diff -up nss/lib/ssl/sslsock.c.disable-ems nss/lib/ssl/sslsock.c
--- nss/lib/ssl/sslsock.c.disable-ems	2017-01-13 17:33:07.226905929 +0100
+++ nss/lib/ssl/sslsock.c	2017-01-13 17:35:19.175659702 +0100
@@ -75,6 +75,7 @@ static sslOptions ssl_defaults = {
     PR_TRUE,               /* reuseServerECDHEKey */
     PR_FALSE,              /* enableFallbackSCSV */
     PR_TRUE,               /* enableServerDhe */
+/* Keep extended-master-secret disabled until we have a compatible softokn. */
     PR_FALSE,              /* enableExtendedMS    */
     PR_FALSE,              /* enableSignedCertTimestamps */
     PR_FALSE,              /* requireDHENamedGroups */
@@ -766,7 +767,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
             break;
 
         case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+#if 0
+/* No-Op until we have a compatible softokn. */
             ss->opt.enableExtendedMS = on;
+#endif
             break;
 
         case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
@@ -1199,7 +1203,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
             break;
 
         case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+#if 0
+/* No-Op until we have a compatible softokn. */
             ssl_defaults.enableExtendedMS = on;
+#endif
             break;
 
         case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: