diff --git a/.gitignore b/.gitignore
index 9f715bd..8cd8873 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,7 +10,7 @@ SOURCES/cert8.db.xml
 SOURCES/cert9.db.xml
 SOURCES/key3.db.xml
 SOURCES/key4.db.xml
-SOURCES/nss-3.36.0.tar.gz
+SOURCES/nss-3.44.tar.gz
 SOURCES/nss-config.xml
 SOURCES/secmod.db.xml
 SOURCES/setup-nsssysinit.xml
diff --git a/.nss.metadata b/.nss.metadata
index 542343e..829bbd4 100644
--- a/.nss.metadata
+++ b/.nss.metadata
@@ -10,7 +10,7 @@ bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 SOURCES/blank-secmod.db
 7cbb7841b1aefe52534704bf2a4358bfea1aa477 SOURCES/cert9.db.xml
 24c123810543ff0f6848647d6d910744e275fb01 SOURCES/key3.db.xml
 af51b16a56fda1f7525a0eed3ecbdcbb4133be0c SOURCES/key4.db.xml
-e9d8137e035efed17bd0ca12db497dbeff9b828e SOURCES/nss-3.36.0.tar.gz
+44a83b1bf4efd27605177ecdbf217e579ae8c8ae SOURCES/nss-3.44.tar.gz
 2905c9b06e7e686c9e3c0b5736a218766d4ae4c2 SOURCES/nss-config.xml
 ca9ebf79c1437169a02527c18b1e3909943c4be9 SOURCES/secmod.db.xml
 bcbe05281b38d843273f91ae3f9f19f70c7d97b3 SOURCES/setup-nsssysinit.xml
diff --git a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
index 527b312..99a0919 100644
--- a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
+++ b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
@@ -1,19 +1,21 @@
 diff -up nss/lib/ssl/config.mk.disableSSL2libssl nss/lib/ssl/config.mk
---- nss/lib/ssl/config.mk.disableSSL2libssl	2017-01-04 15:24:24.000000000 +0100
-+++ nss/lib/ssl/config.mk	2017-01-16 10:53:47.629894929 +0100
-@@ -69,3 +69,8 @@ endif
- ifdef NSS_DISABLE_TLS_1_3
+--- nss/lib/ssl/config.mk.disableSSL2libssl	2019-03-28 10:36:01.859196244 +0100
++++ nss/lib/ssl/config.mk	2019-03-28 10:36:53.250120885 +0100
+@@ -61,6 +61,10 @@ ifdef NSS_DISABLE_TLS_1_3
  DEFINES += -DNSS_DISABLE_TLS_1_3
  endif
-+
+ 
 +ifdef NSS_NO_SSL2
 +DEFINES += -DNSS_NO_SSL2
 +endif
 +
+ ifeq (,$(filter-out DragonFly FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
+ CFLAGS += -std=gnu99
+ endif
 diff -up nss/lib/ssl/sslsock.c.disableSSL2libssl nss/lib/ssl/sslsock.c
---- nss/lib/ssl/sslsock.c.disableSSL2libssl	2017-01-16 10:53:47.615895344 +0100
-+++ nss/lib/ssl/sslsock.c	2017-01-16 10:54:16.088051233 +0100
-@@ -1221,6 +1221,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
+--- nss/lib/ssl/sslsock.c.disableSSL2libssl	2019-03-28 10:36:01.849196454 +0100
++++ nss/lib/ssl/sslsock.c	2019-03-28 10:36:01.860196223 +0100
+@@ -1363,6 +1363,10 @@ SSLExp_SetMaxEarlyDataSize(PRFileDesc *f
  static PRBool
  ssl_IsRemovedCipherSuite(PRInt32 suite)
  {
diff --git a/SOURCES/Bug-1001841-disable-sslv2-tests.patch b/SOURCES/Bug-1001841-disable-sslv2-tests.patch
index 96569b2..093bb54 100644
--- a/SOURCES/Bug-1001841-disable-sslv2-tests.patch
+++ b/SOURCES/Bug-1001841-disable-sslv2-tests.patch
@@ -1,9 +1,9 @@
 diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh
---- nss/tests/ssl/ssl.sh.disableSSL2tests	2018-03-05 16:58:32.000000000 +0100
-+++ nss/tests/ssl/ssl.sh	2018-03-09 17:24:07.047568191 +0100
+--- nss/tests/ssl/ssl.sh.disableSSL2tests	2019-03-16 01:25:08.000000000 +0100
++++ nss/tests/ssl/ssl.sh	2019-03-28 10:39:14.254180729 +0100
 @@ -68,9 +68,14 @@ ssl_init()
    NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
-   
+ 
    # Test case files
 -  SSLCOV=${QADIR}/ssl/sslcov.txt
 +  if [ "${NSS_NO_SSL2}" = "1" ]; then
@@ -42,8 +42,8 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh
        fi
    fi
    is_selfserv_alive
-@@ -275,7 +288,7 @@ ssl_cov()
-   start_selfserv # Launch the server
+@@ -278,7 +291,7 @@ ssl_cov()
+   start_selfserv $CIPHER_SUITES # Launch the server
  
    VMIN="ssl3"
 -  VMAX="tls1.1"
@@ -51,7 +51,7 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh
  
    ignore_blank_lines ${SSLCOV} | \
    while read ectype testmax param testname
-@@ -283,6 +296,12 @@ ssl_cov()
+@@ -286,6 +299,12 @@ ssl_cov()
        echo "${testname}" | grep "EXPORT" > /dev/null
        EXP=$?
  
@@ -61,6 +61,6 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh
 +         continue
 +      fi
 +
-       if [ "$ectype" = "ECC" ] ; then
-           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
-       else
+       # RSA-PSS tests are handled in a separate function
+       case $testname in
+         *RSA-PSS)
diff --git a/SOURCES/enable-fips-when-system-is-in-fips-mode.patch b/SOURCES/enable-fips-when-system-is-in-fips-mode.patch
deleted file mode 100644
index dde5dcb..0000000
--- a/SOURCES/enable-fips-when-system-is-in-fips-mode.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-diff -up nss/lib/pk11wrap/pk11pars.c.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/pk11pars.c
---- nss/lib/pk11wrap/pk11pars.c.852023_enable_fips_when_in_fips_mode	2018-03-05 16:58:32.000000000 +0100
-+++ nss/lib/pk11wrap/pk11pars.c	2018-03-09 17:24:39.815838810 +0100
-@@ -671,6 +671,10 @@ SECMOD_CreateModuleEx(const char *librar
- 
-     mod->internal = NSSUTIL_ArgHasFlag("flags", "internal", nssc);
-     mod->isFIPS = NSSUTIL_ArgHasFlag("flags", "FIPS", nssc);
-+    /* if the system FIPS mode is enabled, force FIPS to be on */
-+    if (SECMOD_GetSystemFIPSEnabled()) {
-+	mod->isFIPS = PR_TRUE;
-+    }
-     mod->isCritical = NSSUTIL_ArgHasFlag("flags", "critical", nssc);
-     slotParams = NSSUTIL_ArgGetParamValue("slotParams", nssc);
-     mod->slotInfo = NSSUTIL_ArgParseSlotInfo(mod->arena, slotParams,
-diff -up nss/lib/pk11wrap/pk11util.c.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/pk11util.c
---- nss/lib/pk11wrap/pk11util.c.852023_enable_fips_when_in_fips_mode	2018-03-05 16:58:32.000000000 +0100
-+++ nss/lib/pk11wrap/pk11util.c	2018-03-09 17:25:46.804347730 +0100
-@@ -95,6 +95,26 @@ SECMOD_Shutdown()
-     return SECSuccess;
- }
- 
-+int SECMOD_GetSystemFIPSEnabled(void) {
-+#ifdef LINUX
-+    FILE *f;
-+    char d;
-+    size_t size;
-+
-+    f = fopen("/proc/sys/crypto/fips_enabled", "r");
-+    if (!f)
-+        return 0;
-+
-+    size = fread(&d, 1, 1, f);
-+    fclose(f);
-+    if (size != 1)
-+        return 0;
-+    if (d == '1')
-+        return 1;
-+#endif
-+    return 0;
-+}
-+
- /*
-  * retrieve the internal module
-  */
-@@ -428,7 +448,7 @@ SECMOD_DeleteInternalModule(const char *
-     SECMODModuleList **mlpp;
-     SECStatus rv = SECFailure;
- 
--    if (pendingModule) {
-+    if (SECMOD_GetSystemFIPSEnabled() || pendingModule) {
-         PORT_SetError(SEC_ERROR_MODULE_STUCK);
-         return rv;
-     }
-@@ -963,7 +983,7 @@ SECMOD_CanDeleteInternalModule(void)
- #ifdef NSS_FIPS_DISABLED
-     return PR_FALSE;
- #else
--    return (PRBool)(pendingModule == NULL);
-+    return (PRBool) ((pendingModule == NULL) && !SECMOD_GetSystemFIPSEnabled());
- #endif
- }
- 
-diff -up nss/lib/pk11wrap/secmodi.h.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/secmodi.h
---- nss/lib/pk11wrap/secmodi.h.852023_enable_fips_when_in_fips_mode	2018-03-05 16:58:32.000000000 +0100
-+++ nss/lib/pk11wrap/secmodi.h	2018-03-09 17:24:39.816838788 +0100
-@@ -115,6 +115,13 @@ PK11SymKey *pk11_TokenKeyGenWithFlagsAnd
- CK_MECHANISM_TYPE pk11_GetPBECryptoMechanism(SECAlgorithmID *algid,
-                                              SECItem **param, SECItem *pwd, PRBool faulty3DES);
- 
-+/* Get the state of the system FIPS mode */
-+/* NSS uses this to force FIPS mode if the system bit is on. Applications which
-+ * use the SECMOD_CanDeleteInteral() to check to see if they can switch to or
-+ * from FIPS mode will automatically be told that they can't swith out of FIPS
-+ * mode */
-+int SECMOD_GetSystemFIPSEnabled();
-+
- extern void pk11sdr_Init(void);
- extern void pk11sdr_Shutdown(void);
- 
diff --git a/SOURCES/nss-3.36-ipsec_cert_vfy.patch b/SOURCES/nss-3.36-ipsec_cert_vfy.patch
deleted file mode 100644
index 50d71ad..0000000
--- a/SOURCES/nss-3.36-ipsec_cert_vfy.patch
+++ /dev/null
@@ -1,820 +0,0 @@
-# HG changeset patch
-# User Robert Relyea <rrelyea@redhat.com>
-# Date 1541713180 28800
-#      Thu Nov 08 13:39:40 2018 -0800
-# Node ID 0c8334a3b23372556ebedbdfe513417eb9ee55a0
-# Parent  070bebf39672054410437b0cf931e00a8920a1ff
-try: -b do -p all -u all -t all
-
-diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c
---- a/cmd/certutil/certutil.c
-+++ b/cmd/certutil/certutil.c
-@@ -736,16 +736,19 @@ ValidateCert(CERTCertDBHandle *handle, c
-             usage = certificateUsageVerifyCA;
-             break;
-         case 'C':
-             usage = certificateUsageSSLClient;
-             break;
-         case 'V':
-             usage = certificateUsageSSLServer;
-             break;
-+        case 'I':
-+            usage = certificateUsageIPsec;
-+            break;
-         case 'S':
-             usage = certificateUsageEmailSigner;
-             break;
-         case 'R':
-             usage = certificateUsageEmailRecipient;
-             break;
-         case 'J':
-             usage = certificateUsageObjectSigner;
-@@ -1701,16 +1704,17 @@ luV(enum usage_level ul, const char *com
-         "   -n cert-name");
-     FPS "%-20s validity time (\"YYMMDDHHMMSS[+HHMM|-HHMM|Z]\")\n",
-         "   -b time");
-     FPS "%-20s Check certificate signature \n",
-         "   -e ");
-     FPS "%-20s Specify certificate usage:\n", "   -u certusage");
-     FPS "%-25s C \t SSL Client\n", "");
-     FPS "%-25s V \t SSL Server\n", "");
-+    FPS "%-25s I \t IPsec\n", "");
-     FPS "%-25s L \t SSL CA\n", "");
-     FPS "%-25s A \t Any CA\n", "");
-     FPS "%-25s Y \t Verify CA\n", "");
-     FPS "%-25s S \t Email signer\n", "");
-     FPS "%-25s R \t Email Recipient\n", "");
-     FPS "%-25s O \t OCSP status responder\n", "");
-     FPS "%-25s J \t Object signer\n", "");
-     FPS "%-20s Cert database directory (default is ~/.netscape)\n",
-diff --git a/cmd/dbck/dbrecover.c b/cmd/dbck/dbrecover.c
---- a/cmd/dbck/dbrecover.c
-+++ b/cmd/dbck/dbrecover.c
-@@ -283,17 +283,18 @@ addCertToDB(certDBEntryCert *certEntry, 
-     userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) ||
-                (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) ||
-                (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER);
-     if (userCert)
-         goto createcert;
- 
-     /*  If user chooses so, ignore expired certificates.  */
-     allowOverride = (PRBool)((oldCert->keyUsage == certUsageSSLServer) ||
--                             (oldCert->keyUsage == certUsageSSLServerWithStepUp));
-+                             (oldCert->keyUsage == certUsageSSLServerWithStepUp) ||
-+                             (oldCert->keyUsage == certUsageIPsec));
-     validity = CERT_CheckCertValidTimes(oldCert, PR_Now(), allowOverride);
-     /*  If cert expired and user wants to delete it, ignore it. */
-     if ((validity != secCertTimeValid) &&
-         userSaysDeleteCert(&oldCert, 1, dbInvalidCert, info, 0)) {
-         info->dbErrors[dbInvalidCert]++;
-         if (info->verbose) {
-             PR_fprintf(info->out, "Deleting expired certificate:\n");
-             dumpCertificate(oldCert, -1, info->out);
-diff --git a/cmd/ocspclnt/ocspclnt.c b/cmd/ocspclnt/ocspclnt.c
---- a/cmd/ocspclnt/ocspclnt.c
-+++ b/cmd/ocspclnt/ocspclnt.c
-@@ -129,16 +129,18 @@ long_usage(char *progname)
-     PR_fprintf(pr_stderr,
-                "  %-13s Type of certificate usage for verification:\n",
-                "-u usage");
-     PR_fprintf(pr_stderr,
-                "%-17s c   SSL Client\n", "");
-     PR_fprintf(pr_stderr,
-                "%-17s s   SSL Server\n", "");
-     PR_fprintf(pr_stderr,
-+               "%-17s I   IPsec\n", "");
-+    PR_fprintf(pr_stderr,
-                "%-17s e   Email Recipient\n", "");
-     PR_fprintf(pr_stderr,
-                "%-17s E   Email Signer\n", "");
-     PR_fprintf(pr_stderr,
-                "%-17s S   Object Signer\n", "");
-     PR_fprintf(pr_stderr,
-                "%-17s C   CA\n", "");
-     PR_fprintf(pr_stderr,
-@@ -903,16 +905,19 @@ cert_usage_from_char(const char *cert_us
- 
-     switch (*cert_usage_str) {
-         case 'c':
-             *cert_usage = certUsageSSLClient;
-             break;
-         case 's':
-             *cert_usage = certUsageSSLServer;
-             break;
-+        case 'I':
-+            *cert_usage = certUsageIPsec;
-+            break;
-         case 'e':
-             *cert_usage = certUsageEmailRecipient;
-             break;
-         case 'E':
-             *cert_usage = certUsageEmailSigner;
-             break;
-         case 'S':
-             *cert_usage = certUsageObjectSigner;
-diff --git a/cmd/p7verify/p7verify.c b/cmd/p7verify/p7verify.c
---- a/cmd/p7verify/p7verify.c
-+++ b/cmd/p7verify/p7verify.c
-@@ -112,16 +112,17 @@ Usage(char *progName)
-     fprintf(stderr, "%-25s  4 - certUsageEmailSigner\n", " ");
-     fprintf(stderr, "%-25s  5 - certUsageEmailRecipient\n", " ");
-     fprintf(stderr, "%-25s  6 - certUsageObjectSigner\n", " ");
-     fprintf(stderr, "%-25s  7 - certUsageUserCertImport\n", " ");
-     fprintf(stderr, "%-25s  8 - certUsageVerifyCA\n", " ");
-     fprintf(stderr, "%-25s  9 - certUsageProtectedObjectSigner\n", " ");
-     fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " ");
-     fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " ");
-+    fprintf(stderr, "%-25s 12 - certUsageIPsec\n", " ");
- 
-     exit(-1);
- }
- 
- static int
- HashDecodeAndVerify(FILE *out, FILE *content, PRFileDesc *signature,
-                     SECCertUsage usage, char *progName)
- {
-diff --git a/cmd/smimetools/cmsutil.c b/cmd/smimetools/cmsutil.c
---- a/cmd/smimetools/cmsutil.c
-+++ b/cmd/smimetools/cmsutil.c
-@@ -110,16 +110,17 @@ Usage(void)
-     fprintf(stderr, "%-25s  4 - certUsageEmailSigner\n", " ");
-     fprintf(stderr, "%-25s  5 - certUsageEmailRecipient\n", " ");
-     fprintf(stderr, "%-25s  6 - certUsageObjectSigner\n", " ");
-     fprintf(stderr, "%-25s  7 - certUsageUserCertImport\n", " ");
-     fprintf(stderr, "%-25s  8 - certUsageVerifyCA\n", " ");
