the slot 
++	 * sessionLock if the module isn't thread safe. */
++	crv = PK11_GETTAB(slot)->C_GetSlotInfo(slot->slotID,&slotInfo);
+ 	PK11_FreeSlot(slot);
+-	if (present) {
++	if ((crv == CKR_OK) && 
++		((slotInfo.flags & CKF_TOKEN_PRESENT) == CKF_TOKEN_PRESENT)) {
++	    /* slot is present, so it's not empty */
+ 	    return PR_FALSE;
+ 	}
+     }
+     /* it doesn't exist or isn't present, it's available */
+     return PR_TRUE;
+ }
+ 
+ /*
+@@ -1350,52 +1359,67 @@ PK11SlotInfo *
+ SECMOD_OpenNewSlot(SECMODModule *mod, const char *moduleSpec)
+ {
+     CK_SLOT_ID slotID = 0;
+     PK11SlotInfo *slot;
+     char *escSpec;
+     char *sendSpec;
+     SECStatus rv;
+ 
++    PZ_Lock(mod->refLock);   /* don't reuse a slot on the fly */
+     slotID = secmod_FindFreeSlot(mod);
+     if (slotID == (CK_SLOT_ID) -1) {
++	PZ_Unlock(mod->refLock);
+ 	return NULL;
+     }
+ 
+     if (mod->slotCount == 0) {
++	PZ_Unlock(mod->refLock);
+ 	return NULL;
+     }
+ 
+     /* just grab the first slot in the module, any present slot should work */
+     slot = PK11_ReferenceSlot(mod->slots[0]);
+     if (slot == NULL) {
++	PZ_Unlock(mod->refLock);
+ 	return NULL;
+     }
+ 
+     /* we've found the slot, now build the moduleSpec */
+     escSpec = NSSUTIL_DoubleEscape(moduleSpec, '>', ']');
+     if (escSpec == NULL) {
++	PZ_Unlock(mod->refLock);
+ 	PK11_FreeSlot(slot);
+ 	return NULL;
+     }
+     sendSpec = PR_smprintf("tokens=[0x%x=<%s>]", slotID, escSpec);
+     PORT_Free(escSpec);
+ 
+     if (sendSpec == NULL) {
+ 	/* PR_smprintf does not set SEC_ERROR_NO_MEMORY on failure. */
++	PZ_Unlock(mod->refLock);
+ 	PK11_FreeSlot(slot);
+ 	PORT_SetError(SEC_ERROR_NO_MEMORY);
+ 	return NULL;
+     }
+-    rv = secmod_UserDBOp(slot, CKO_NETSCAPE_NEWSLOT, sendSpec);
++    rv = secmod_UserDBOp(slot, CKO_NETSCAPE_NEWSLOT, sendSpec, 
++    /* If the module isn't thread safe, the slot sessionLock == mod->refLock
++     * since we already hold the refLock we don't need to lock the sessionLock
++     */
++							mod->isThreadSafe);
++    PZ_Unlock(mod->refLock);
+     PR_smprintf_free(sendSpec);
+     PK11_FreeSlot(slot);
+     if (rv != SECSuccess) {
+ 	return NULL;
+     }
++    rv = SECMOD_UpdateSlotList(mod); /* don't call holding the mod->reflock */
++    if (rv != SECSuccess) {
++	return NULL;
++    }
+ 
+     slot = SECMOD_FindSlotByID(mod, slotID);
+     if (slot) {
+ 	/* if we are in the delay period for the "isPresent" call, reset
+ 	 * the delay since we know things have probably changed... */
+ 	if (slot->nssToken && slot->nssToken->slot) {
+ 	    nssSlot_ResetDelay(slot->nssToken->slot);
+ 	}
+@@ -1488,17 +1512,17 @@ SECMOD_CloseUserDB(PK11SlotInfo *slot)
+     char *sendSpec;
+     
+     sendSpec = PR_smprintf("tokens=[0x%x=<>]", slot->slotID);
+     if (sendSpec == NULL) {
+ 	/* PR_smprintf does not set no memory error */
+ 	PORT_SetError(SEC_ERROR_NO_MEMORY);
+ 	return SECFailure;
+     }
+-    rv = secmod_UserDBOp(slot, CKO_NETSCAPE_DELSLOT, sendSpec);
++    rv = secmod_UserDBOp(slot, CKO_NETSCAPE_DELSLOT, sendSpec, PR_TRUE);
+     PR_smprintf_free(sendSpec);
+     /* if we are in the delay period for the "isPresent" call, reset
+      * the delay since we know things have probably changed... */
+     if (slot->nssToken && slot->nssToken->slot) {
+ 	nssSlot_ResetDelay(slot->nssToken->slot);
+ 	/* force the slot info structures to properly reset */
+ 	(void)PK11_IsPresent(slot);
+     }
diff --git a/SOURCES/reorder-cipher-suites.patch b/SOURCES/reorder-cipher-suites.patch
deleted file mode 100644
index 6e677e7..0000000
--- a/SOURCES/reorder-cipher-suites.patch
+++ /dev/null
@@ -1,206 +0,0 @@
-diff -up ./nss/lib/ssl/ssl3con.c.order ./nss/lib/ssl/ssl3con.c
---- ./nss/lib/ssl/ssl3con.c.order	2015-08-31 17:14:13.539138213 -0700
-+++ ./nss/lib/ssl/ssl3con.c	2015-08-31 17:35:23.841003936 -0700
-@@ -90,38 +90,29 @@ static ssl3CipherSuiteCfg cipherSuites[s
-    /*      cipher_suite                     policy       enabled   isPresent */
- 
- #ifndef NSS_DISABLE_ECC
-- { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- /* Switched order of two previous to meet Suite B requirements
--  * but implemented by default yet.
-+ /* Ephemeral ECDH */
-+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must be before TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-+  * to workaround bug 946147.
-   */
-- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
--   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
--    * bug 946147.
--    */
-- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
- #endif /* NSS_DISABLE_ECC */
- 
-- { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-- { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-- { TLS_DHE_DSS_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-- { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-- { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ /* Ephemeral Finite Field DH */
-  { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-@@ -130,35 +121,44 @@ static ssl3CipherSuiteCfg cipherSuites[s
-  { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { TLS_DHE_DSS_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_DHE_DSS_WITH_RC4_128_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
- 
- #ifndef NSS_DISABLE_ECC
-- { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ /* Non ephemeral ECDH */
-+ { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDH_ECDSA_WITH_RC4_128_SHA,         SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDH_ECDSA_WITH_RC4_128_SHA,         SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDH_RSA_WITH_RC4_128_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
- #endif /* NSS_DISABLE_ECC */
- 
-  /* RSA */
-  { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { TLS_RSA_WITH_AES_256_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { TLS_RSA_WITH_AES_256_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_RSA_WITH_AES_128_GCM_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_RSA_WITH_AES_128_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_RSA_WITH_AES_128_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_RSA_WITH_AES_256_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-- { TLS_RSA_WITH_AES_256_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-- { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_RSA_WITH_SEED_CBC_SHA,               SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
- 
-  /* 56-bit DES "domestic" cipher suites */
-  { TLS_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
-diff -up ./nss/lib/ssl/sslenum.c.order ./nss/lib/ssl/sslenum.c
---- ./nss/lib/ssl/sslenum.c.order	2015-08-31 17:14:13.531138366 -0700
-+++ ./nss/lib/ssl/sslenum.c	2015-08-31 17:34:03.139562367 -0700
-@@ -48,35 +48,29 @@
-  */
- const PRUint16 SSL_ImplementedCiphers[] = {
- #ifndef NSS_DISABLE_ECC
-+    /* Ephemeral ECDH */
-     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
--    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
--    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
--    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
--    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
--    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
-+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-     /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
-      * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
-      */
--    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
--    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
--    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
--    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
--    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-+    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
-+    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-+    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
- #endif /* NSS_DISABLE_ECC */
- 
--    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
--    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
--    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
--    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
--    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
--    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
--    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
--    TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-+    /* Ephemeral Finite Field DH */
-     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
-     TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
-     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-@@ -85,11 +79,20 @@ const PRUint16 SSL_ImplementedCiphers[]
-     TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
-     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
-+    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
-+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
-+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
-+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
-+    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-+    TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-     TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-     TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
-     TLS_DHE_DSS_WITH_RC4_128_SHA,
- 
- #ifndef NSS_DISABLE_ECC
-+    /* Non ephemeral ECDH */
-     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-@@ -100,19 +103,20 @@ const PRUint16 SSL_ImplementedCiphers[]
-     TLS_ECDH_RSA_WITH_RC4_128_SHA,
- #endif /* NSS_DISABLE_ECC */
- 
-+    /* RSA */
-     TLS_RSA_WITH_AES_256_GCM_SHA384,
-+    TLS_RSA_WITH_AES_256_CBC_SHA,
-+    TLS_RSA_WITH_AES_256_CBC_SHA256,
-+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS_RSA_WITH_AES_128_GCM_SHA256,
-     TLS_RSA_WITH_AES_128_CBC_SHA,
-     TLS_RSA_WITH_AES_128_CBC_SHA256,
-     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
--    TLS_RSA_WITH_AES_256_CBC_SHA,
--    TLS_RSA_WITH_AES_256_CBC_SHA256,
--    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS_RSA_WITH_SEED_CBC_SHA,
--    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
-     TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-     TLS_RSA_WITH_RC4_128_SHA,
-     TLS_RSA_WITH_RC4_128_MD5,
-+    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
- 
-     /* 56-bit DES "domestic" cipher suites */
-     TLS_DHE_RSA_WITH_DES_CBC_SHA,
diff --git a/SOURCES/rh1238290.patch b/SOURCES/rh1238290.patch
index 2564a26..49a9b5d 100644
--- a/SOURCES/rh1238290.patch
+++ b/SOURCES/rh1238290.patch
@@ -1,7 +1,6 @@
-diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c
---- a/lib/cryptohi/seckey.c
-+++ b/lib/cryptohi/seckey.c
-@@ -993,17 +993,17 @@ SECKEY_PublicKeyStrengthInBits(const SEC
+--- ./lib/cryptohi/seckey.c.1238290	2015-11-08 21:12:59.000000000 -0800
++++ ./lib/cryptohi/seckey.c	2016-02-16 10:07:20.956930721 -0800
+@@ -993,20 +993,20 @@
      }
  
