diff --git a/.gitignore b/.gitignore
index 2eebac8..63bb458 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 SOURCES/PayPalEE.cert
 SOURCES/PayPalICA.cert
+SOURCES/TestOldCA.p12
 SOURCES/blank-cert8.db
 SOURCES/blank-cert9.db
 SOURCES/blank-key3.db
diff --git a/.nss.metadata b/.nss.metadata
index cf37dcc..17a1a7d 100644
--- a/.nss.metadata
+++ b/.nss.metadata
@@ -1,5 +1,6 @@
 83025bf9062b026aae49ef8775c6432507159bca SOURCES/PayPalEE.cert
 a031c46782e6e6c662c2c87c76da9aa62ccabd8e SOURCES/PayPalICA.cert
+706c3f929a1e7eca473be12fcd92620709fdada6 SOURCES/TestOldCA.p12
 d272a7b58364862613d44261c5744f7a336bf177 SOURCES/blank-cert8.db
 b5570125fbf6bfb410705706af48217a0817c03a SOURCES/blank-cert9.db
 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 SOURCES/blank-key3.db
diff --git a/SOURCES/iquote.patch b/SOURCES/iquote.patch
index 5c1ed4c..4908c00 100644
--- a/SOURCES/iquote.patch
+++ b/SOURCES/iquote.patch
@@ -1,6 +1,6 @@
 diff -up ./nss/cmd/certutil/Makefile.iquote ./nss/cmd/certutil/Makefile
---- ./nss/cmd/certutil/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/cmd/certutil/Makefile	2016-02-06 08:03:25.509936899 -0800
+--- ./nss/cmd/certutil/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/cmd/certutil/Makefile	2017-09-21 16:39:08.680260103 +0200
 @@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -12,8 +12,8 @@ diff -up ./nss/cmd/certutil/Makefile.iquote ./nss/cmd/certutil/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/httpserv/Makefile.iquote ./nss/cmd/httpserv/Makefile
---- ./nss/cmd/httpserv/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/cmd/httpserv/Makefile	2016-02-06 08:00:39.403191706 -0800
+--- ./nss/cmd/httpserv/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/cmd/httpserv/Makefile	2017-09-21 16:39:08.680260103 +0200
 @@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -25,8 +25,8 @@ diff -up ./nss/cmd/httpserv/Makefile.iquote ./nss/cmd/httpserv/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/lib/Makefile.iquote ./nss/cmd/lib/Makefile
---- ./nss/cmd/lib/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/cmd/lib/Makefile	2016-02-06 08:00:39.403191706 -0800
+--- ./nss/cmd/lib/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/cmd/lib/Makefile	2017-09-21 16:39:08.680260103 +0200
 @@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -38,9 +38,22 @@ diff -up ./nss/cmd/lib/Makefile.iquote ./nss/cmd/lib/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/modutil/Makefile.iquote ./nss/cmd/modutil/Makefile
---- ./nss/cmd/modutil/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/cmd/modutil/Makefile	2016-02-06 08:00:39.403191706 -0800
-@@ -41,7 +41,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+--- ./nss/cmd/modutil/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/cmd/modutil/Makefile	2017-09-21 16:39:08.680260103 +0200
+@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (6) Execute "component" rules. (OPTIONAL)                           #
+ #######################################################################
+ 
+-
++INCLUDES += -iquote $(DIST)/../public/nss
++INCLUDES += -iquote $(DIST)/../private/nss
+ 
+ #######################################################################
+ # (7) Execute "local" rules. (OPTIONAL).                              #
+diff -up ./nss/cmd/pk12util/Makefile.iquote ./nss/cmd/pk12util/Makefile
+--- ./nss/cmd/pk12util/Makefile.iquote	2017-09-21 16:41:23.158209761 +0200
++++ ./nss/cmd/pk12util/Makefile	2017-09-21 16:41:44.298730232 +0200
+@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
  
@@ -51,8 +64,8 @@ diff -up ./nss/cmd/modutil/Makefile.iquote ./nss/cmd/modutil/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/selfserv/Makefile.iquote ./nss/cmd/selfserv/Makefile
---- ./nss/cmd/selfserv/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/cmd/selfserv/Makefile	2016-02-06 08:00:39.403191706 -0800
+--- ./nss/cmd/selfserv/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/cmd/selfserv/Makefile	2017-09-21 16:39:08.680260103 +0200
 @@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -64,8 +77,8 @@ diff -up ./nss/cmd/selfserv/Makefile.iquote ./nss/cmd/selfserv/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/ssltap/Makefile.iquote ./nss/cmd/ssltap/Makefile