-     fprintf(stderr, "%-25s  9 - certUsageProtectedObjectSigner\n", " ");
-     fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " ");
-     fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " ");
-+    fprintf(stderr, "%-25s 12 - certUsageIPsec\n", " ");
- 
-     exit(-1);
- }
- 
- struct optionsStr {
-     char *pwfile;
-     char *password;
-     SECCertUsage certUsage;
-diff --git a/cmd/vfychain/vfychain.c b/cmd/vfychain/vfychain.c
---- a/cmd/vfychain/vfychain.c
-+++ b/cmd/vfychain/vfychain.c
-@@ -59,17 +59,18 @@ Usage(const char *progName)
-             "\t-o oid\t\t Set policy OID for cert validation(Format OID.1.2.3)\n"
-             "\t-p \t\t Use PKIX Library to validate certificate by calling:\n"
-             "\t\t\t   * CERT_VerifyCertificate if specified once,\n"
-             "\t\t\t   * CERT_PKIXVerifyCert if specified twice and more.\n"
-             "\t-r\t\t Following certfile is raw binary DER (default)\n"
-             "\t-t\t\t Following cert is explicitly trusted (overrides db trust).\n"
-             "\t-u usage \t 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,\n"
-             "\t\t\t 4=Email signer, 5=Email recipient, 6=Object signer,\n"
--            "\t\t\t 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA\n"
-+            "\t\t\t 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA,\n"
-+            "\t\t\t 12=IPsec\n"
-             "\t-T\t\t Trust both explicit trust anchors (-t) and the database.\n"
-             "\t\t\t (Default is to only trust certificates marked -t, if there are any,\n"
-             "\t\t\t or to trust the database if there are certificates marked -t.)\n"
-             "\t-v\t\t Verbose mode. Prints root cert subject(double the\n"
-             "\t\t\t argument for whole root cert info)\n"
-             "\t-w password\t Database password.\n"
-             "\t-W pwfile\t Password file.\n\n"
-             "\tRevocation options for PKIX API(invoked with -pp options) is a\n"
-diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c
---- a/lib/certdb/certdb.c
-+++ b/lib/certdb/certdb.c
-@@ -441,16 +441,84 @@ cert_GetCertType(CERTCertificate *cert)
-     nsCertType = cert_ComputeCertType(cert);
- 
-     /* Assert that it is safe to cast &cert->nsCertType to "PRInt32 *" */
-     PORT_Assert(sizeof(cert->nsCertType) == sizeof(PRInt32));
-     PR_ATOMIC_SET((PRInt32 *)&cert->nsCertType, nsCertType);
-     return SECSuccess;
- }
- 
-+PRBool
-+cert_EKUAllowsIPsecIKE(CERTCertificate *cert, PRBool *isCritical)
-+{
-+    SECStatus rv;
-+    SECItem encodedExtKeyUsage;
-+    CERTOidSequence *extKeyUsage = NULL;
-+    PRBool result = PR_FALSE;
-+
-+    rv = CERT_GetExtenCriticality(cert->extensions,
-+                                  SEC_OID_X509_EXT_KEY_USAGE,
-+                                  isCritical);
-+    if (rv != SECSuccess) {
-+        *isCritical = PR_FALSE;
-+    }
-+
-+    encodedExtKeyUsage.data = NULL;
-+    rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE,
-+                                &encodedExtKeyUsage);
-+    if (rv != SECSuccess) {
-+        /* EKU not present, allowed. */
-+        result = PR_TRUE;
-+        goto done;
-+    }
-+
-+    extKeyUsage = CERT_DecodeOidSequence(&encodedExtKeyUsage);
-+    if (!extKeyUsage) {
-+        /* failure */
-+        goto done;
-+    }
-+
-+    if (findOIDinOIDSeqByTagNum(extKeyUsage,
-+                                SEC_OID_X509_ANY_EXT_KEY_USAGE) ==
-+        SECSuccess) {
-+        result = PR_TRUE;
-+        goto done;
-+    }
-+
-+    if (findOIDinOIDSeqByTagNum(extKeyUsage,
-+                                SEC_OID_EXT_KEY_USAGE_IPSEC_IKE) ==
-+        SECSuccess) {
-+        result = PR_TRUE;
-+        goto done;
-+    }
-+
-+    if (findOIDinOIDSeqByTagNum(extKeyUsage,
-+                                SEC_OID_IPSEC_IKE_END) ==
-+        SECSuccess) {
-+        result = PR_TRUE;
-+        goto done;
-+    }
-+
-+    if (findOIDinOIDSeqByTagNum(extKeyUsage,
-+                                SEC_OID_IPSEC_IKE_INTERMEDIATE) ==
-+        SECSuccess) {
-+        result = PR_TRUE;
-+        goto done;
-+    }
-+
-+done:
-+    if (encodedExtKeyUsage.data != NULL) {
-+        PORT_Free(encodedExtKeyUsage.data);
-+    }
-+    if (extKeyUsage != NULL) {
-+        CERT_DestroyOidSequence(extKeyUsage);
-+    }
-+    return result;
-+}
-+
- PRUint32
- cert_ComputeCertType(CERTCertificate *cert)
- {
-     SECStatus rv;
-     SECItem tmpitem;
-     SECItem encodedExtKeyUsage;
-     CERTOidSequence *extKeyUsage = NULL;
-     PRBool basicConstraintPresent = PR_FALSE;
-@@ -1078,16 +1146,20 @@ CERT_KeyUsageAndTypeForCertUsage(SECCert
-             case certUsageSSLClient:
-                 requiredKeyUsage = KU_KEY_CERT_SIGN;
-                 requiredCertType = NS_CERT_TYPE_SSL_CA;
-                 break;
-             case certUsageSSLServer:
-                 requiredKeyUsage = KU_KEY_CERT_SIGN;
-                 requiredCertType = NS_CERT_TYPE_SSL_CA;
-                 break;
-+            case certUsageIPsec:
-+                requiredKeyUsage = KU_KEY_CERT_SIGN;
-+                requiredCertType = NS_CERT_TYPE_SSL_CA;
-+                break;
-             case certUsageSSLCA:
-                 requiredKeyUsage = KU_KEY_CERT_SIGN;
-                 requiredCertType = NS_CERT_TYPE_SSL_CA;
-                 break;
-             case certUsageEmailSigner:
-                 requiredKeyUsage = KU_KEY_CERT_SIGN;
-                 requiredCertType = NS_CERT_TYPE_EMAIL_CA;
-                 break;
-@@ -1120,16 +1192,21 @@ CERT_KeyUsageAndTypeForCertUsage(SECCert
-                  */
-                 requiredKeyUsage = KU_DIGITAL_SIGNATURE;
-                 requiredCertType = NS_CERT_TYPE_SSL_CLIENT;
-                 break;
-             case certUsageSSLServer:
-                 requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT;
-                 requiredCertType = NS_CERT_TYPE_SSL_SERVER;
-                 break;
-+            case certUsageIPsec:
-+                /* RFC 4945 Section 5.1.3.2 */
-+                requiredKeyUsage = KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION;
-+                requiredCertType = 0;
-+                break;
-             case certUsageSSLServerWithStepUp:
-                 requiredKeyUsage =
-                     KU_KEY_AGREEMENT_OR_ENCIPHERMENT | KU_NS_GOVT_APPROVED;
-                 requiredCertType = NS_CERT_TYPE_SSL_SERVER;
-                 break;
-             case certUsageSSLCA:
-                 requiredKeyUsage = KU_KEY_CERT_SIGN;
-                 requiredCertType = NS_CERT_TYPE_SSL_CA;
-diff --git a/lib/certdb/certi.h b/lib/certdb/certi.h
---- a/lib/certdb/certi.h
-+++ b/lib/certdb/certi.h
-@@ -289,16 +289,19 @@ SECStatus cert_DestroyLocks(void);
- extern SECStatus cert_GetCertType(CERTCertificate* cert);
- 
- /*
-  * compute and return the value of nsCertType for cert, but do not
-  * update the CERTCertificate.