      /* interpret modulus length as key strength */
@@ -14,9 +13,13 @@ diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c
 +        bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dsa.params.prime);
          break;
      case dhKey:
-         bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.publicValue);
+-        bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.publicValue);
++        bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.prime);
          break;
      case ecKey:
          bitSize = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams);
          break;
      default:
+         PORT_SetError(SEC_ERROR_INVALID_KEY);
+         break;
+     }
diff --git a/SOURCES/sha384-client-verify.patch b/SOURCES/sha384-client-verify.patch
deleted file mode 100644
index 95dfbd2..0000000
--- a/SOURCES/sha384-client-verify.patch
+++ /dev/null
@@ -1,399 +0,0 @@
-diff --git a/cmd/strsclnt/strsclnt.c b/cmd/strsclnt/strsclnt.c
---- a/cmd/strsclnt/strsclnt.c
-+++ b/cmd/strsclnt/strsclnt.c
-@@ -117,17 +117,17 @@ static int active_threads = 8; /* number
-                                ** connect */
- static PRInt32 numUsed;
- /* end of variables protected by threadLock */
- 
- static SSL3Statistics * ssl3stats;
- 
- static int failed_already = 0;
- static SSLVersionRange enabledVersions;
--static PRBool enableSSL2      = PR_TRUE;
-+static PRBool enableSSL2      = PR_FALSE;
- static PRBool bypassPKCS11    = PR_FALSE;
- static PRBool disableLocking  = PR_FALSE;
- static PRBool ignoreErrors    = PR_FALSE;
- static PRBool enableSessionTickets = PR_FALSE;
- static PRBool enableCompression    = PR_FALSE;
- static PRBool enableFalseStart     = PR_FALSE;
- static PRBool enableCertStatus     = PR_FALSE;
- 
-@@ -158,17 +158,17 @@ Usage(const char *progName)
-         "          2 -o's mean skip server certificate validation altogether.\n"
- 	"       -D means no TCP delays\n"
- 	"       -q means quit when server gone (timeout rather than retry forever)\n"
- 	"       -s means disable SSL socket locking\n"
- 	"       -N means no session reuse\n"
- 	"       -P means do a specified percentage of full handshakes (0-100)\n"
-         "       -V [min]:[max] restricts the set of enabled SSL/TLS protocols versions.\n"
-         "          All versions are enabled by default.\n"
--        "          Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n"
-+        "          Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
-         "          Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
-         "       -U means enable throttling up threads\n"
- 	"       -B bypasses the PKCS11 layer for SSL encryption and MACing\n"
- 	"       -T enable the cert_status extension (OCSP stapling)\n"
- 	"       -u enable TLS Session Ticket extension\n"
- 	"       -z enable compression\n"
- 	"       -g enable false start\n",
- 	progName);
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -242,25 +242,32 @@ static const /*SSL3ClientCertificateType
- #endif /* NSS_DISABLE_ECC */
-     ct_DSS_sign,
- };
- 
- /* This block is the contents of the supported_signature_algorithms field of
-  * our TLS 1.2 CertificateRequest message, in wire format. See
-  * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
-  *
-- * This block contains only sha256 entries because we only support TLS 1.2
-- * CertificateVerify messages that use the handshake hash. */
--static const PRUint8 supported_signature_algorithms[] = {
-+ * We only support TLS 1.2
-+ * CertificateVerify messages that use the handshake PRF hash. */
-+static const PRUint8 supported_signature_algorithms_sha256[] = {
-     tls_hash_sha256, tls_sig_rsa,
- #ifndef NSS_DISABLE_ECC
-     tls_hash_sha256, tls_sig_ecdsa,
- #endif
-     tls_hash_sha256, tls_sig_dsa,
- };
-+static const PRUint8 supported_signature_algorithms_sha384[] = {
-+    tls_hash_sha384, tls_sig_rsa,
-+#ifndef NSS_DISABLE_ECC
-+    tls_hash_sha384, tls_sig_ecdsa,
-+#endif
-+    tls_hash_sha384, tls_sig_dsa,
-+};
- 
- #define EXPORT_RSA_KEY_LENGTH 64	/* bytes */
- 
- 
- /* This global item is used only in servers.  It is is initialized by
- ** SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest().
- */
- CERTDistNames *ssl3_server_ca_list = NULL;
-@@ -4018,17 +4025,18 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
- 		ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
- 		return SECFailure;
- 	    }
- 
- 	    /* Create a backup SHA-1 hash for a potential client auth
- 	     * signature.
- 	     *
- 	     * In TLS 1.2, ssl3_ComputeHandshakeHashes always uses the
--	     * handshake hash function (SHA-256). If the server or the client
-+	     * handshake PRF hash function (either SHA-256 or SHA384).
-+	     * If the server or the client
- 	     * does not support SHA-256 as a signature hash, we can either
- 	     * maintain a backup SHA-1 handshake hash or buffer all handshake
- 	     * messages.
- 	     */
- 	    if (!ss->sec.isServer) {
- 		ss->ssl3.hs.backupHash = PK11_CreateDigestContext(SEC_OID_SHA1);
- 		if (ss->ssl3.hs.backupHash == NULL) {
- 		    ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-@@ -4750,16 +4758,24 @@ ssl3_ComputeHandshakeHashes(sslSocket * 
- 
-     hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
-     if (hashOid == NULL) {
-         ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-         rv = SECFailure;
-         goto tls12_loser;
-     }
-     hashes->hashAlg = hashOid->offset;
-+    PORT_Assert(hashes->hashAlg == SEC_OID_SHA256 ||
-+                hashes->hashAlg == SEC_OID_SHA384);
-+    if (hashes->hashAlg != SEC_OID_SHA256 &&
-+        hashes->hashAlg != SEC_OID_SHA384) {
-+        ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-+        rv = SECFailure;
-+        goto tls12_loser;
-+    }
- 
- 	rv = SECSuccess;
- 
- tls12_loser:
- 	if (stateBuf) {
- 	    if (PK11_RestoreContext(h, stateBuf, stateLen) != SECSuccess) {
- 		ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
- 		rv = SECFailure;
-@@ -7015,58 +7031,76 @@ done:
-     if (pubk)
- 	SECKEY_DestroyPublicKey(pubk);
-     return rv;
- }
- 
- /* Destroys the backup handshake hash context if we don't need it. Note that
-  * this function selects the hash algorithm for client authentication
-  * signatures; ssl3_SendCertificateVerify uses the presence of the backup hash
-- * to determine whether to use SHA-1 or SHA-256. */
-+ * to determine whether to use SHA-1, or the PRF hash of the cipher suite. */
- static void
- ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss,
- 					   const SECItem *algorithms)