---- ./nss/cmd/ssltap/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/cmd/ssltap/Makefile	2016-02-06 08:04:21.595228841 -0800
+--- ./nss/cmd/ssltap/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/cmd/ssltap/Makefile	2017-09-21 16:39:08.680260103 +0200
 @@ -39,7 +39,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -77,8 +90,8 @@ diff -up ./nss/cmd/ssltap/Makefile.iquote ./nss/cmd/ssltap/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/strsclnt/Makefile.iquote ./nss/cmd/strsclnt/Makefile
---- ./nss/cmd/strsclnt/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/cmd/strsclnt/Makefile	2016-02-06 08:00:39.404191687 -0800
+--- ./nss/cmd/strsclnt/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/cmd/strsclnt/Makefile	2017-09-21 16:39:08.681260081 +0200
 @@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -90,8 +103,8 @@ diff -up ./nss/cmd/strsclnt/Makefile.iquote ./nss/cmd/strsclnt/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/tstclnt/Makefile.iquote ./nss/cmd/tstclnt/Makefile
---- ./nss/cmd/tstclnt/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/cmd/tstclnt/Makefile	2016-02-06 08:04:40.506961353 -0800
+--- ./nss/cmd/tstclnt/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/cmd/tstclnt/Makefile	2017-09-21 16:39:08.681260081 +0200
 @@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  #######################################################################
  
@@ -102,8 +115,8 @@ diff -up ./nss/cmd/tstclnt/Makefile.iquote ./nss/cmd/tstclnt/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/cmd/vfyserv/Makefile.iquote ./nss/cmd/vfyserv/Makefile
---- ./nss/cmd/vfyserv/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/cmd/vfyserv/Makefile	2016-02-06 08:04:55.758745631 -0800
+--- ./nss/cmd/vfyserv/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/cmd/vfyserv/Makefile	2017-09-21 16:39:08.681260081 +0200
 @@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  #######################################################################
  
@@ -114,8 +127,8 @@ diff -up ./nss/cmd/vfyserv/Makefile.iquote ./nss/cmd/vfyserv/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/coreconf/location.mk.iquote ./nss/coreconf/location.mk
---- ./nss/coreconf/location.mk.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/coreconf/location.mk	2016-02-06 08:00:39.404191687 -0800
+--- ./nss/coreconf/location.mk.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/coreconf/location.mk	2017-09-21 16:39:08.681260081 +0200
 @@ -45,6 +45,10 @@ endif
  
  ifdef NSS_INCLUDE_DIR
@@ -127,9 +140,21 @@ diff -up ./nss/coreconf/location.mk.iquote ./nss/coreconf/location.mk
  endif
  
  ifndef NSS_LIB_DIR
+diff -up ./nss/gtests/ssl_gtest/Makefile.iquote ./nss/gtests/ssl_gtest/Makefile
+--- ./nss/gtests/ssl_gtest/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/gtests/ssl_gtest/Makefile	2017-09-21 16:39:08.682260058 +0200
+@@ -53,6 +53,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (6) Execute "component" rules. (OPTIONAL)                           #
+ #######################################################################
+ 
++INCLUDES += -iquote $(DIST)/../public/nss
++INCLUDES += -iquote $(DIST)/../private/nss
+ 
+ #######################################################################
+ # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/lib/certhigh/Makefile.iquote ./nss/lib/certhigh/Makefile
---- ./nss/lib/certhigh/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/lib/certhigh/Makefile	2016-02-06 08:00:39.404191687 -0800
+--- ./nss/lib/certhigh/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/lib/certhigh/Makefile	2017-09-21 16:39:08.681260081 +0200
 @@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -140,8 +165,8 @@ diff -up ./nss/lib/certhigh/Makefile.iquote ./nss/lib/certhigh/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/lib/cryptohi/Makefile.iquote ./nss/lib/cryptohi/Makefile
---- ./nss/lib/cryptohi/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/lib/cryptohi/Makefile	2016-02-06 08:00:39.404191687 -0800
+--- ./nss/lib/cryptohi/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/lib/cryptohi/Makefile	2017-09-21 16:39:08.681260081 +0200
 @@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -152,8 +177,8 @@ diff -up ./nss/lib/cryptohi/Makefile.iquote ./nss/lib/cryptohi/Makefile
