diff -up ./nss/cmd/modutil/pk11.c.ecc-lists ./nss/cmd/modutil/pk11.c
--- ./nss/cmd/modutil/pk11.c.ecc-lists	2013-11-09 09:23:30.000000000 -0800
+++ ./nss/cmd/modutil/pk11.c	2013-12-20 10:29:01.540726233 -0800
@@ -7,12 +7,9 @@
  */
 
 #include "modutil.h"
-/* #include "secmodti.h"  */
+#include "secmodi.h"
 #include "pk11func.h"
 
-static PK11DefaultArrayEntry *pk11_DefaultArray = NULL;
-static int pk11_DefaultArraySize = 0;
-
 /*************************************************************************
  *
  * F i p s M o d e
@@ -110,32 +107,11 @@ ChkFipsMode(char *arg)
 
 typedef struct {
     const char *name;
-    const unsigned long mask;
+    unsigned long mask;
 } MaskString;
 
-static const MaskString mechanismStrings[] = {
-    {"RSA", PUBLIC_MECH_RSA_FLAG},
-    {"DSA", PUBLIC_MECH_DSA_FLAG},
-    {"RC2", PUBLIC_MECH_RC2_FLAG},
-    {"RC4", PUBLIC_MECH_RC4_FLAG},
-    {"RC5", PUBLIC_MECH_RC5_FLAG},
-    {"DES", PUBLIC_MECH_DES_FLAG},
-    {"DH", PUBLIC_MECH_DH_FLAG},
-    {"FORTEZZA", PUBLIC_MECH_FORTEZZA_FLAG},
-    {"SHA1", PUBLIC_MECH_SHA1_FLAG},
-    {"MD5", PUBLIC_MECH_MD5_FLAG},
-    {"MD2", PUBLIC_MECH_MD2_FLAG},
-    {"SSL", PUBLIC_MECH_SSL_FLAG},
-    {"TLS", PUBLIC_MECH_TLS_FLAG},
-    {"AES", PUBLIC_MECH_AES_FLAG},
-    {"CAMELLIA", PUBLIC_MECH_CAMELLIA_FLAG},
-    {"SHA256", PUBLIC_MECH_SHA256_FLAG},
-    {"SHA512", PUBLIC_MECH_SHA512_FLAG},
-    {"RANDOM", PUBLIC_MECH_RANDOM_FLAG},
-    {"FRIENDLY", PUBLIC_MECH_FRIENDLY_FLAG}
-};
-static const int numMechanismStrings =
-    sizeof(mechanismStrings) / sizeof(mechanismStrings[0]);
+static MaskString *mechanismStrings =  NULL;
+static int numMechanismStrings = 0;
 
 static const MaskString cipherStrings[] = {
     {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG}
@@ -143,10 +119,83 @@ static const MaskString cipherStrings[]
 static const int numCipherStrings =
     sizeof(cipherStrings) / sizeof(cipherStrings[0]);
 
+static PK11DefaultArrayEntry *pk11_DefaultArray = NULL;
+static int pk11_DefaultArraySize = 0;
+
+
 /* Maximum length of a colon-separated list of all the strings in an 
  * array. */
 #define MAX_STRING_LIST_LEN 240    /* or less */
 
+/* 
+** The same as SECMOD_InternaltoPubMechFlags 
+** from nss/lib/pk11wrap/pk11util.c wich is a
+** private export and not visible to us
+*/
+static unsigned long 
+InternaltoPubMechFlags(unsigned long internalFlags) 
+{
+    unsigned long publicFlags = internalFlags;
+
+    if (internalFlags & SECMOD_RANDOM_FLAG) {
+        publicFlags &= ~SECMOD_RANDOM_FLAG;
+        publicFlags |= PUBLIC_MECH_RANDOM_FLAG;
+    }
+    return publicFlags;
+}
+
+
+Error
+loadMechanismList(void)
+{
+    int i;
+
+    if (pk11_DefaultArray == NULL) {
+        pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
+        if (pk11_DefaultArray == NULL) {
+            /* should assert. This shouldn't happen */
+            return UNSPECIFIED_ERR;
+        }
+    }
+    if (mechanismStrings != NULL) {
+	PR_Free(mechanismStrings);
+    }
+
+    /* build the mechanismStrings array */
+    mechanismStrings = PR_Malloc( pk11_DefaultArraySize*sizeof(MaskString) );
+    if (mechanismStrings == NULL) {
+	return OUT_OF_MEM_ERR;
+    }
+    numMechanismStrings = pk11_DefaultArraySize;
+    for (i = 0; i < numMechanismStrings; i++) {
+	char *name = pk11_DefaultArray[i].name;
+	unsigned long flag = pk11_DefaultArray[i].flag;
+	/* map new name to old */
+	switch (flag) {
+	case SECMOD_FORTEZZA_FLAG:
+	    name = "FORTEZZA";
+	    break;
+	case SECMOD_SHA1_FLAG:
+	    name = "SHA1";
+	    break;
+	case SECMOD_CAMELLIA_FLAG:
+	    name = "CAMELLIA";
+	    break;
+	case SECMOD_RANDOM_FLAG:
+	    name = "RANDOM";
+	    break;
+	case SECMOD_FRIENDLY_FLAG:
+	    name = "FRIENDLY";
+	    break;
+	default:
+	    break;
+	}
+	mechanismStrings[i].name = name;
+	mechanismStrings[i].mask = InternaltoPubMechFlags(flag);
+    }
+    return SUCCESS;
+}
+
 /************************************************************************
  * 
  * g e t F l a g s F r o m S t r i n g
@@ -244,6 +293,12 @@ AddModule(char *moduleName, char *libFil
     unsigned long ciphers;
     unsigned long mechanisms;
     SECStatus status;
+    Error rv;
+
+    rv = loadMechanismList();
+    if (rv != SUCCESS) {
+	return rv;
+    }
 