- {
-     SECStatus rv;
-     TLSSignatureAlgorithm sigAlg;
-     PRBool preferSha1;
-     PRBool supportsSha1 = PR_FALSE;
--    PRBool supportsSha256 = PR_FALSE;
-+    PRBool supportsHandshakeHash = PR_FALSE;
-     PRBool needBackupHash = PR_FALSE;
-     unsigned int i;
-+    SECOidData *hashOid;
-+    TLSHashAlgoritm suitePRFHash;
-+    PRBool suitePRFIs256Or384 = PR_FALSE;
- 
- #ifndef NO_PKCS11_BYPASS
-     /* Backup handshake hash is not supported in PKCS #11 bypass mode. */
-     if (ss->opt.bypassPKCS11) {
- 	PORT_Assert(!ss->ssl3.hs.backupHash);
- 	return;
-     }
- #endif
-     PORT_Assert(ss->ssl3.hs.backupHash);
- 
-     /* Determine the key's signature algorithm and whether it prefers SHA-1. */
-     rv = ssl3_ExtractClientKeyInfo(ss, &sigAlg, &preferSha1);
-     if (rv != SECSuccess) {
- 	goto done;
-     }
- 
-+    hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
-+    if (hashOid == NULL) {
-+        rv = SECFailure;
-+	goto done;
-+    }
-+
-+    if (hashOid->offset == SEC_OID_SHA256) {
-+	suitePRFHash = tls_hash_sha256;
-+	suitePRFIs256Or384 = PR_TRUE;
-+    } else if (hashOid->offset == SEC_OID_SHA384) {
-+	suitePRFHash = tls_hash_sha384;
-+	suitePRFIs256Or384 = PR_TRUE;
-+    } 
-+
-     /* Determine the server's hash support for that signature algorithm. */
-     for (i = 0; i < algorithms->len; i += 2) {
- 	if (algorithms->data[i+1] == sigAlg) {
- 	    if (algorithms->data[i] == tls_hash_sha1) {
- 		supportsSha1 = PR_TRUE;
--	    } else if (algorithms->data[i] == tls_hash_sha256) {
--		supportsSha256 = PR_TRUE;
--	    }
--	}
--    }
--
--    /* If either the server does not support SHA-256 or the client key prefers
--     * SHA-1, leave the backup hash. */
--    if (supportsSha1 && (preferSha1 || !supportsSha256)) {
-+	    } else if (suitePRFIs256Or384 &&
-+	               algorithms->data[i] == suitePRFHash) {
-+		supportsHandshakeHash = PR_TRUE;
-+	    }
-+	}
-+    }
-+
-+    /* If either the server does not support SHA-256/384, or the client key
-+     * prefers SHA-1, leave the backup hash. */
-+    if (supportsSha1 && (preferSha1 || !supportsHandshakeHash)) {
- 	needBackupHash = PR_TRUE;
-     }
- 
- done:
-     if (!needBackupHash) {
- 	PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE);
- 	ss->ssl3.hs.backupHash = NULL;
-     }
-@@ -9226,16 +9260,17 @@ ssl3_SendCertificateRequest(sslSocket *s
-     SECItem *      names	= NULL;
-     SECStatus      rv;
-     int            length;
-     int            i;
-     int            calen	= 0;
-     int            nnames	= 0;
-     int            certTypesLength;
-     int            sigAlgsLength;
-+    SECOidData     *hashOid;
- 
-     SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake",
- 		SSL_GETPID(), ss->fd));
- 
-     PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
- 
-     isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-@@ -9252,18 +9287,30 @@ ssl3_SendCertificateRequest(sslSocket *s
-     }
- 
-     for (i = 0, name = names; i < nnames; i++, name++) {
- 	calen += 2 + name->len;
-     }
- 
-     certTypes       = certificate_types;
-     certTypesLength = sizeof certificate_types;
--    sigAlgs         = supported_signature_algorithms;
--    sigAlgsLength   = sizeof supported_signature_algorithms;
-+
-+    hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
-+    if (hashOid == NULL) {
-+	return SECFailure; 		/* err set by AppendHandshake. */
-+    }
-+    if (hashOid->offset == SEC_OID_SHA256) {
-+	sigAlgs         = supported_signature_algorithms_sha256;
-+	sigAlgsLength   = sizeof supported_signature_algorithms_sha256;
-+    } else if (hashOid->offset == SEC_OID_SHA384) {
-+	sigAlgs         = supported_signature_algorithms_sha384;
-+	sigAlgsLength   = sizeof supported_signature_algorithms_sha384;
-+    } else {
-+	return SECFailure; 		/* err set by AppendHandshake. */
-+    }
- 
-     length = 1 + certTypesLength + 2 + calen;
-     if (isTLS12) {
- 	length += 2 + sigAlgsLength;
-     }
- 
-     rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length);
-     if (rv != SECSuccess) {
-diff --git a/lib/ssl/ssl3prot.h b/lib/ssl/ssl3prot.h
---- a/lib/ssl/ssl3prot.h
-+++ b/lib/ssl/ssl3prot.h
-@@ -216,24 +216,24 @@ typedef struct {
-         SSL3ServerRSAParams rsa;
-     } u;
- } SSL3ServerParams;
- 
- /* This enum reflects HashAlgorithm enum from
-  * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
-  *
-  * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
--enum {
-+typedef enum {
-     tls_hash_md5 = 1,
-     tls_hash_sha1 = 2,
-     tls_hash_sha224 = 3,
-     tls_hash_sha256 = 4,
-     tls_hash_sha384 = 5,
-     tls_hash_sha512 = 6
--};
-+} TLSHashAlgoritm;
- 
- /* This enum reflects SignatureAlgorithm enum from
-  * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
- typedef enum {
-     tls_sig_rsa = 1,
-     tls_sig_dsa = 2,
-     tls_sig_ecdsa = 3
- } TLSSignatureAlgorithm;
-diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
---- a/tests/ssl/ssl.sh
-+++ b/tests/ssl/ssl.sh
-@@ -64,16 +64,17 @@ ssl_init()
-   # Test case files
-   if [ "${NSS_NO_SSL2}" = "1" ]; then
-     SSLCOV=${QADIR}/ssl/sslcov.noSSL2orExport.txt
-     SSLSTRESS=${QADIR}/ssl/sslstress.noSSL2orExport.txt
-   else
-     SSLCOV=${QADIR}/ssl/sslcov.txt
-     SSLSTRESS=${QADIR}/ssl/sslstress.txt
-   fi
-+  SSLAUTH=${QADIR}/ssl/sslauth.txt
-   REQUEST_FILE=${QADIR}/ssl/sslreq.dat
- 
-   #temparary files
-   SERVEROUTFILE=${TMP}/tests_server.$$
-   SERVERPID=${TMP}/tests_pid.$$
- 
-   R_SERVERPID=../tests_pid.$$
- 
-@@ -87,18 +88,18 @@ ssl_init()
-   NORM_EXT=""
- 
-   if [ -z "$NSS_DISABLE_ECC" ] ; then
-       ECC_STRING=" - with ECC"
-   else
-       ECC_STRING=""
-   fi
- 
--  CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz"
--  CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz"
-+  CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009D:009E:009F:00A2:00A3cdefgijklmnvyz"
-+  CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C024:C027:C028:C02B:C02C:C02F:C030:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009D:009E:009F:00A2:00A3cdefgijklmnvyz"
- 
-   if [ "${OS_ARCH}" != "WINNT" ]; then
-       ulimit -n 1000 # make sure we have enough file descriptors
-   fi
- 
-   cd ${CLIENTDIR}
- }
- 
-@@ -119,17 +120,17 @@ is_selfserv_alive()
-   if [ "${OS_ARCH}" = "WINNT" ] && \
-      [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
-       PID=${SHELL_SERVERPID}
-   else
-       PID=`cat ${SERVERPID}`
-   fi
- 
-   echo "kill -0 ${PID} >/dev/null 2>/dev/null" 