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/lib/libpkix/pkix/checker/Makefile.iquote ./nss/lib/libpkix/pkix/checker/Makefile
---- ./nss/lib/libpkix/pkix/checker/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/lib/libpkix/pkix/checker/Makefile	2016-02-06 08:05:24.277342263 -0800
+--- ./nss/lib/libpkix/pkix/checker/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/lib/libpkix/pkix/checker/Makefile	2017-09-21 16:39:08.681260081 +0200
 @@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -165,8 +190,8 @@ diff -up ./nss/lib/libpkix/pkix/checker/Makefile.iquote ./nss/lib/libpkix/pkix/c
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up ./nss/lib/nss/Makefile.iquote ./nss/lib/nss/Makefile
---- ./nss/lib/nss/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/lib/nss/Makefile	2016-02-06 08:00:39.404191687 -0800
+--- ./nss/lib/nss/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/lib/nss/Makefile	2017-09-21 16:39:08.681260081 +0200
 @@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
@@ -177,26 +202,27 @@ diff -up ./nss/lib/nss/Makefile.iquote ./nss/lib/nss/Makefile
  
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
-diff -up ./nss/lib/ssl/Makefile.iquote ./nss/lib/ssl/Makefile
---- ./nss/lib/ssl/Makefile.iquote	2015-11-08 21:12:59.000000000 -0800
-+++ ./nss/lib/ssl/Makefile	2016-02-06 08:00:39.404191687 -0800
-@@ -49,6 +49,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+diff -up ./nss/lib/pkcs12/Makefile.iquote ./nss/lib/pkcs12/Makefile
+--- ./nss/lib/pkcs12/Makefile.iquote	2017-09-21 16:39:49.616331555 +0200
++++ ./nss/lib/pkcs12/Makefile	2017-09-21 16:40:16.286726596 +0200
+@@ -39,7 +39,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
  
+-
 +INCLUDES += -iquote $(DIST)/../public/nss
- 
++INCLUDES += -iquote $(DIST)/../private/nss
  
  #######################################################################
-diff -up ./nss/gtests/ssl_gtest/Makefile.iquote ./nss/gtests/ssl_gtest/Makefile
---- ./nss/gtests/ssl_gtest/Makefile.iquote	2016-02-18 21:51:23.746893964 -0500
-+++ ./nss/gtests/ssl_gtest/Makefile	2016-02-18 21:52:32.825583479 -0500
-@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (7) Execute "local" rules. (OPTIONAL).                              #
+diff -up ./nss/lib/ssl/Makefile.iquote ./nss/lib/ssl/Makefile
+--- ./nss/lib/ssl/Makefile.iquote	2017-04-05 14:23:56.000000000 +0200
++++ ./nss/lib/ssl/Makefile	2017-09-21 16:39:08.681260081 +0200
+@@ -56,6 +56,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
  # (6) Execute "component" rules. (OPTIONAL)                           #
  #######################################################################
  
 +INCLUDES += -iquote $(DIST)/../public/nss
-+INCLUDES += -iquote $(DIST)/../private/nss
+ 
  
  #######################################################################
- # (7) Execute "local" rules. (OPTIONAL).                              #
diff --git a/SOURCES/nss-pk12util-faulty-aes.patch b/SOURCES/nss-pk12util-faulty-aes.patch
new file mode 100644
index 0000000..c6d22cc
--- /dev/null
+++ b/SOURCES/nss-pk12util-faulty-aes.patch
@@ -0,0 +1,43 @@
+From 0615bf4ad6c7e07cc1b7dee4bded01fe8974ad0b Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Wed, 27 Sep 2017 11:11:10 +0200
+Subject: [PATCH] pk11wrap: Add backward compatibility with faulty PBES2 AES
+ schemes
+
+---
+ lib/pk11wrap/pk11pbe.c | 19 ++++++++++++++++++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/lib/pk11wrap/pk11pbe.c b/lib/pk11wrap/pk11pbe.c
+index bea9333f6..5f68f399e 100644
+--- a/lib/pk11wrap/pk11pbe.c
++++ b/lib/pk11wrap/pk11pbe.c
+@@ -367,7 +367,24 @@ sec_pkcs5v2_key_length(SECAlgorithmID *algid, SECAlgorithmID *cipherAlgId)
+         cipherAlg = SECOID_GetAlgorithmTag(cipherAlgId);
+ 
+     if (sec_pkcs5_is_algorithm_v2_aes_algorithm(cipherAlg)) {
+-        length = sec_pkcs5v2_aes_key_length(cipherAlg);
++        /* Previously, the PKCS#12 files created with the old NSS
++         * releases encoded the maximum key size of AES (that is 32)
++         * in the keyLength field of PBKDF2-params. That resulted in
++         * always performing AES-256 even if AES-128-CBC or
++         * AES-192-CBC is specified in the encryptionScheme field of
++         * PBES2-params. This is wrong, but for compatibility reasons,
++         * check the keyLength field and use the value if it is 32.