-  */
- extern PRUint32 cert_ComputeCertType(CERTCertificate* cert);
- 
-+extern PRBool cert_EKUAllowsIPsecIKE(CERTCertificate* cert,
-+                                     PRBool* isCritical);
-+
- void cert_AddToVerifyLog(CERTVerifyLog* log, CERTCertificate* cert,
-                          long errorCode, unsigned int depth, void* arg);
- 
- /* Insert a DER CRL into the CRL cache, and take ownership of it.
-  *
-  * cert_CacheCRLByGeneralName takes ownership of the memory in crl argument
-  * completely.  crl must be freeable by SECITEM_FreeItem. It will be freed
-  * immediately if it is rejected from the CRL cache, or later during cache
-diff --git a/lib/certdb/certt.h b/lib/certdb/certt.h
---- a/lib/certdb/certt.h
-+++ b/lib/certdb/certt.h
-@@ -442,17 +442,18 @@ typedef enum SECCertUsageEnum {
-     certUsageSSLCA = 3,
-     certUsageEmailSigner = 4,
-     certUsageEmailRecipient = 5,
-     certUsageObjectSigner = 6,
-     certUsageUserCertImport = 7,
-     certUsageVerifyCA = 8,
-     certUsageProtectedObjectSigner = 9,
-     certUsageStatusResponder = 10,
--    certUsageAnyCA = 11
-+    certUsageAnyCA = 11,
-+    certUsageIPsec = 12
- } SECCertUsage;
- 
- typedef PRInt64 SECCertificateUsage;
- 
- #define certificateUsageCheckAllUsages (0x0000)
- #define certificateUsageSSLClient (0x0001)
- #define certificateUsageSSLServer (0x0002)
- #define certificateUsageSSLServerWithStepUp (0x0004)
-@@ -460,18 +461,19 @@ typedef PRInt64 SECCertificateUsage;
- #define certificateUsageEmailSigner (0x0010)
- #define certificateUsageEmailRecipient (0x0020)
- #define certificateUsageObjectSigner (0x0040)
- #define certificateUsageUserCertImport (0x0080)
- #define certificateUsageVerifyCA (0x0100)
- #define certificateUsageProtectedObjectSigner (0x0200)
- #define certificateUsageStatusResponder (0x0400)
- #define certificateUsageAnyCA (0x0800)
-+#define certificateUsageIPsec (0x1000)
- 
--#define certificateUsageHighest certificateUsageAnyCA
-+#define certificateUsageHighest certificateUsageIPsec
- 
- /*
-  * Does the cert belong to the user, a peer, or a CA.
-  */
- typedef enum CERTCertOwnerEnum {
-     certOwnerUser = 0,
-     certOwnerPeer = 1,
-     certOwnerCA = 2
-diff --git a/lib/certhigh/certvfy.c b/lib/certhigh/certvfy.c
---- a/lib/certhigh/certvfy.c
-+++ b/lib/certhigh/certvfy.c
-@@ -284,16 +284,20 @@ CERT_TrustFlagsForCACertUsage(SECCertUsa
-             requiredFlags = CERTDB_TRUSTED_CLIENT_CA;
-             trustType = trustSSL;
-             break;
-         case certUsageSSLServer:
-         case certUsageSSLCA:
-             requiredFlags = CERTDB_TRUSTED_CA;
-             trustType = trustSSL;
-             break;
-+        case certUsageIPsec:
-+            requiredFlags = CERTDB_TRUSTED_CA;
-+            trustType = trustSSL;
-+            break;
-         case certUsageSSLServerWithStepUp:
-             requiredFlags = CERTDB_TRUSTED_CA | CERTDB_GOVT_APPROVED_CA;
-             trustType = trustSSL;
-             break;
-         case certUsageEmailSigner:
-         case certUsageEmailRecipient:
-             requiredFlags = CERTDB_TRUSTED_CA;
-             trustType = trustEmail;
-@@ -574,16 +578,17 @@ cert_VerifyCertChainOld(CERTCertDBHandle
-         EXIT_IF_NOT_LOGGING(log);
-         requiredCAKeyUsage = 0;
-         caCertType = 0;
-     }
- 
-     switch (certUsage) {
-         case certUsageSSLClient:
-         case certUsageSSLServer:
-+        case certUsageIPsec:
-         case certUsageSSLCA:
-         case certUsageSSLServerWithStepUp:
-         case certUsageEmailSigner:
-         case certUsageEmailRecipient:
-         case certUsageObjectSigner:
-         case certUsageVerifyCA:
-         case certUsageAnyCA:
-         case certUsageStatusResponder:
-@@ -640,17 +645,18 @@ cert_VerifyCertChainOld(CERTCertDBHandle
-          * certifcates (except leaf (EE) certs, root CAs, and self-issued
-          * intermediate CAs) to be verified against the name constraints
-          * extension of the issuer certificate.