--  if [[ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]]; then
-+  if [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then
-   echo "No server to kill"
-   else
-   kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable"
-   fi
- 
-   echo "selfserv with PID ${PID} found at `date`"
- }
- 
-@@ -221,25 +222,26 @@ start_selfserv()
-       ECC_OPTIONS=""
-   fi
-   if [ "$1" = "mixed" ]; then
-       ECC_OPTIONS="-e ${HOSTADDR}-ecmixed"
-   fi
-   echo "selfserv starting at `date`"
-   echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
-   echo "         ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID}\\"
--  echo "         $verbose -H 1 &"
-+  echo "         $verbose -H 1 -V ssl3: &"
-   if [ ${fileout} -eq 1 ]; then
-       ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
-                ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 \
--               > ${SERVEROUTFILE} 2>&1 &
-+               -V ssl3:> ${SERVEROUTFILE} 2>&1 &
-       RET=$?
-   else
-       ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
--               ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 &
-+               ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 \
-+               -V ssl3: &
-       RET=$?
-   fi
- 
-   # The PID $! returned by the MKS or Cygwin shell is not the PID of
-   # the real background process, but rather the PID of a helper
-   # process (sh.exe).  MKS's kill command has a bug: invoking kill
-   # on the helper process does not terminate the real background
-   # process.  Our workaround has been to have selfserv save its PID
-diff --git a/tests/ssl/sslcov.txt b/tests/ssl/sslcov.txt
---- a/tests/ssl/sslcov.txt
-+++ b/tests/ssl/sslcov.txt
-@@ -171,9 +171,9 @@
-    ECC   TLS12  :C014 TLS12_ECDHE_RSA_WITH_AES_256_CBC_SHA
-    ECC   TLS12  :C023 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-    ECC   TLS12  :C024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-    ECC   TLS12  :C027 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-    ECC   TLS12  :C028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-    ECC   TLS12  :C02B TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    ECC   TLS12  :C02C TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384
-    ECC   TLS12  :C02F TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256
--   ECC   TLS12  :0030 TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA384
-+   ECC   TLS12  :C030 TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA384
diff --git a/SOURCES/ssl-server-min-key-sizes.patch b/SOURCES/ssl-server-min-key-sizes.patch
index 1ed9a82..fbb4215 100644
--- a/SOURCES/ssl-server-min-key-sizes.patch
+++ b/SOURCES/ssl-server-min-key-sizes.patch
@@ -1,35 +1,68 @@
-diff -up nss/lib/ssl/ssl3con.c.min_key_sizes nss/lib/ssl/ssl3con.c
---- nss/lib/ssl/ssl3con.c.min_key_sizes	2015-06-08 11:38:41.154472496 -0700
-+++ nss/lib/ssl/ssl3con.c	2015-06-08 11:43:45.538294127 -0700
-@@ -6743,7 +6743,7 @@ ssl3_HandleServerKeyExchange(sslSocket *
+diff --git a/lib/nss/nssoptions.h b/lib/nss/nssoptions.h
+--- a/lib/nss/nssoptions.h
++++ b/lib/nss/nssoptions.h
+@@ -11,11 +11,11 @@
+  * file into NSS proper */
+ 
+ /* The minimum server key sizes accepted by the clients.
+  * Not 1024 to be conservative. */
+ #define SSL_RSA_MIN_MODULUS_BITS 1023
+ /* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
+  * only 1023 bits and similar.  We don't have good data on whether this
+  * happens because NSS used to count bit lengths incorrectly. */
+-#define SSL_DH_MIN_P_BITS 1023
++#define SSL_DH_MIN_P_BITS 768
+ #define SSL_DSA_MIN_P_BITS 1023
+ 
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -6950,17 +6950,17 @@ ssl3_HandleServerKeyExchange(sslSocket *
  	    goto loser;		/* malformed. */
  	}
+ 
+ 	rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH);
+ 	if (rv != SECSuccess) {
+             minDH = SSL_DH_MIN_P_BITS;
+ 	}
          dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
--        if (dh_p_bits < DH_MIN_P_BITS) {
+-        if (dh_p_bits < minDH) {
 +        if (dh_p_bits < SSL_DH_MIN_P_BITS) {
  	    errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
  	    goto alert_loser;
  	}
-@@ -10056,9 +10056,12 @@ ssl3_AuthCertificate(sslSocket *ss)
-             /* We aren't checking EC here on the understanding that we only
-              * support curves we like, a decision that might need revisiting. */
-             if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey ||
--                  pubKeyType == rsaOaepKey) && ss->sec.authKeyBits < 1023) ||
--                (pubKeyType == dsaKey && ss->sec.authKeyBits < DSA_MIN_P_BITS) ||
--                (pubKeyType == dhKey && ss->sec.authKeyBits < DH_MIN_P_BITS)) {
-+                  pubKeyType == rsaOaepKey) &&
-+                  ss->sec.authKeyBits < SSL_RSA_MIN_MODULUS_BITS) ||
-+                (pubKeyType == dsaKey &&
-+                 ss->sec.authKeyBits < SSL_DSA_MIN_P_BITS) ||
-+                (pubKeyType == dhKey &&
-+                 ss->sec.authKeyBits < SSL_DH_MIN_P_BITS)) {
-                 PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY);
-                 (void)SSL3_SendAlert(ss, alert_fatal,
-                                      ss->version >= SSL_LIBRARY_VERSION_TLS_1_0
-diff -up nss/lib/ssl/sslimpl.h.min_key_sizes nss/lib/ssl/sslimpl.h
---- nss/lib/ssl/sslimpl.h.min_key_sizes	2015-06-08 11:39:30.287475197 -0700
-+++ nss/lib/ssl/sslimpl.h	2015-06-08 11:46:14.262275334 -0700
-@@ -153,6 +153,15 @@ typedef enum { SSLAppOpRead = 0,
+     	rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
+     	if (rv != SECSuccess) {
+ 	    goto loser;		/* malformed. */
+ 	}
+         /* Abort if dh_g is 0, 1, or obviously too big. */
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -24,16 +24,17 @@
+ #include "nssilock.h"
+ #include "pkcs11t.h"
+ #if defined(XP_UNIX) || defined(XP_BEOS)
+ #include "unistd.h"
+ #endif
+ #include "nssrwlk.h"
+ #include "prthread.h"
+ #include "prclist.h"
++#include "nssoptions.h" /* defines SSL_DH_MIN_P_BITS 768 */
+ 
+ #include "sslt.h" /* for some formerly private types, now public */
+ 
+ /* to make some of these old enums public without namespace pollution,
+ ** it was necessary to prepend ssl_ to the names.
+ ** These #defines preserve compatibility with the old code here in libssl.
+ */
+ typedef SSLKEAType      SSL3KEAType;
+@@ -149,16 +150,24 @@ typedef enum { SSLAppOpRead = 0,
+ #define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000
+ 
+ #ifndef BPB
+ #define BPB 8 /* Bits Per Byte */
+ #endif
  