++         */
++        if (p5_param.keyLength.data != NULL) {
++            length = DER_GetInteger(&p5_param.keyLength);
++        }
++        /* If the keyLength field is present and contains a value
++         * other than 32, that means the file is created outside of
++         * NSS, which we don't care about. Note that the following
++         * also handles the case when the field is absent. */
++        if (length != 32) {
++            length = sec_pkcs5v2_aes_key_length(cipherAlg);
++        }
+     } else if (p5_param.keyLength.data != NULL) {
+         length = DER_GetInteger(&p5_param.keyLength);
+     } else {
+-- 
+2.13.5
+
diff --git a/SOURCES/nss-pk12util-force-unicode.patch b/SOURCES/nss-pk12util-force-unicode.patch
new file mode 100644
index 0000000..8aba8e7
--- /dev/null
+++ b/SOURCES/nss-pk12util-force-unicode.patch
@@ -0,0 +1,408 @@
+diff -up nss/cmd/pk12util/pk12util.c.pk12util-force-unicode nss/cmd/pk12util/pk12util.c
+--- nss/cmd/pk12util/pk12util.c.pk12util-force-unicode	2017-09-21 09:49:22.371039588 +0200
++++ nss/cmd/pk12util/pk12util.c	2017-09-21 09:49:22.389039181 +0200
+@@ -23,6 +23,7 @@
+ static char *progName;
+ PRBool pk12_debugging = PR_FALSE;
+ PRBool dumpRawFile;
++static PRBool pk12uForceUnicode;
+ 
+ PRIntn pk12uErrno = 0;
+ 
+@@ -357,6 +358,7 @@ p12U_ReadPKCS12File(SECItem *uniPwp, cha
+     SECItem p12file = { 0 };
+     SECStatus rv = SECFailure;
+     PRBool swapUnicode = PR_FALSE;
++    PRBool forceUnicode = pk12uForceUnicode;
+     PRBool trypw;
+     int error;
+ 
+@@ -424,6 +426,18 @@ p12U_ReadPKCS12File(SECItem *uniPwp, cha
+                 SEC_PKCS12DecoderFinish(p12dcx);
+                 uniPwp->len = 0;
+                 trypw = PR_TRUE;
++            } else if (forceUnicode == pk12uForceUnicode) {
++                /* try again with a different password encoding */
++                forceUnicode = !pk12uForceUnicode;
++                rv = NSS_OptionSet(__NSS_PKCS12_DECODE_FORCE_UNICODE,
++                                   forceUnicode);
++                if (rv != SECSuccess) {
++                    SECU_PrintError(progName, "PKCS12 decoding failed to set option");
++                    pk12uErrno = PK12UERR_DECODEVERIFY;
++                    break;
++                }
++                SEC_PKCS12DecoderFinish(p12dcx);
++                trypw = PR_TRUE;
+             } else {
+                 SECU_PrintError(progName, "PKCS12 decode not verified");
+                 pk12uErrno = PK12UERR_DECODEVERIFY;
+@@ -431,6 +445,15 @@ p12U_ReadPKCS12File(SECItem *uniPwp, cha
+             }
+         }
+     } while (trypw == PR_TRUE);
++
++    /* revert the option setting */
++    if (forceUnicode != pk12uForceUnicode) {
++        rv = NSS_OptionSet(__NSS_PKCS12_DECODE_FORCE_UNICODE, pk12uForceUnicode);
++        if (rv != SECSuccess) {
++            SECU_PrintError(progName, "PKCS12 decoding failed to set option");
++            pk12uErrno = PK12UERR_DECODEVERIFY;
++        }
++    }
+ /* rv has been set at this point */
+ 
+ done:
+@@ -470,6 +493,8 @@ P12U_ImportPKCS12Object(char *in_file, P
+ {
+     SEC_PKCS12DecoderContext *p12dcx = NULL;
+     SECItem uniPwitem = { 0 };
++    PRBool forceUnicode = pk12uForceUnicode;
++    PRBool trypw;
+     SECStatus rv = SECFailure;
+ 
+     rv = P12U_InitSlot(slot, slotPw);
+@@ -480,31 +505,62 @@ P12U_ImportPKCS12Object(char *in_file, P
+         return rv;
+     }
+ 
+-    rv = SECFailure;
+-    p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw);
++    do {
++        trypw = PR_FALSE; /* normally we do this once */
++        rv = SECFailure;
++        p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw);
+ 
+-    if (p12dcx == NULL) {
+-        goto loser;
+-    }
++        if (p12dcx == NULL) {
++            goto loser;
++        }
+ 
+-    /* make sure the bags are okey dokey -- nicknames correct, etc. */
+-    rv = SEC_PKCS12DecoderValidateBags(p12dcx, P12U_NicknameCollisionCallback);
+-    if (rv != SECSuccess) {