-          */
-         if (subjectCertIsSelfIssued == PR_FALSE) {
-             CERTGeneralName *subjectNameList;
-             int subjectNameListLen;
-             int i;
--            PRBool getSubjectCN = (!count && certUsage == certUsageSSLServer);
-+            PRBool getSubjectCN = (!count &&
-+                                   (certUsage == certUsageSSLServer || certUsage == certUsageIPsec));
-             subjectNameList =
-                 CERT_GetConstrainedCertificateNames(subjectCert, arena,
-                                                     getSubjectCN);
-             if (!subjectNameList)
-                 goto loser;
-             subjectNameListLen = CERT_GetNamesLength(subjectNameList);
-             if (!subjectNameListLen)
-                 goto loser;
-@@ -981,16 +987,17 @@ CERT_VerifyCACertForUsage(CERTCertDBHand
-         EXIT_IF_NOT_LOGGING(log);
-         requiredCAKeyUsage = 0;
-         caCertType = 0;
-     }
- 
-     switch (certUsage) {
-         case certUsageSSLClient:
-         case certUsageSSLServer:
-+        case certUsageIPsec:
-         case certUsageSSLCA:
-         case certUsageSSLServerWithStepUp:
-         case certUsageEmailSigner:
-         case certUsageEmailRecipient:
-         case certUsageObjectSigner:
-         case certUsageVerifyCA:
-         case certUsageStatusResponder:
-             if (CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags,
-@@ -1166,16 +1173,17 @@ cert_CheckLeafTrust(CERTCertificate *cer
-     *failedFlags = 0;
-     *trusted = PR_FALSE;
- 
-     /* check trust flags to see if this cert is directly trusted */
-     if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
-         switch (certUsage) {
-             case certUsageSSLClient:
-             case certUsageSSLServer:
-+            case certUsageIPsec:
-                 flags = trust.sslFlags;
- 
-                 /* is the cert directly trusted or not trusted ? */
-                 if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
-                             * authoritative */
-                     if (flags & CERTDB_TRUSTED) {     /* trust this cert */
-                         *trusted = PR_TRUE;
-                         return SECSuccess;
-@@ -1342,45 +1350,48 @@ CERT_VerifyCertificate(CERTCertDBHandle 
-         /* we don't have a place to return status for all usages,
-            so we can skip checks for usages that aren't required */
-         checkAllUsages = PR_FALSE;
-     }
-     valid = SECSuccess; /* start off assuming cert is valid */
- 
-     /* make sure that the cert is valid at time t */
-     allowOverride = (PRBool)((requiredUsages & certificateUsageSSLServer) ||
--                             (requiredUsages & certificateUsageSSLServerWithStepUp));
-+                             (requiredUsages & certificateUsageSSLServerWithStepUp) ||
-+                             (requiredUsages & certificateUsageIPsec));
-     validity = CERT_CheckCertValidTimes(cert, t, allowOverride);
-     if (validity != secCertTimeValid) {
-         valid = SECFailure;
-         LOG_ERROR_OR_EXIT(log, cert, 0, validity);
-     }
- 
-     /* check key usage and netscape cert type */
-     cert_GetCertType(cert);
-     certType = cert->nsCertType;
- 
-     for (i = 1; i <= certificateUsageHighest &&
-                 (SECSuccess == valid || returnedUsages || log);) {
-+        PRBool typeAndEKUAllowed = PR_TRUE;
-         PRBool requiredUsage = (i & requiredUsages) ? PR_TRUE : PR_FALSE;
-         if (PR_FALSE == requiredUsage && PR_FALSE == checkAllUsages) {
-             NEXT_USAGE();
-         }
-         if (returnedUsages) {
-             *returnedUsages |= i; /* start off assuming this usage is valid */
-         }
-         switch (certUsage) {
-             case certUsageSSLClient:
-             case certUsageSSLServer:
-             case certUsageSSLServerWithStepUp:
-             case certUsageSSLCA:
-             case certUsageEmailSigner:
-             case certUsageEmailRecipient:
-             case certUsageObjectSigner:
-             case certUsageStatusResponder:
-+            case certUsageIPsec:
-                 rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE,
-                                                       &requiredKeyUsage,
-                                                       &requiredCertType);
-                 if (rv != SECSuccess) {
-                     PORT_Assert(0);
-                     /* EXIT_IF_NOT_LOGGING(log); XXX ??? */
-                     requiredKeyUsage = 0;
-                     requiredCertType = 0;
-@@ -1403,17 +1414,29 @@ CERT_VerifyCertificate(CERTCertDBHandle 
-         }
-         if (CERT_CheckKeyUsage(cert, requiredKeyUsage) != SECSuccess) {
-             if (PR_TRUE == requiredUsage) {
-                 PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
-             }
-             LOG_ERROR(log, cert, 0, requiredKeyUsage);
-             INVALID_USAGE();
-         }
--        if (!(certType & requiredCertType)) {
-+        if (certUsage != certUsageIPsec) {
-+            if (!(certType & requiredCertType)) {
-+                typeAndEKUAllowed = PR_FALSE;
-+            }
-+        } else {
-+            PRBool isCritical;
-+            PRBool allowed = cert_EKUAllowsIPsecIKE(cert, &isCritical);
-+            /* If the extension isn't critical, we allow any EKU value. */
-+            if (isCritical && !allowed) {
-+                typeAndEKUAllowed = PR_FALSE;
-+            }
-+        }
-+        if (!typeAndEKUAllowed) {
-             if (PR_TRUE == requiredUsage) {
-                 PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE);
-             }
-             LOG_ERROR(log, cert, 0, requiredCertType);
-             INVALID_USAGE();
-         }
- 
-         rv = cert_CheckLeafTrust(cert, certUsage, &flags, &trusted);
-@@ -1503,29 +1526,31 @@ cert_VerifyCertWithFlags(CERTCertDBHandl
-     if (rv != SECSuccess) {
-         PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
-         LOG_ERROR_OR_EXIT(log, cert, 0, 0);
-     }
- #endif
- 
-     /* make sure that the cert is valid at time t */
-     allowOverride = (PRBool)((certUsage == certUsageSSLServer) ||
--                             (certUsage == certUsageSSLServerWithStepUp));
-+                             (certUsage == certUsageSSLServerWithStepUp) ||
-+                             (certUsage == certUsageIPsec));
-     validity = CERT_CheckCertValidTimes(cert, t, allowOverride);
-     if (validity != secCertTimeValid) {
-         LOG_ERROR_OR_EXIT(log, cert, 0, validity);
-     }
- 
-     /* check key usage and netscape cert type */
-     cert_GetCertType(cert);
-     certType = cert->nsCertType;
-     switch (certUsage) {
-         case certUsageSSLClient:
-         case certUsageSSLServer:
-         case certUsageSSLServerWithStepUp:
-+        case certUsageIPsec:
-         case certUsageSSLCA:
-         case certUsageEmailSigner:
-         case certUsageEmailRecipient:
-         case certUsageObjectSigner:
-         case certUsageStatusResponder:
-             rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE,
-                                                   &requiredKeyUsage,
-                                                   &requiredCertType);
-@@ -1628,16 +1653,17 @@ CERT_VerifyCertNow(CERTCertDBHandle *han
- }
- 
- /* [ FROM pcertdb.c ] */
- /*
-  * Supported usage values and types:
-  *  certUsageSSLClient
-  *  certUsageSSLServer
-  *  certUsageSSLServerWithStepUp
-+ *  certUsageIPsec
-  *  certUsageEmailSigner
-  *  certUsageEmailRecipient
-  *  certUsageObjectSigner
-  */
- 
- CERTCertificate *
- CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