  #define EXPORT_RSA_KEY_LENGTH 64	/* bytes */
  
@@ -39,9 +72,13 @@ diff -up nss/lib/ssl/sslimpl.h.min_key_sizes nss/lib/ssl/sslimpl.h
 +/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
 + * only 1023 bits and similar.  We don't have good data on whether this
 + * happens because NSS used to count bit lengths incorrectly. */
-+#define SSL_DH_MIN_P_BITS 768
 +#define SSL_DSA_MIN_P_BITS 1023
 +
  #define INITIAL_DTLS_TIMEOUT_MS   1000  /* Default value from RFC 4347 = 1s*/
  #define MAX_DTLS_TIMEOUT_MS      60000  /* 1 minute */
  #define DTLS_FINISHED_TIMER_MS  120000  /* Time to wait in FINISHED state */
+ 
+ typedef struct sslBufferStr             sslBuffer;
+ typedef struct sslConnectInfoStr        sslConnectInfo;
+ typedef struct sslGatherStr             sslGather;
+ typedef struct sslSecurityInfoStr       sslSecurityInfo;
diff --git a/SOURCES/sslauth-no-v2.patch b/SOURCES/sslauth-no-v2.patch
new file mode 100644
index 0000000..3aab27a
--- /dev/null
+++ b/SOURCES/sslauth-no-v2.patch
@@ -0,0 +1,77 @@
+diff --git a/tests/ssl/sslauth.txt b/tests/ssl/sslauth.txt
+--- a/tests/ssl/sslauth.txt
++++ b/tests/ssl/sslauth.txt
+@@ -3,28 +3,28 @@
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ #
+ # This file defines the tests for client auth.
+ #
+ #        expected
+ # Enable  return  server     client                         Test Case name
+ #  ECC     value  params     params
+ # ------- ------  ------     ------                         ---------------
+-  noECC     0       -r           -w_nss_-n_none           TLS Request don't require client auth (client does not provide auth)
+-  noECC     0       -r           -w_bogus_-n_TestUser     TLS Request don't require client auth (bad password)
+-  noECC     0       -r           -w_nss_-n_TestUser       TLS Request don't require client auth (client auth)
+-  noECC    254      -r_-r        -w_nss_-n_none           TLS Require client auth (client does not provide auth)
+-  noECC    254      -r_-r        -w_bogus_-n_TestUser     TLS Require client auth (bad password)
+-  noECC     0       -r_-r        -w_nss_-n_TestUser_      TLS Require client auth (client auth)
+-  noECC     0       -r           -V_:ssl3_-w_nss_-n_none        SSL3 Request don't require client auth (client does not provide auth)
+-  noECC     0       -r           -V_:ssl3_-n_TestUser_-w_bogus  SSL3 Request don't require client auth (bad password)
+-  noECC     0       -r           -V_:ssl3_-n_TestUser_-w_nss    SSL3 Request don't require client auth (client auth)
+-  noECC    254      -r_-r        -V_:ssl3_-w_nss_-n_none        SSL3 Require client auth (client does not provide auth)
+-  noECC    254      -r_-r        -V_:ssl3_-n_TestUser_-w_bogus  SSL3 Require client auth (bad password)
+-  noECC     0       -r_-r        -V_:ssl3_-n_TestUser_-w_nss    SSL3 Require client auth (client auth)
++  noECC     0       -r           -V_ssl3:_-w_nss_-n_none           TLS Request don't require client auth (client does not provide auth)
++  noECC     0       -r           -V_ssl3:_-w_bogus_-n_TestUser     TLS Request don't require client auth (bad password)
++  noECC     0       -r           -V_ssl3:_-w_nss_-n_TestUser       TLS Request don't require client auth (client auth)
++  noECC    254      -r_-r        -V_ssl3:_-w_nss_-n_none           TLS Require client auth (client does not provide auth)
++  noECC    254      -r_-r        -V_ssl3:_-w_bogus_-n_TestUser     TLS Require client auth (bad password)
++  noECC     0       -r_-r        -V_ssl3:_-w_nss_-n_TestUser_      TLS Require client auth (client auth)
++  noECC     0       -r           -V_ssl3:ssl3_-w_nss_-n_none        SSL3 Request don't require client auth (client does not provide auth)
++  noECC     0       -r           -V_ssl3:ssl3_-n_TestUser_-w_bogus  SSL3 Request don't require client auth (bad password)
++  noECC     0       -r           -V_ssl3:ssl3_-n_TestUser_-w_nss    SSL3 Request don't require client auth (client auth)
++  noECC    254      -r_-r        -V_ssl3:ssl3_-w_nss_-n_none        SSL3 Require client auth (client does not provide auth)
++  noECC    254      -r_-r        -V_ssl3:ssl3_-n_TestUser_-w_bogus  SSL3 Require client auth (bad password)
++  noECC     0       -r_-r        -V_ssl3:ssl3_-n_TestUser_-w_nss    SSL3 Require client auth (client auth)
+   noECC     0       -r_-r_-r     -V_ssl3:_-w_nss_-n_none        TLS Request don't require client auth on 2nd hs (client does not provide auth)
+   noECC     0       -r_-r_-r     -V_ssl3:_-w_bogus_-n_TestUser  TLS Request don't require client auth on 2nd hs (bad password)
+   noECC     0       -r_-r_-r     -V_ssl3:_-w_nss_-n_TestUser    TLS Request don't require client auth on 2nd hs (client auth)
+   noECC     1       -r_-r_-r_-r  -V_ssl3:_-w_nss_-n_none        TLS Require client auth on 2nd hs (client does not provide auth)
+   noECC     1       -r_-r_-r_-r  -V_ssl3:_-w_bogus_-n_TestUser  TLS Require client auth on 2nd hs (bad password)
+   noECC     0       -r_-r_-r_-r  -V_ssl3:_-w_nss_-n_TestUser    TLS Require client auth on 2nd hs (client auth)
+   noECC     0       -r_-r_-r     -V_ssl3:tls1.0_-w_nss_-n_none        TLS 1.0 Request don't require client auth on 2nd hs (client does not provide auth)
+   noECC     0       -r_-r_-r     -V_ssl3:tls1.0_-w_bogus_-n_TestUser  TLS 1.0 Request don't require client auth on 2nd hs (bad password)
+@@ -36,24 +36,24 @@
+   noECC     0       -r_-r_-r     -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password)
+   noECC     0       -r_-r_-r     -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
+   noECC     1       -r_-r_-r_-r  -V_ssl3:ssl3_-w_nss_-n_none     SSL3 Require client auth on 2nd hs (client does not provide auth)
+   noECC     1       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password)
+   noECC     0       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Require client auth on 2nd hs (client auth)
+ #
+ # Use EC cert for client authentication
+ #
+-   ECC      0       -r           -w_bogus_-n_TestUser-ec     TLS Request don't require client auth (EC) (bad password)
+-   ECC      0       -r           -w_nss_-n_TestUser-ec       TLS Request don't require client auth (EC) (client auth)
+-   ECC     254      -r_-r        -w_bogus_-n_TestUser-ec     TLS Require client auth (EC) (bad password)