+-        if (PORT_GetError() == SEC_ERROR_PKCS12_DUPLICATE_DATA) {
+-            pk12uErrno = PK12UERR_CERTALREADYEXISTS;
+-        } else {
+-            pk12uErrno = PK12UERR_DECODEVALIBAGS;
++        /* make sure the bags are okey dokey -- nicknames correct, etc. */
++        rv = SEC_PKCS12DecoderValidateBags(p12dcx, P12U_NicknameCollisionCallback);
++        if (rv != SECSuccess) {
++            if (PORT_GetError() == SEC_ERROR_PKCS12_DUPLICATE_DATA) {
++                pk12uErrno = PK12UERR_CERTALREADYEXISTS;
++            } else {
++                pk12uErrno = PK12UERR_DECODEVALIBAGS;
++            }
++            SECU_PrintError(progName, "PKCS12 decode validate bags failed");
++            goto loser;
+         }
+-        SECU_PrintError(progName, "PKCS12 decode validate bags failed");
+-        goto loser;
+-    }
+ 
+-    /* stuff 'em in */
+-    rv = SEC_PKCS12DecoderImportBags(p12dcx);
+-    if (rv != SECSuccess) {
+-        SECU_PrintError(progName, "PKCS12 decode import bags failed");
+-        pk12uErrno = PK12UERR_DECODEIMPTBAGS;
+-        goto loser;
++        /* stuff 'em in */
++        if (forceUnicode != pk12uForceUnicode) {
++            rv = NSS_OptionSet(__NSS_PKCS12_DECODE_FORCE_UNICODE,
++                               forceUnicode);
++            if (rv != SECSuccess) {
++                SECU_PrintError(progName, "PKCS12 decode set option failed");
++                pk12uErrno = PK12UERR_DECODEIMPTBAGS;
++                goto loser;
++            }
++        }
++        rv = SEC_PKCS12DecoderImportBags(p12dcx);
++        if (rv != SECSuccess) {
++            if (PR_GetError() == SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY &&
++                forceUnicode == pk12uForceUnicode) {
++                /* try again with a different password encoding */
++                forceUnicode = !pk12uForceUnicode;
++                SEC_PKCS12DecoderFinish(p12dcx);
++                SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
++                trypw = PR_TRUE;
++            } else {
++                SECU_PrintError(progName, "PKCS12 decode import bags failed");
++                pk12uErrno = PK12UERR_DECODEIMPTBAGS;
++                goto loser;
++            }
++        }
++    } while (trypw);
++
++    /* revert the option setting */
++    if (forceUnicode != pk12uForceUnicode) {
++        rv = NSS_OptionSet(__NSS_PKCS12_DECODE_FORCE_UNICODE, pk12uForceUnicode);
++        if (rv != SECSuccess) {
++            SECU_PrintError(progName, "PKCS12 decode set option failed");
++            pk12uErrno = PK12UERR_DECODEIMPTBAGS;
++            goto loser;
++        }
+     }
+ 
+     fprintf(stdout, "%s: PKCS12 IMPORT SUCCESSFUL\n", progName);
+@@ -951,6 +1007,7 @@ main(int argc, char **argv)
+     int keyLen = 0;
+     int certKeyLen = 0;
+     secuCommand pk12util;
++    PRInt32 forceUnicode;
+ 
+ #ifdef _CRTDBG_MAP_ALLOC
+     _CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF);
+@@ -982,6 +1039,14 @@ main(int argc, char **argv)
+         Usage(progName);
+     }
+ 
++    rv = NSS_OptionGet(__NSS_PKCS12_DECODE_FORCE_UNICODE, &forceUnicode);
++    if (rv != SECSuccess) {
++        SECU_PrintError(progName,
++                        "Failed to get NSS_PKCS12_DECODE_FORCE_UNICODE option");
++        Usage(progName);
++    }
++    pk12uForceUnicode = forceUnicode;
++
+     slotname = SECU_GetOptionArg(&pk12util, opt_TokenName);
+ 
+     import_file = (pk12util.options[opt_List].activated) ? SECU_GetOptionArg(&pk12util, opt_List)
+diff -up nss/lib/nss/nss.h.pk12util-force-unicode nss/lib/nss/nss.h
+--- nss/lib/nss/nss.h.pk12util-force-unicode	2017-04-05 14:23:56.000000000 +0200
++++ nss/lib/nss/nss.h	2017-09-21 09:49:22.387039226 +0200
+@@ -291,6 +291,15 @@ SECStatus NSS_UnregisterShutdown(NSS_Shu
+ #define NSS_DTLS_VERSION_MIN_POLICY 0x00a
+ #define NSS_DTLS_VERSION_MAX_POLICY 0x00b
+ 
++/* Until NSS 3.30, the PKCS#12 implementation used BMPString encoding
++ * for all passwords.  This changed to use UTF-8 for non-PKCS#12 PBEs
++ * in NSS 3.31.
++ *
++ * For backward compatibility, this option reverts the behavior to the
++ * old NSS versions.  This option might be removed in the future NSS
++ * releases; don't rely on it. */
++#define __NSS_PKCS12_DECODE_FORCE_UNICODE 0x00c
++
+ /*
+  * Set and get global options for the NSS library.
+  */
+diff -up nss/lib/nss/nssoptions.c.pk12util-force-unicode nss/lib/nss/nssoptions.c
+--- nss/lib/nss/nssoptions.c.pk12util-force-unicode	2017-04-05 14:23:56.000000000 +0200
++++ nss/lib/nss/nssoptions.c	2017-09-21 09:49:22.387039226 +0200
+@@ -23,6 +23,7 @@ struct nssOps {
+     PRInt32 tlsVersionMaxPolicy;
+     PRInt32 dtlsVersionMinPolicy;
+     PRInt32 dtlsVersionMaxPolicy;
++    PRInt32 pkcs12DecodeForceUnicode;
+ };
+ 
+ static struct nssOps nss_ops = {
+@@ -33,6 +34,7 @@ static struct nssOps nss_ops = {
+     0xffff, /* set TLS max to more than the largest legal SSL value */
+     1,
+     0xffff,
++    PR_FALSE
+ };
+ 
+ SECStatus
+@@ -62,6 +64,9 @@ NSS_OptionSet(PRInt32 which, PRInt32 val
+         case NSS_DTLS_VERSION_MAX_POLICY:
+             nss_ops.dtlsVersionMaxPolicy = value;
+             break;
++        case __NSS_PKCS12_DECODE_FORCE_UNICODE:
++            nss_ops.pkcs12DecodeForceUnicode = value;
++            break;
+         default:
+             rv = SECFailure;
+     }
+@@ -96,6 +101,9 @@ NSS_OptionGet(PRInt32 which, PRInt32 *va
+         case NSS_DTLS_VERSION_MAX_POLICY:
+             *value = nss_ops.dtlsVersionMaxPolicy;
+             break;
++        case __NSS_PKCS12_DECODE_FORCE_UNICODE:
++            *value = nss_ops.pkcs12DecodeForceUnicode;
++            break;
+         default:
+             rv = SECFailure;
+     }
+diff -up nss/lib/pkcs12/p12d.c.pk12util-force-unicode nss/lib/pkcs12/p12d.c
+--- nss/lib/pkcs12/p12d.c.pk12util-force-unicode	2017-09-21 09:49:22.374039520 +0200
++++ nss/lib/pkcs12/p12d.c	2017-09-21 09:49:22.388039203 +0200
+@@ -3,6 +3,7 @@
+  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+ 
+ #include "nssrenam.h"
++#include "nss.h"
+ #include "p12t.h"
+ #include "p12.h"
+ #include "plarena.h"
+@@ -126,6 +127,7 @@ struct SEC_PKCS12DecoderContextStr {
+     SECKEYGetPasswordKey pwfn;
+     void *pwfnarg;
+     PRBool swapUnicodeBytes;
++    PRBool forceUnicode;
+ 
+     /* import information */
+     PRBool bagsVerified;
+@@ -192,8 +194,18 @@ sec_pkcs12_decoder_get_decrypt_key(void
+     }
+ 
+     algorithm = SECOID_GetAlgorithmTag(algid);
+-    if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm, p12dcx->pwitem))
+-        return NULL;
++
++    if (p12dcx->forceUnicode) {
++        if (SECITEM_CopyItem(NULL, &pwitem, p12dcx->pwitem) != SECSuccess) {
++            PK11_FreeSlot(slot);
++            return NULL;
++        }
++    } else {
++        if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm, p12dcx->pwitem)) {
++            PK11_FreeSlot(slot);
++            return NULL;
++        }
++    }
+ 
+     bulkKey = PK11_PBEKeyGen(slot, algid, &pwitem, PR_FALSE, p12dcx->wincx);
+     /* some tokens can't generate PBE keys on their own, generate the
+@@ -1164,6 +1176,8 @@ SEC_PKCS12DecoderStart(SECItem *pwitem,
+ {
+     SEC_PKCS12DecoderContext *p12dcx;
+     PLArenaPool *arena;
++    PRInt32 forceUnicode = PR_FALSE;
++    SECStatus rv;
+ 
+     arena = PORT_NewArena(2048); /* different size? */
+     if (!arena) {
+@@ -1196,6 +1210,11 @@ SEC_PKCS12DecoderStart(SECItem *pwitem,
+ #else
+     p12dcx->swapUnicodeBytes = PR_FALSE;
+ #endif
++    rv = NSS_OptionGet(__NSS_PKCS12_DECODE_FORCE_UNICODE, &forceUnicode);
++    if (rv != SECSuccess) {
++        goto loser;
++    }