-                       CERTCertOwner owner, SECCertUsage usage,
-diff --git a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
---- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
-+++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
-@@ -2909,17 +2909,18 @@ PKIX_PL_Cert_CheckValidity(
-                         PKIX_DATEGETPRTIMEFAILED);
-         } else {
-                 timeToCheck = PR_Now();
-         }
- 
-         requiredUsages = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
-         allowOverride =
-             (PRBool)((requiredUsages & certificateUsageSSLServer) ||
--                     (requiredUsages & certificateUsageSSLServerWithStepUp));
-+                     (requiredUsages & certificateUsageSSLServerWithStepUp) ||
-+                     (requiredUsages & certificateUsageIPsec));
-         val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, allowOverride);
-         if (val != secCertTimeValid){
-                 PKIX_ERROR(PKIX_CERTCHECKCERTVALIDTIMESFAILED);
-         }
- 
- cleanup:
-         PKIX_RETURN(CERT);
- }
-@@ -2996,18 +2997,27 @@ PKIX_PL_Cert_VerifyCertAndKeyType(
-         /* use this key usage and cert type for certUsageAnyCA and
-          * certUsageVerifyCA. */
- 	requiredKeyUsage = KU_KEY_CERT_SIGN;
- 	requiredCertType = NS_CERT_TYPE_CA;
-     }
-     if (CERT_CheckKeyUsage(cert->nssCert, requiredKeyUsage) != SECSuccess) {
-         PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED);
-     }
--    if (!(certType & requiredCertType)) {
--        PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED);
-+    if (certUsage != certUsageIPsec) {
-+        if (!(certType & requiredCertType)) {
-+            PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED);
-+        }
-+    } else {
-+        PRBool isCritical;
-+        PRBool allowed = cert_EKUAllowsIPsecIKE(cert->nssCert, &isCritical);
-+        /* If the extension isn't critical, we allow any EKU value. */
-+        if (isCritical && !allowed) {
-+            PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED);
-+        }
-     }
- cleanup:
-     PKIX_DECREF(basicConstraints);
-     PKIX_RETURN(CERT);
- }
- 
- /*
-  * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage (see comments in pkix_pl_pki.h)
-diff --git a/tests/chains/chains.sh b/tests/chains/chains.sh
---- a/tests/chains/chains.sh
-+++ b/tests/chains/chains.sh
-@@ -347,16 +347,22 @@ create_cert_req()
-     OPTIONS=
- 
-     if [ "${TYPE}" != "EE" ]; then
-         CA_FLAG="-2"
-         EXT_DATA="y
- -1
- y
- "
-+    else
-+        CA_FLAG="-2"
-+        EXT_DATA="n
-+-1
-+y
-+"
-     fi
- 
-     process_crldp
- 
-     echo "${EXT_DATA}" > ${CU_DATA}
- 
-     TESTNAME="Creating ${TYPE} certifiate request ${REQ}"
-     echo "${SCRIPTNAME}: ${TESTNAME}"
-@@ -1253,16 +1259,22 @@ process_scenario()
- 
-     while read AIA_FILE
-     do
- 	rm ${AIA_FILE} 2> /dev/null
-     done < ${AIA_FILES}
-     rm ${AIA_FILES}
- }
- 
-+# process ipsec.cfg separately
-+chains_ipsec()
-+{
-+    process_scenario "ipsec.cfg"
-+}
-+
- # process ocspd.cfg separately
- chains_ocspd()
- {
-     process_scenario "ocspd.cfg"
- }
- 
- # process ocsp.cfg separately
- chains_method()
-@@ -1274,29 +1286,31 @@ chains_method()
- # local shell function to process all testing scenarios
- ########################################################################
- chains_main()
- {
-     while read LINE 
-     do
-         [ `echo ${LINE} | cut -b 1` != "#" ] || continue
- 
-+	[ ${LINE} != 'ipsec.cfg' ] || continue
- 	[ ${LINE} != 'ocspd.cfg' ] || continue
- 	[ ${LINE} != 'method.cfg' ] || continue
- 
- 	process_scenario ${LINE}
-     done < "${CHAINS_SCENARIOS}"
- }
- 
- ################################ main ##################################
- 
- chains_init
- VERIFY_CLASSIC_ENGINE_TOO=
- chains_ocspd
- VERIFY_CLASSIC_ENGINE_TOO=1
-+chains_ipsec
- chains_run_httpserv get
- chains_method
- chains_stop_httpserv
- chains_run_httpserv post
- chains_method
- chains_stop_httpserv
- VERIFY_CLASSIC_ENGINE_TOO=
- chains_run_httpserv random
-diff --git a/tests/chains/scenarios/ipsec.cfg b/tests/chains/scenarios/ipsec.cfg
-new file mode 100644
---- /dev/null
-+++ b/tests/chains/scenarios/ipsec.cfg
-@@ -0,0 +1,61 @@
-+# This Source Code Form is subject to the terms of the Mozilla Public
-+# License, v. 2.0. If a copy of the MPL was not distributed with this
-+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-+
-+scenario IPsec
-+
-+entity Root
-+  type Root
-+
-+entity CA1
-+  type Intermediate
-+  issuer Root 
-+
-+entity NoKU
-+  type EE
-+  issuer CA1
-+
-+entity DigSig
-+  type EE
-+  issuer CA1
-+    ku digitalSignature
-+
-+entity NonRep
-+  type EE
-+  issuer CA1
-+    ku nonRepudiation
-+
-+entity DigSigNonRepAndExtra
-+  type EE
-+  issuer CA1
-+    ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
-+
-+entity NoMatch
-+  type EE
-+  issuer CA1
-+    ku keyEncipherment,dataEncipherment,keyAgreement
-+
-+db All
-+
-+import Root::C,,
-+import CA1:Root:
-+
-+verify NoKU:CA1
-+  usage 12
-+  result pass
-+
-+verify DigSig:CA1
-+  usage 12
-+  result pass
-+
-+verify NonRep:CA1
-+  usage 12
-+  result pass
-+
-+verify DigSigNonRepAndExtra:CA1
-+  usage 12
-+  result pass
-+
-+verify NoMatch:CA1
-+  usage 12
-+  result fail
-diff --git a/tests/chains/scenarios/scenarios b/tests/chains/scenarios/scenarios
---- a/tests/chains/scenarios/scenarios
-+++ b/tests/chains/scenarios/scenarios
-@@ -17,8 +17,9 @@ bridgewithhalfaia.cfg
- bridgewithpolicyextensionandmapping.cfg
- realcerts.cfg
- dsa.cfg
- revoc.cfg
- ocsp.cfg
- crldp.cfg
- trustanchors.cfg
- nameconstraints.cfg
-+ipsec.cfg
diff --git a/SOURCES/nss-add-ipsec-usage-to-manpage.patch b/SOURCES/nss-add-ipsec-usage-to-manpage.patch
new file mode 100644
index 0000000..cedd6a3
--- /dev/null
+++ b/SOURCES/nss-add-ipsec-usage-to-manpage.patch
@@ -0,0 +1,13 @@
+diff -up ./nss/doc/certutil.xml.add_ipsec_usage ./nss/doc/certutil.xml
+--- ./nss/doc/certutil.xml.add_ipsec_usage	2019-06-05 09:40:37.848895763 -0700
++++ ./nss/doc/certutil.xml	2019-06-05 09:40:47.079891058 -0700
+@@ -428,6 +428,9 @@ of the attribute codes:
+ 	<listitem>
+ <para><command>J</command> (as an object signer)</para>
+ 	</listitem>
++	<listitem>
++<para><command>I</command> (as an IPSEC user)</para>
++	</listitem>
+ 	</itemizedlist></listitem>
+       </varlistentry>
+ 
diff --git a/SOURCES/nss-check-policy-file.patch b/SOURCES/nss-check-policy-file.patch
deleted file mode 100644
index 898ffef..0000000
--- a/SOURCES/nss-check-policy-file.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-diff -up nss/lib/pk11wrap/pk11pars.c.check_policy_file nss/lib/pk11wrap/pk11pars.c
---- nss/lib/pk11wrap/pk11pars.c.check_policy_file	2017-02-28 10:49:53.811343156 +0100
-+++ nss/lib/pk11wrap/pk11pars.c	2017-02-28 10:59:41.178647490 +0100
-@@ -109,6 +109,7 @@ secmod_NewModule(void)
-                                                  *other flags are set */
- #define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02
- #define SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB 0x04
-+#define SECMOD_FLAG_MODULE_DB_POLICY_ONLY 0x08
- 
- /* private flags for internal (field in SECMODModule). */
- /* The meaing of these flags is as follows:
-@@ -704,6 +705,9 @@ SECMOD_CreateModuleEx(const char *librar
-         if (NSSUTIL_ArgHasFlag("flags", "defaultModDB", nssc)) {
-             flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
-         }
-+	if (NSSUTIL_ArgHasFlag("flags", "policyOnly", nssc)) {
-+	    flags |= SECMOD_FLAG_MODULE_DB_POLICY_ONLY;
-+	}
-         /* additional moduleDB flags could be added here in the future */
-         mod->isModuleDB = (PRBool)flags;
-     }
-@@ -744,6 +748,14 @@ SECMOD_GetDefaultModDBFlag(SECMODModule
- }
- 
- PRBool
-+secmod_PolicyOnly(SECMODModule *mod)
-+{
-+   char flags = (char) mod->isModuleDB;
-+
-+   return (flags & SECMOD_FLAG_MODULE_DB_POLICY_ONLY) ? PR_TRUE : PR_FALSE;
-+}
-+
-+PRBool
- secmod_IsInternalKeySlot(SECMODModule *mod)
- {
-     char flags = (char)mod->internal;
-@@ -1661,6 +1673,12 @@ SECMOD_LoadModule(char *modulespec, SECM
-     if (!module) {
-         goto loser;
-     }
-+
-+    /* a policy only stanza doesn't actually get 'loaded'. policy has already
-+     * been parsed as a side effect of the CreateModuleEx call */
-+    if (secmod_PolicyOnly(module)) {
-+	return module;
-+    }
-     if (parent) {
-         module->parent = SECMOD_ReferenceModule(parent);
-         if (module->internal && secmod_IsInternalKeySlot(parent)) {
diff --git a/SOURCES/nss-devslot-reinsert.patch b/SOURCES/nss-devslot-reinsert.patch
deleted file mode 100644
index f68a81a..0000000
--- a/SOURCES/nss-devslot-reinsert.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1521731296 -3600
-#      Thu Mar 22 16:08:16 2018 +0100
-# Node ID 6ae3ab8a1e7b4161f3f8eee90db7a745acced408
-# Parent  dedf5290c679153e5b3555ba9c711fe62323c156
-Bug 1447628, devslot: avoid deadlock when re-inserting a token, r=rrelyea
-
-diff --git a/lib/dev/devslot.c b/lib/dev/devslot.c
---- a/lib/dev/devslot.c
-+++ b/lib/dev/devslot.c
-@@ -96,10 +96,16 @@ nssSlot_ResetDelay(
- }
- 
- static PRBool
--within_token_delay_period(const NSSSlot *slot)
-+token_status_checked(const NSSSlot *slot)
- {
-     PRIntervalTime time;
-     int lastPingState = slot->lastTokenPingState;
-+    /* When called from the same thread, that means
-+     * nssSlot_IsTokenPresent() is called recursively through
-+     * nssSlot_Refresh(). Return immediately in that case. */
-+    if (slot->isPresentThread == PR_GetCurrentThread()) {
-+        return PR_TRUE;
-+    }
-     /* Set the delay time for checking the token presence */
-     if (s_token_delay_time == 0) {
-         s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME);
-@@ -130,7 +136,7 @@ nssSlot_IsTokenPresent(
- 
-     /* avoid repeated calls to check token status within set interval */
-     PZ_Lock(slot->isPresentLock);
--    if (within_token_delay_period(slot)) {
-+    if (token_status_checked(slot)) {
-         CK_FLAGS ckFlags = slot->ckFlags;
-         PZ_Unlock(slot->isPresentLock);
-         return ((ckFlags & CKF_TOKEN_PRESENT) != 0);
-@@ -146,12 +152,12 @@ nssSlot_IsTokenPresent(
- 
-     /* set up condition so only one thread is active in this part of the code at a time */
-     PZ_Lock(slot->isPresentLock);
--    while (slot->inIsPresent) {
-+    while (slot->isPresentThread) {
-         PR_WaitCondVar(slot->isPresentCondition, 0);
-     }
-     /* if we were one of multiple threads here, the first thread will have
-      * given us the answer, no need to make more queries of the token. */
--    if (within_token_delay_period(slot)) {
-+    if (token_status_checked(slot)) {
-         CK_FLAGS ckFlags = slot->ckFlags;
-         PZ_Unlock(slot->isPresentLock);
-         return ((ckFlags & CKF_TOKEN_PRESENT) != 0);
-@@ -159,7 +165,7 @@ nssSlot_IsTokenPresent(
-     /* this is the winning thread, block all others until we've determined
-      * if the token is present and that it needs initialization. */
-     slot->lastTokenPingState = nssSlotLastPingState_Update;
--    slot->inIsPresent = PR_TRUE;
-+    slot->isPresentThread = PR_GetCurrentThread();
- 
-     PZ_Unlock(slot->isPresentLock);
- 
-@@ -257,7 +263,7 @@ done:
-         slot->lastTokenPingTime = PR_IntervalNow();
-         slot->lastTokenPingState = nssSlotLastPingState_Valid;
-     }
--    slot->inIsPresent = PR_FALSE;
-+    slot->isPresentThread = NULL;
-     PR_NotifyAllCondVar(slot->isPresentCondition);
-     PZ_Unlock(slot->isPresentLock);
-     return isPresent;
-diff --git a/lib/dev/devt.h b/lib/dev/devt.h
---- a/lib/dev/devt.h
-+++ b/lib/dev/devt.h
-@@ -92,7 +92,7 @@ struct NSSSlotStr {
-     PK11SlotInfo *pk11slot;
-     PZLock *isPresentLock;
-     PRCondVar *isPresentCondition;
--    PRBool inIsPresent;
-+    PRThread *isPresentThread;
- };
- 
- struct nssSessionStr {
-diff --git a/lib/pk11wrap/dev3hack.c b/lib/pk11wrap/dev3hack.c
---- a/lib/pk11wrap/dev3hack.c
-+++ b/lib/pk11wrap/dev3hack.c
-@@ -122,7 +122,7 @@ nssSlot_CreateFromPK11SlotInfo(NSSTrustD
-     rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
-     rvSlot->isPresentLock = PZ_NewLock(nssiLockOther);
-     rvSlot->isPresentCondition = PR_NewCondVar(rvSlot->isPresentLock);
--    rvSlot->inIsPresent = PR_FALSE;
-+    rvSlot->isPresentThread = NULL;
-     rvSlot->lastTokenPingState = nssSlotLastPingState_Reset;
-     return rvSlot;
- }
diff --git a/SOURCES/nss-disable-cipher-suites.patch b/SOURCES/nss-disable-cipher-suites.patch
index b593479..92a7472 100644
--- a/SOURCES/nss-disable-cipher-suites.patch
+++ b/SOURCES/nss-disable-cipher-suites.patch
@@ -1,7 +1,7 @@
 diff -up nss/lib/ssl/ssl3con.c.disable-cipher-suites nss/lib/ssl/ssl3con.c
---- nss/lib/ssl/ssl3con.c.disable-cipher-suites	2017-04-26 11:53:57.980039632 +0200
-+++ nss/lib/ssl/ssl3con.c	2017-04-26 11:55:56.374264466 +0200
-@@ -97,7 +97,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
+--- nss/lib/ssl/ssl3con.c.disable-cipher-suites	2019-03-21 14:24:14.660150519 +0100
++++ nss/lib/ssl/ssl3con.c	2019-03-21 14:25:12.997929443 +0100
+@@ -96,7 +96,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
   { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
   { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
   { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -12,8 +12,8 @@ diff -up nss/lib/ssl/ssl3con.c.disable-cipher-suites nss/lib/ssl/ssl3con.c
 + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-@@ -106,7 +109,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
+  { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
+@@ -105,7 +108,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
   { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
   { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
   { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -24,4 +24,4 @@ diff -up nss/lib/ssl/ssl3con.c.disable-cipher-suites nss/lib/ssl/ssl3con.c
 + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+  { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
diff --git a/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch b/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch
new file mode 100644
index 0000000..1b57e75
--- /dev/null
+++ b/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch
@@ -0,0 +1,202 @@
+# HG changeset patch
+# User Daiki Ueno <dueno@redhat.com>
+# Date 1559031046 -7200
+#      Tue May 28 10:10:46 2019 +0200
+# Node ID 0a4e8b72a92e144663c2f35d3836f7828cfc97f2
+# Parent  370a9e85f216f5f4ff277995a997c5c9b23a819f
+Bug 1552208, prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3, r=mt
+
+Reviewers: mt
+
+Reviewed By: mt
+
+Subscribers: mt, jcj, ueno, rrelyea, HubertKario, KevinJacobs
+
+Tags: #secure-revision, #bmo-crypto-core-security
+
+Bug #: 1552208
+
+Differential Revision: https://phabricator.services.mozilla.com/D32454
+
+diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc
+--- a/gtests/ssl_gtest/ssl_auth_unittest.cc
++++ b/gtests/ssl_gtest/ssl_auth_unittest.cc
+@@ -701,6 +701,44 @@ TEST_P(TlsConnectTls12, ClientAuthIncons
+   ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
+ }
+ 
++TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureScheme) {
++  static const SSLSignatureScheme kSignatureScheme[] = {
++      ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pss_rsae_sha256};
++