+-   ECC      0       -r_-r        -w_nss_-n_TestUser-ec_      TLS Require client auth (EC) (client auth)
+-   ECC      0       -r           -V_:ssl3_-n_TestUser-ec_-w_bogus  SSL3 Request don't require client auth (EC) (bad password)
+-   ECC      0       -r           -V_:ssl3_-n_TestUser-ec_-w_nss    SSL3 Request don't require client auth (EC) (client auth)
+-   ECC     254      -r_-r        -V_:ssl3_-n_TestUser-ec_-w_bogus  SSL3 Require client auth (EC) (bad password)
+-   ECC      0       -r_-r        -V_:ssl3_-n_TestUser-ec_-w_nss    SSL3 Require client auth (EC) (client auth)
++   ECC      0       -r           -V_ssl3:_-w_bogus_-n_TestUser-ec     TLS Request don't require client auth (EC) (bad password)
++   ECC      0       -r           -V_ssl3:_-w_nss_-n_TestUser-ec       TLS Request don't require client auth (EC) (client auth)
++   ECC     254      -r_-r        -V_ssl3:_-w_bogus_-n_TestUser-ec     TLS Require client auth (EC) (bad password)
++   ECC      0       -r_-r        -V_ssl3:_-w_nss_-n_TestUser-ec_      TLS Require client auth (EC) (client auth)
++   ECC      0       -r           -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus  SSL3 Request don't require client auth (EC) (bad password)
++   ECC      0       -r           -V_ssl3:ssl3_-n_TestUser-ec_-w_nss    SSL3 Request don't require client auth (EC) (client auth)
++   ECC     254      -r_-r        -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus  SSL3 Require client auth (EC) (bad password)
++   ECC      0       -r_-r        -V_ssl3:ssl3_-n_TestUser-ec_-w_nss    SSL3 Require client auth (EC) (client auth)
+    ECC      0       -r_-r_-r     -V_ssl3:_-w_bogus_-n_TestUser-ec  TLS Request don't require client auth on 2nd hs (EC) (bad password)
+    ECC      0       -r_-r_-r     -V_ssl3:_-w_nss_-n_TestUser-ec    TLS Request don't require client auth on 2nd hs (EC) (client auth)
+    ECC      1       -r_-r_-r_-r  -V_ssl3:_-w_bogus_-n_TestUser-ec  TLS Require client auth on 2nd hs (EC) (bad password)
+    ECC      0       -r_-r_-r_-r  -V_ssl3:_-w_nss_-n_TestUser-ec_   TLS Require client auth on 2nd hs (EC) (client auth)
+    ECC      0       -r_-r_-r     -V_ssl3:tls1.0_-w_bogus_-n_TestUser-ec  TLS 1.0 Request don't require client auth on 2nd hs (EC) (bad password)
+    ECC      0       -r_-r_-r     -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec    TLS 1.0 Request don't require client auth on 2nd hs (EC) (client auth)
+    ECC      1       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_bogus_-n_TestUser-ec  TLS 1.0 Require client auth on 2nd hs (EC) (bad password)
+    ECC      0       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec_   TLS 1.0 Require client auth on 2nd hs (EC) (client auth)
diff --git a/SOURCES/sslinfo-fix-info.patch b/SOURCES/sslinfo-fix-info.patch
deleted file mode 100644
index 2e0219f..0000000
--- a/SOURCES/sslinfo-fix-info.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up ./nss/lib/ssl/sslinfo.c.fix_info ./nss/lib/ssl/sslinfo.c
---- ./nss/lib/ssl/sslinfo.c.fix_info	2015-08-17 07:25:53.039762148 -0700
-+++ ./nss/lib/ssl/sslinfo.c	2015-08-17 07:26:44.556390051 -0700
-@@ -218,7 +218,7 @@ static const SSLCipherSuiteInfo suiteInf
- {0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
- {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
- {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
--{0,CS(TLS_RSA_WITH_AES_256_GCM_SHA384),     S_RSA, K_RSA, C_AESGCM, B_256, M_SHA384, 1, 0, 0, },
-+{0,CS(TLS_RSA_WITH_AES_256_GCM_SHA384),     S_RSA, K_RSA, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
- 
- /* SSL 2 table */
- {0,CK(SSL_CK_RC4_128_WITH_MD5),               S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
diff --git a/SOURCES/tests-extra.patch b/SOURCES/tests-extra.patch
new file mode 100644
index 0000000..662a2fb
--- /dev/null
+++ b/SOURCES/tests-extra.patch
@@ -0,0 +1,26 @@
+diff -up ./tests/ssl/sslcov.txt.extra ./tests/ssl/sslcov.txt
+--- ./tests/ssl/sslcov.txt.extra	2016-02-18 19:03:02.168464819 -0500
++++ ./tests/ssl/sslcov.txt	2016-02-18 19:07:07.831906435 -0500
+@@ -35,6 +35,9 @@
+   noECC  SSL3   v    SSL3_RSA_WITH_AES_128_CBC_SHA
+   noECC  SSL3   y    SSL3_RSA_WITH_AES_256_CBC_SHA
+   noECC  SSL3   z    SSL3_RSA_WITH_NULL_SHA
++  noECC  TLS12 :009F  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
++  noECC  TLS12 :00A3  TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
++  noECC  TLS12 :009D  TLS_RSA_WITH_AES_256_GCM_SHA384
+ #  noECC  SSL3  :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ #  noECC  SSL3  :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ #
+@@ -167,6 +170,10 @@
+    ECC   TLS12  :C013 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA
+    ECC   TLS12  :C014 TLS12_ECDHE_RSA_WITH_AES_256_CBC_SHA
+    ECC   TLS12  :C023 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
++   ECC   TLS12  :C024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+    ECC   TLS12  :C027 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA256
++   ECC   TLS12  :C028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+    ECC   TLS12  :C02B TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
++   ECC   TLS12  :C02C TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384
+    ECC   TLS12  :C02F TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256
++   ECC   TLS12  :C030 TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA384
+diff -up ./tests/ssl/ssl.sh.extra ./tests/ssl/ssl.sh
+diff -up ./tests/ssl/sslstress.txt.extra ./tests/ssl/sslstress.txt
diff --git a/SPECS/nss.spec b/SPECS/nss.spec
index 0c41c3b..649cf0a 100644
--- a/SPECS/nss.spec
+++ b/SPECS/nss.spec
@@ -1,9 +1,13 @@
-%global nspr_version 4.10.8
-%global nss_util_version 3.19.1
+%global nspr_version 4.11.0
+%global nss_util_version 3.21.0
+%global nss_util_build -2.2
 # adjust to the version that gets submitted for FIPS validation
 %global nss_softokn_fips_version 3.16.2
 %global nss_softokn_version 3.16.2.3
-%global required_softokn_build_version -13
+# Attention: Separate softokn versions for build and runtime.
+%global runtime_required_softokn_build_version -14.2
+# Building NSS doesn't require the softokn -13 build.
+%global build_required_softokn_build_version -13
 
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 %global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
@@ -22,15 +26,15 @@
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.19.1
-Release:          19%{?dist}
+Version:          3.21.0
+Release:          9%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
 Requires:         nspr >= %{nspr_version}
-Requires:         nss-util >= %{nss_util_version}
+Requires:         nss-util >= %{nss_util_version}%{nss_util_build}
 # TODO: revert to same version as nss once we are done with the merge
-Requires:         nss-softokn%{_isa} >= %{nss_softokn_version}%{required_softokn_build_version}
+Requires:         nss-softokn%{_isa} >= %{nss_softokn_version}%{runtime_required_softokn_build_version}
 Requires:         nss-system-init
 Requires(post):   %{_sbindir}/update-alternatives
 Requires(postun): %{_sbindir}/update-alternatives
@@ -38,8 +42,8 @@ BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:    nspr-devel >= %{nspr_version}
 # TODO: revert to same version as nss once we are done with the merge
 # Using '>=' but on RHEL the requires should be '='
-BuildRequires:    nss-softokn-devel >= %{nss_softokn_version}%{required_softokn_build_version}
-BuildRequires:    nss-util-devel >= %{nss_util_version}
+BuildRequires:    nss-softokn-devel >= %{nss_softokn_version}%{build_required_softokn_build_version}
+BuildRequires:    nss-util-devel >= %{nss_util_version}%{nss_util_build}
 BuildRequires:    sqlite-devel
 BuildRequires:    zlib-devel
 BuildRequires:    pkgconfig
@@ -82,7 +86,7 @@ Patch6:           nss-enable-pem.patch
 Patch16:          nss-539183.patch
 Patch18:          nss-646045.patch
 # must statically link pem against the freebl in the buildroot
-# Needed only when freebl on tree has new APIS
+# Needed only when sources on tree have new APIS
 Patch25:          nsspem-use-system-freebl.patch
 # TODO: Remove this patch when the ocsp test are fixed
 Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
@@ -97,40 +101,60 @@ Patch49:          nss-skip-bltest-and-fipstest.patch
 # headers are older. Such is the case when starting an update with API changes or even private export changes.
 # Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
 Patch50:          iquote.patch
+# As of nss-3.21 we compile NSS with -Werror.
+# see https://bugzilla.mozilla.org/show_bug.cgi?id=1182667
+# This requires a cleanup of the PEM module as we have it here.
+# TODO: submit a patch to the interim nss-pem upstream project
+# The submission will be very different from this patch as
+# cleanup there is already in progress there.
+Patch51:          pem-compile-with-Werror.patch
 Patch52:          Bug-1001841-disable-sslv2-libssl.patch
 Patch53:          Bug-1001841-disable-sslv2-tests.patch
+Patch54:          sslauth-no-v2.patch
 Patch55:          enable-fips-when-system-is-in-fips-mode.patch
 # rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1026677
 Patch56:          p-ignore-setpolicy.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=943144
+Patch62: nss-fix-deadlock-squash.patch
+# Two patches from from rhel6.8 that are also needed for rhel-7
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1054373
+Patch74: race.patch
+Patch94: nss-3.16-token-init-race.patch
 Patch99: ssl-server-min-key-sizes.patch
+Patch100: fix-min-library-version-in-SSLVersionRange.patch
 # Add support for sha384 tls cipher suites, dss cipher suites, and
 # server-side dhe key exchange
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=102794
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
 Patch101: dhe-sha384-dss-support.patch
-Patch102: prfnonsha256.patch
-Patch103: sha384-client-verify.patch
-# Fix flaws in Patch53 which caused needed tests to be skipped which could hide errors
-Patch104: fix-disable-sslv2-tests.patch
-# Fix Patch52 which caused NULL ciphers failures
-Patch105: fix-disable-sslv2-libssl.patch
-# Enables veriying fix for TLS_RSA_WITH_NULL_... not working in RHEL7
-# Partial set of the required ciphers to be enabled by default
-Patch106: additional-cipher-suites-enabled-by-default.patch
-Patch107: sslinfo-fix-info.patch
-Patch108: fix-min-library-version-in-SSLVersionRange.patch
-Patch109: enable-ecdsa-ciphers-by-default.patch
+# TODO: From upstream review: For the client authentication case, should
+# probably drop our hack of swapping between sha256 and sha384 and plan
+# on implementing the fix we already have a patch for. What is that fix?
+Patch102: client_auth_for_sha384_prf_support.patch
+Patch103: nss-fix-client-auth-init-hashes.patch
+Patch104: nss-map-oid-to-hashalg.patch
+Patch105: nss-remove-bogus-assert.patch
+Patch106: nss-old-pkcs11-num.patch
+Patch107: nss-enable-384-cipher-tests.patch
+Patch108: nss-sni-c-v-fix.patch
+Patch109: nss-fix-signature-and-hash.patch
+Patch110: nss-sslstress-txt-ssl3-lower-value-in-range.patch
+
 # Enable by default two additional ciphers and fix order of two tables 
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
-Patch110: reorder-cipher-suites.patch
-# Expand client side CLI options for ocsp stapling and SNI tests
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
-Patch111: ocsp_stapling_sslauth_sni_tests_client_side_fixes.patch
-# TODO: File a bug upstream with and expanded patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1211403
 Patch112: rh1238290.patch
-Patch113: cve-2015-7575-minimal.patch
+# Local: keep as long nss-softokn lacks support
+Patch113: disable-extended-master-secret-with-old-softoken.patch
+# extra tests needed
+Patch114: tests-extra.patch
+Patch115: nss-prevent-abi-issue.patch
+Patch116: nss-tests-prevent-abi-issue.patch
+Patch117: fix-nss-test-filtering.patch
+Patch118: fix-allowed-sig-alg.patch
+Patch119: nss-ssl-ssl3con-delete-duplicates.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -222,31 +246,39 @@ popd
 %patch47 -p0 -b .templates
 %patch49 -p0 -b .skipthem
 %patch50 -p0 -b .iquote
+%patch51 -p1 -b -Werror
 pushd nss
 %patch52 -p1 -b .disableSSL2libssl
 %patch53 -p1 -b .disableSSL2tests
-popd
-%patch55 -p0 -b .852023
-%patch56 -p0 -b .1026677
-%patch99 -p0 -b .min_key_sizes
-pushd nss
+%patch54 -p1 -b .sslauth-no-v2
+%patch55 -p1 -b .852023_enable_fips_when_in_fips_mode
+%patch56 -p1 -b .1026677_ignore_set_policy
+%patch62 -p1 -b .fix_deadlock
+%patch99 -p1 -b .min_key_sizes
+%patch100 -p0 -b .1171318
 %patch101 -p1 -b .dhe_and_sha384
-%patch102 -p1 -b .prfnonsha256
-%patch103 -p1 -b .sha384_client_verify
+%patch102 -p1 -b .client_auth_prf
+%patch112 -p1 -b .1238290
+%patch113 -p1 -b .disable-ems
+%patch114 -p1 -b .extra
+%patch115 -p1 -b .abi_lib
+%patch116 -p1 -b .abi_tests
+%patch117 -p1 -b .test-filtering
+%patch74 -p1 -b .race
 popd
-%patch104 -p0 -b .fix_skipping
-%patch105 -p0 -b .null_ciphers
-%patch106 -p0 -b .1245627
-%patch107 -p0 -b .fix_info
-%patch108 -p0 -b .1171318
-%patch109 -p0 -b .enable_ecdsa
-%patch110 -p0 -b .order
-%patch111 -p0 -b .ocsp_sni
+%patch94 -p0 -b .init-token-race
+%patch103 -p0 -b .fix_client_auth_crash
+%patch104 -p0 -b .use_oids
+%patch105 -p0 -b .remove_bogus_assert
+%patch106 -p0 -b .old_pkcs11_num
+%patch107 -p0 -b .enable_384_cipher_tests
+%patch108 -p0 -b .sni_c_v_fix
+%patch109 -p0 -b .fix_signature_and_hash
+%patch110 -p0 -b .no_ssl2
 pushd nss
-%patch112 -p1 -b .1238290
-%patch113 -p1 -b .cve-2015-7575
+%patch118 -p1 -b .allowed-sig-alg
 popd
-
+%patch119 -p0 -b .delete_duplicates
 