++    p12dcx->forceUnicode = forceUnicode;
+     p12dcx->errorValue = 0;
+     p12dcx->error = PR_FALSE;
+ 
+@@ -2428,7 +2447,7 @@ sec_pkcs12_get_public_value_and_type(SEC
+ static SECStatus
+ sec_pkcs12_add_key(sec_PKCS12SafeBag *key, SECKEYPublicKey *pubKey,
+                    unsigned int keyUsage,
+-                   SECItem *nickName, void *wincx)
++                   SECItem *nickName, PRBool forceUnicode, void *wincx)
+ {
+     SECStatus rv;
+     SECItem *publicValue = NULL;
+@@ -2466,9 +2485,21 @@ sec_pkcs12_add_key(sec_PKCS12SafeBag *ke
+                 &key->safeBagContent.pkcs8ShroudedKeyBag->algorithm;
+             SECOidTag algorithm = SECOID_GetAlgorithmTag(algid);
+ 
+-            if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm,
+-                                            key->pwitem))
+-                return SECFailure;
++            if (forceUnicode) {
++                if (SECITEM_CopyItem(NULL, &pwitem, key->pwitem) != SECSuccess) {
++                    key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
++                    key->problem = PR_TRUE;
++                    return SECFailure;
++                }
++            } else {
++                if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm,
++                                                key->pwitem)) {
++                    key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
++                    key->problem = PR_TRUE;
++                    return SECFailure;
++                }
++            }
++
+             rv = PK11_ImportEncryptedPrivateKeyInfo(key->slot,
+                                                     key->safeBagContent.pkcs8ShroudedKeyBag,
+                                                     &pwitem, nickName, publicValue,
+@@ -2923,7 +2954,8 @@ sec_pkcs12_get_public_value_and_type(SEC
+  * two passes in sec_pkcs12_validate_bags.
+  */
+ static SECStatus
+-sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags, void *wincx)
++sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags, PRBool forceUnicode,
++                        void *wincx)
+ {
+     sec_PKCS12SafeBag **keyList;
+     int i;
+@@ -2976,7 +3008,8 @@ sec_pkcs12_install_bags(sec_PKCS12SafeBa
+                 key->problem = PR_TRUE;
+                 rv = SECFailure;
+             } else {
+-                rv = sec_pkcs12_add_key(key, pubKey, keyUsage, nickName, wincx);
++                rv = sec_pkcs12_add_key(key, pubKey, keyUsage, nickName,
++                                        forceUnicode, wincx);
+             }
+             if (pubKey) {
+                 SECKEY_DestroyPublicKey(pubKey);
+@@ -3053,6 +3086,9 @@ sec_pkcs12_install_bags(sec_PKCS12SafeBa
+ SECStatus
+ SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx)
+ {
++    PRBool forceUnicode = PR_FALSE;
++    SECStatus rv;
++
+     if (!p12dcx || p12dcx->error) {
+         PORT_SetError(SEC_ERROR_INVALID_ARGS);
+         return SECFailure;
+@@ -3062,7 +3098,16 @@ SEC_PKCS12DecoderImportBags(SEC_PKCS12De
+         return SECFailure;
+     }
+ 
+-    return sec_pkcs12_install_bags(p12dcx->safeBags, p12dcx->wincx);
++    /* We need to check the option here as well as in
++     * SEC_PKCS12DecoderStart, because different PBE's could be used
++     * for PKCS #7 and PKCS #8 */
++    rv = NSS_OptionGet(__NSS_PKCS12_DECODE_FORCE_UNICODE, &forceUnicode);
++    if (rv != SECSuccess) {
++        return SECFailure;
++    }
++
++    return sec_pkcs12_install_bags(p12dcx->safeBags, forceUnicode,
++                                   p12dcx->wincx);
+ }
+ 
+ PRBool
+diff -up nss/tests/tools/tools.sh.pk12util-force-unicode nss/tests/tools/tools.sh
