diff --git a/SOURCES/nss-3.53-strict-proto-fix.patch b/SOURCES/nss-3.53-strict-proto-fix.patch
new file mode 100644
index 0000000..e69c977
--- /dev/null
+++ b/SOURCES/nss-3.53-strict-proto-fix.patch
@@ -0,0 +1,12 @@
+diff -up ./lib/pk11wrap/pk11pub.h.strict_proto_fix ./lib/pk11wrap/pk11pub.h
+--- ./lib/pk11wrap/pk11pub.h.strict_proto_fix	2020-06-04 16:48:54.721954514 -0700
++++ ./lib/pk11wrap/pk11pub.h	2020-06-04 16:49:17.074066050 -0700
+@@ -948,7 +948,7 @@ PRBool SECMOD_HasRootCerts(void);
+  *  the system state independent of the database state and can be called
+  *  before NSS initializes.
+  */
+-int SECMOD_GetSystemFIPSEnabled();
++int SECMOD_GetSystemFIPSEnabled(void);
+ 
+ SEC_END_PROTOS
+ 
diff --git a/SOURCES/nss-3.53.1-no-small-primes.patch b/SOURCES/nss-3.53.1-no-small-primes.patch
new file mode 100644
index 0000000..c297c43
--- /dev/null
+++ b/SOURCES/nss-3.53.1-no-small-primes.patch
@@ -0,0 +1,21 @@
+diff -up ./gtests/softoken_gtest/softoken_dh_vectors.h.no-small-primes ./gtests/softoken_gtest/softoken_dh_vectors.h
+--- ./gtests/softoken_gtest/softoken_dh_vectors.h.no-small-primes	2020-10-04 00:52:25.008998541 +0300
++++ ./gtests/softoken_gtest/softoken_dh_vectors.h	2020-10-04 00:54:50.095503256 +0300
+@@ -2869,7 +2869,7 @@ static const DhTestVector DH_TEST_VECTOR
+      {siBuffer, (unsigned char *)g2, sizeof(g2)},
+      {siBuffer, NULL, 0},
+      {siBuffer, NULL, 0},
+-     IKE_APPROVED,
++     SAFE_PRIME,
+      CLASS_1536},
+     {"IKE 2048",
+      {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},
+@@ -2949,7 +2949,7 @@ static const DhTestVector DH_TEST_VECTOR
+      {siBuffer, (unsigned char *)sub2_prime_ike_1536,
+       sizeof(sub2_prime_ike_1536)},
+      {siBuffer, NULL, 0},
+-     IKE_APPROVED,
++     SAFE_PRIME,
+      CLASS_1536},
+     {"IKE 2048 with subprime",
+      {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},
diff --git a/SPECS/nss.spec b/SPECS/nss.spec
index cc80bde..1fd6eb5 100644
--- a/SPECS/nss.spec
+++ b/SPECS/nss.spec
@@ -168,6 +168,10 @@ Patch158: nss-sql-default-tests.patch
 Patch159: nss-disable-dc.patch
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1648822
 Patch160: nss-3.53.1-remove-timing-tests.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1884793
+Patch161: nss-3.53.1-no-small-primes.patch
+# Local patch: https://bugzilla.redhat.com/show_bug.cgi?id=1843417
+Patch162: nss-3.53-strict-proto-fix.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -280,6 +284,8 @@ pushd nss
 %patch158 -p1 -R -b .sql-default-tests
 %patch159 -p1 -b .dc
 %patch160 -p1 -b .remove-timing-tests
+%patch161 -p1 -b .no-small-primes
+%patch162 -p1 -b .strict-proto-fix
 popd
 
 #########################################################
@@ -892,6 +898,15 @@ fi
 
 
 %changelog
+* Thu Nov  5 2020 Johnny Hughes <johnny@centos.org> - 3.53.1-3
+- much thanks to both Tuomo Soini (foobar.fi) and Pat Riehecky (scientificlinux.org)
+  for finding the fix to these issues 
+* Fri Oct  2 2020 Tuomo Soini <tis@foobar.fi> - 3.53.1-3
+- Fix tests by updating PayPalEE.cert to valid one
+- Fix tests to expect small primes failing rhbz#1884793
+- Fix Cannot compile code with nss headers and -Werror=strict-prototypes
+  rhbz#1885321
+
 * Sat Aug  1 2020 Daiki Ueno <dueno@redhat.com> - 3.53.1-3
 - Disable dh timing test because it's unreliable on s390 (from Bob Relyea)
 - Explicitly enable upgradedb/sharedb test cycles