 #########################################################
 # Higher-level libraries and test tools need access to
@@ -264,6 +296,10 @@ done
 %{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
 %{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
 
+# Before removing util directory we must save verref.h
+# as it will be needed later during the build phase.
+%{__mv} ./nss/lib/util/verref.h ./nss/verref.h
+
 ##### Remove util/freebl/softoken and low level tools
 ######## Remove freebl, softoken and util
 %{__rm} -rf ./nss/lib/freebl
@@ -293,8 +329,7 @@ FREEBL_NO_DEPEND=1
 export FREEBL_NO_DEPEND
 
 # Enable compiler optimizations and disable debugging code
-BUILD_OPT=1
-export BUILD_OPT
+export BUILD_OPT=1
 
 # Uncomment to disable optimizations
 #RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed -e 's/-O2/-O0/g'`
@@ -359,6 +394,13 @@ export NSS_ECC_MORE_THAN_SUITE_B
 export NSS_BLTEST_NOT_AVAILABLE=1
 %{__make} -C ./nss/coreconf
 %{__make} -C ./nss/lib/dbm
+
+# nss/nssinit.c, ssl/sslcon.c, smime/smimeutil.c and ckfw/builtins/binst.c
+# need nss/lib/util/verref.h which  is exported privately,
+# copy the one we saved during prep so it they can find it.
+%{__mkdir_p} ./dist/private/nss
+%{__mv} ./nss/verref.h ./dist/private/nss/verref.h
+
 %{__make} -C ./nss
 unset NSS_BLTEST_NOT_AVAILABLE
 
@@ -444,8 +486,7 @@ export NSS_NO_SSL2=1
 FREEBL_NO_DEPEND=1
 export FREEBL_NO_DEPEND
 
-BUILD_OPT=1
-export BUILD_OPT
+export BUILD_OPT=1
 
 %ifnarch noarch
 %if 0%{__isa_bits} == 64
@@ -456,7 +497,7 @@ export USE_64
 
 export NSS_BLTEST_NOT_AVAILABLE=1
 
-# needed for the fips manging test
+# needed for the fips mangling test
 export SOFTOKEN_LIB_DIR=%{_libdir}
 
 # End -- copied from the build section
@@ -844,6 +885,32 @@ fi
 
 
 %changelog
+* Fri Apr 15 2016 Kai Engert <kaie@redhat.com> - 3.21.0-9
+- Rebuild to require the latest nss-util build and nss-softokn build.
+
+* Mon Apr 11 2016 Kai Engert <kaie@redhat.com> - 3.21.0-8
+- Update the minimum nss-softokn build required at runtime.
+
+* Mon Apr 04 2016 Elio Maldonado <emaldona@redhat.com> - 3.21.0-7
+- Delete duplicates from one table
+
+* Tue Mar 29 2016 Kai Engert <kaie@redhat.com> - 3.21.0-6
+- Fix missing support for sha384/dsa in certificate_request
+
+* Wed Mar 23 2016 Kai Engert <kaie@redhat.com> - 3.21.0-5
+- Fix the SigAlgs sent in certificate_request
+
+* Tue Mar 22 2016 Elio Maldonado <emaldona@redhat.com> - 3.21.0-4
+- Ensure all ssl.sh tests are executed
+- Update sslauth test patch to run additional tests
+
+* Thu Feb 25 2016 Elio Maldonado <emaldona@redhat.com> - 3.21.0-2
+- Fix sha384 support and testing patches
+
+* Mon Feb 22 2016 Elio Maldonado <emaldona@redhat.com> - 3.21.0-1
+- Rebase to NSS-3.21
+- Resolves: Bug 1310581
+
 * Tue Dec 15 2015 Elio Maldonado <emaldona@redhat.com> - 3.19.1-19
 - Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol
 - Resolves: Bug 1289883