+--- nss/tests/tools/tools.sh.pk12util-force-unicode	2017-09-21 09:49:22.373039542 +0200
++++ nss/tests/tools/tools.sh	2017-09-21 09:50:06.593062871 +0200
+@@ -106,6 +106,8 @@ tools_init()
+   cp ${ALICEDIR}/* ${SIGNDIR}/
+   mkdir -p ${TOOLSDIR}/html
+   cp ${QADIR}/tools/sign*.html ${TOOLSDIR}/html
++  mkdir -p ${TOOLSDIR}/data
++  cp ${QADIR}/tools/TestOldCA.p12 ${TOOLSDIR}/data
+ 
+   cd ${TOOLSDIR}
+ }
+@@ -398,6 +400,16 @@ tools_p12_export_list_import_with_defaul
+   fi
+ }
+ 
++tools_p12_import_old_files()
++{
++  echo "$SCRIPTNAME: Importing CA cert & key created with NSS 3.21 --------------"
++  echo "pk12util -i TestOldCA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
++  ${BINDIR}/pk12util -i ${TOOLSDIR}/data/TestOldCA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
++  ret=$?
++  html_msg $ret 0 "Importing CA cert & key created with NSS 3.21"
++  check_tmpfile
++}
++
+ ############################## tools_p12 ###############################
+ # local shell function to test basic functionality of pk12util
+ ########################################################################
+@@ -408,6 +420,7 @@ tools_p12()
+   tools_p12_export_list_import_all_pkcs5pbe_ciphers
+   tools_p12_export_list_import_all_pkcs12v2pbe_ciphers
+   tools_p12_export_with_null_ciphers
++  tools_p12_import_old_files
+ }
+ 
+ ############################## tools_sign ##############################
diff --git a/SPECS/nss.spec b/SPECS/nss.spec
index c372718..635f246 100644
--- a/SPECS/nss.spec
+++ b/SPECS/nss.spec
@@ -27,7 +27,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.28.4
-Release:          12%{?dist}
+Release:          15%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -88,6 +88,7 @@ Source27:         secmod.db.xml
 Source30:         PayPalRootCA.cert
 Source31:         PayPalICA.cert
 Source32:         nss-rhel7.config
+Source33:         TestOldCA.p12
 
 Patch2:           add-relro-linker-option.patch
 Patch3:           renegotiate-transitional.patch
@@ -155,6 +156,11 @@ Patch140: nss-ssl3gthr.patch
 Patch141: nss-sysinit-getenv.patch
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1377618
 Patch142: nss-transcript.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1399867
+Patch143: nss-pk12util-force-unicode.patch
+# Not upstreamed yet:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1493911
+Patch144: nss-pk12util-faulty-aes.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -231,6 +237,7 @@ low level services.
 %{__cp} %{SOURCE19} -f ./nss/tests/libpkix/certs
 %{__cp} %{SOURCE30} -f ./nss/tests/libpkix/certs
 %{__cp} %{SOURCE31} -f ./nss/tests/libpkix/certs
+%{__cp} %{SOURCE33} -f ./nss/tests/tools
 %setup -q -T -D -n %{name}-%{version}
 
 %patch2 -p0 -b .relro
@@ -269,6 +276,8 @@ pushd nss
 %patch140 -p1 -b .ssl3gthr
 %patch141 -p1 -b .sysinit-getenv
 %patch142 -p1 -b .transcript
+%patch143 -p1 -b .pk12util-force-unicode
+%patch144 -p1 -b .pk12util-faulty-aes
 popd
 
 #########################################################
@@ -859,6 +868,15 @@ fi
 
 
 %changelog
+* Wed Sep 27 2017 Daiki Ueno <dueno@redhat.com> - 3.28.4-15
+- Add backward compatibility to pk12util regarding faulty PBES2 AES encryption
+
+* Thu Sep 21 2017 Daiki Ueno <dueno@redhat.com> - 3.28.4-14
+- Update iquote.patch to prefer nss.h from the source
+
+* Wed Sep 20 2017 Daiki Ueno <dueno@redhat.com> - 3.28.4-13
+- Add backward compatibility to pk12util regarding password encoding
+
 * Fri Aug  4 2017 Daiki Ueno <dueno@redhat.com> - 3.28.4-12
 - Backport patch to simplify transcript calculation for CertificateVerify