     mechanisms =
 	getFlagsFromString(mechanismString, mechanismStrings,
@@ -493,6 +548,11 @@ ListModule(char *moduleName)
 	return SUCCESS;
     }
 
+    rv = loadMechanismList();
+    if (rv != SUCCESS) {
+	return rv;
+    }
+
     module = SECMOD_FindModule(moduleName);
     if(!module) {
 	PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
@@ -811,19 +871,18 @@ SetDefaultModule(char *moduleName, char
     SECMODModule *module = NULL;
     PK11SlotInfo *slot;
     int s, i;
-    unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
-	numMechanismStrings);
+    unsigned long mechFlags;
     PRBool found = PR_FALSE;
-    Error errcode = UNSPECIFIED_ERR;
+    Error errcode;
 
-    if (pk11_DefaultArray == NULL) {
-	pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
-	if (pk11_DefaultArray == NULL) {
-	    /* should assert. This shouldn't happen */
-	    goto loser;
-	}
+    errcode = loadMechanismList();
+    if (errcode != SUCCESS) {
+	return errcode;
     }
+    errcode = UNSPECIFIED_ERR;
 
+    mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
+	numMechanismStrings);
     mechFlags =  SECMOD_PubMechFlagstoInternal(mechFlags);
 
     module = SECMOD_FindModule(moduleName);
@@ -889,20 +948,17 @@ UnsetDefaultModule(char *moduleName, cha
     SECMODModule * module = NULL;
     PK11SlotInfo *slot;
     int s, i;
-    unsigned long mechFlags = getFlagsFromString(mechanisms,
-	mechanismStrings, numMechanismStrings);
+    unsigned long mechFlags;
     PRBool found = PR_FALSE;
     Error rv;
 
-    if (pk11_DefaultArray == NULL) {
-	pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
-	if (pk11_DefaultArray == NULL) {
-	    /* should assert. This shouldn't happen */
-	    rv = UNSPECIFIED_ERR;
-            goto loser;
-	}
+    rv  = loadMechanismList();
+    if (rv != SUCCESS) {
+	return rv;
     }
 
+    mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
+	numMechanismStrings);
     mechFlags =  SECMOD_PubMechFlagstoInternal(mechFlags);
 
     module = SECMOD_FindModule(moduleName);
diff -up ./nss/lib/pk11wrap/pk11slot.c.ecc-lists ./nss/lib/pk11wrap/pk11slot.c
--- ./nss/lib/pk11wrap/pk11slot.c.ecc-lists	2013-11-09 09:23:30.000000000 -0800
+++ ./nss/lib/pk11wrap/pk11slot.c	2013-12-20 10:29:55.756109883 -0800
@@ -32,6 +32,7 @@
 PK11DefaultArrayEntry PK11_DefaultArray[] = {
 	{ "RSA", SECMOD_RSA_FLAG, CKM_RSA_PKCS },
 	{ "DSA", SECMOD_DSA_FLAG, CKM_DSA },
+	{ "ECC", SECMOD_ECC_FLAG, CKM_ECDSA },
 	{ "DH", SECMOD_DH_FLAG, CKM_DH_PKCS_DERIVE },
 	{ "RC2", SECMOD_RC2_FLAG, CKM_RC2_CBC },
 	{ "RC4", SECMOD_RC4_FLAG, CKM_RC4 },
diff -up ./nss/lib/pk11wrap/secmod.h.ecc-lists ./nss/lib/pk11wrap/secmod.h
--- ./nss/lib/pk11wrap/secmod.h.ecc-lists	2013-11-09 09:23:30.000000000 -0800
+++ ./nss/lib/pk11wrap/secmod.h	2013-12-20 10:26:20.881585723 -0800
@@ -28,6 +28,7 @@
 #define PUBLIC_MECH_SHA512_FLAG      0x00008000ul
 #define PUBLIC_MECH_CAMELLIA_FLAG    0x00010000ul
 #define PUBLIC_MECH_SEED_FLAG        0x00020000ul
+#define PUBLIC_MECH_ECC_FLAG         0x00040000ul
 
 #define PUBLIC_MECH_RANDOM_FLAG      0x08000000ul
 #define PUBLIC_MECH_FRIENDLY_FLAG    0x10000000ul