++  Reset(TlsAgent::kServerRsa, "rsa");
++  client_->SetSignatureSchemes(kSignatureScheme,
++                               PR_ARRAY_SIZE(kSignatureScheme));
++  server_->SetSignatureSchemes(kSignatureScheme,
++                               PR_ARRAY_SIZE(kSignatureScheme));
++  client_->SetupClientAuth();
++  server_->RequestClientAuth(true);
++
++  auto capture_cert_verify = MakeTlsFilter<TlsHandshakeRecorder>(
++      client_, kTlsHandshakeCertificateVerify);
++  capture_cert_verify->EnableDecryption();
++
++  Connect();
++  CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pss_rsae_sha256,
++                 1024);
++}
++
++TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureSchemeOnly) {
++  static const SSLSignatureScheme kSignatureScheme[] = {
++      ssl_sig_rsa_pkcs1_sha256};
++
++  Reset(TlsAgent::kServerRsa, "rsa");
++  client_->SetSignatureSchemes(kSignatureScheme,
++                               PR_ARRAY_SIZE(kSignatureScheme));
++  server_->SetSignatureSchemes(kSignatureScheme,
++                               PR_ARRAY_SIZE(kSignatureScheme));
++  client_->SetupClientAuth();
++  server_->RequestClientAuth(true);
++
++  ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
++  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
++  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
++}
++
+ class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter {
+  public:
+   TlsZeroCertificateRequestSigAlgsFilter(const std::shared_ptr<TlsAgent>& a)
+@@ -933,7 +971,7 @@ TEST_P(TlsConnectTls13, InconsistentSign
+   client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
+ }
+ 
+-TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
++TEST_P(TlsConnectTls12, RequestClientAuthWithSha384) {
+   server_->SetSignatureSchemes(kSignatureSchemeRsaSha384,
+                                PR_ARRAY_SIZE(kSignatureSchemeRsaSha384));
+   server_->RequestClientAuth(false);
+@@ -1395,12 +1433,21 @@ TEST_P(TlsSignatureSchemeConfiguration, 
+ INSTANTIATE_TEST_CASE_P(
+     SignatureSchemeRsa, TlsSignatureSchemeConfiguration,
+     ::testing::Combine(
+-        TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12Plus,
++        TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12,
+         ::testing::Values(TlsAgent::kServerRsaSign),
+         ::testing::Values(ssl_auth_rsa_sign),
+         ::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384,
+                           ssl_sig_rsa_pkcs1_sha512, ssl_sig_rsa_pss_rsae_sha256,
+                           ssl_sig_rsa_pss_rsae_sha384)));
++// RSASSA-PKCS1-v1_5 is not allowed to be used in TLS 1.3
++INSTANTIATE_TEST_CASE_P(
++    SignatureSchemeRsaTls13, TlsSignatureSchemeConfiguration,
++    ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
++                       TlsConnectTestBase::kTlsV13,
++                       ::testing::Values(TlsAgent::kServerRsaSign),
++                       ::testing::Values(ssl_auth_rsa_sign),
++                       ::testing::Values(ssl_sig_rsa_pss_rsae_sha256,
++                                         ssl_sig_rsa_pss_rsae_sha384)));
+ // PSS with SHA-512 needs a bigger key to work.
+ INSTANTIATE_TEST_CASE_P(
+     SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration,
+diff --git a/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc b/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
+--- a/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
++++ b/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
+@@ -68,12 +68,6 @@ class TlsCipherSuiteTestBase : public Tl
+   virtual void SetupCertificate() {
+     if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+       switch (sig_scheme_) {
+-        case ssl_sig_rsa_pkcs1_sha256:
+-        case ssl_sig_rsa_pkcs1_sha384:
+-        case ssl_sig_rsa_pkcs1_sha512:
+-          Reset(TlsAgent::kServerRsaSign);
+-          auth_type_ = ssl_auth_rsa_sign;
+-          break;
+         case ssl_sig_rsa_pss_rsae_sha256:
+         case ssl_sig_rsa_pss_rsae_sha384:
+           Reset(TlsAgent::kServerRsaSign);
+@@ -330,6 +324,12 @@ static SSLSignatureScheme kSignatureSche
+     ssl_sig_rsa_pss_pss_sha256,     ssl_sig_rsa_pss_pss_sha384,
+     ssl_sig_rsa_pss_pss_sha512};
+ 
++static SSLSignatureScheme kSignatureSchemesParamsArrTls13[] = {
++    ssl_sig_ecdsa_secp256r1_sha256, ssl_sig_ecdsa_secp384r1_sha384,
++    ssl_sig_rsa_pss_rsae_sha256,    ssl_sig_rsa_pss_rsae_sha384,
++    ssl_sig_rsa_pss_rsae_sha512,    ssl_sig_rsa_pss_pss_sha256,
++    ssl_sig_rsa_pss_pss_sha384,     ssl_sig_rsa_pss_pss_sha512};
++
+ INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams,
+                           kDummySignatureSchemesParams,
+                           TLS_RSA_WITH_RC4_128_SHA,
+@@ -394,7 +394,7 @@ INSTANTIATE_CIPHER_TEST_P(
+ #ifndef NSS_DISABLE_TLS_1_3
+ INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
+                           ::testing::ValuesIn(kFasterDHEGroups),
+-                          ::testing::ValuesIn(kSignatureSchemesParamsArr),
++                          ::testing::ValuesIn(kSignatureSchemesParamsArrTls13),
+                           TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
+                           TLS_AES_256_GCM_SHA384);
+ INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
+diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc
+--- a/gtests/ssl_gtest/ssl_extension_unittest.cc
++++ b/gtests/ssl_gtest/ssl_extension_unittest.cc
+@@ -436,14 +436,14 @@ TEST_P(TlsExtensionTest12Plus, Signature
+ }
+ 
+ TEST_F(TlsExtensionTest13Stream, SignatureAlgorithmsPrecedingGarbage) {
+-  // 31 unknown signature algorithms followed by sha-256, rsa
++  // 31 unknown signature algorithms followed by sha-256, rsa-pss
+   const uint8_t val[] = {
+       0x00, 0x40, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+-      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x01};
++      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x08, 0x04};
+   DataBuffer extension(val, sizeof(val));
+   MakeTlsFilter<TlsExtensionReplacer>(client_, ssl_signature_algorithms_xtn,
+                                       extension);
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -64,6 +64,7 @@ static SECStatus ssl3_FlushHandshakeMess
+ static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
+ static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
+ PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
++PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme);
+ PRBool ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme);
+ 
+ const PRUint8 ssl_hello_retry_random[] = {
+@@ -4101,6 +4102,9 @@ ssl_SignatureSchemeValid(SSLSignatureSch
+         if (ssl_SignatureSchemeToHashType(scheme) == ssl_hash_sha1) {
+             return PR_FALSE;
+         }
++        if (ssl_IsRsaPkcs1SignatureScheme(scheme)) {
++            return PR_FALSE;
++        }
+         /* With TLS 1.3, EC keys should have been selected based on calling
+          * ssl_SignatureSchemeFromSpki(), reject them otherwise. */
+         return spkiOid != SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+@@ -4351,6 +4355,22 @@ ssl_IsRsaPssSignatureScheme(SSLSignature
+ }
+ 
+ PRBool
++ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme)
++{
++    switch (scheme) {
++        case ssl_sig_rsa_pkcs1_sha256:
++        case ssl_sig_rsa_pkcs1_sha384:
++        case ssl_sig_rsa_pkcs1_sha512:
++        case ssl_sig_rsa_pkcs1_sha1:
++            return PR_TRUE;
++
++        default:
++            return PR_FALSE;
++    }
++    return PR_FALSE;
++}
++
++PRBool
+ ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme)
+ {
+     switch (scheme) {
diff --git a/SOURCES/nss-disable-tls13-gtests.patch b/SOURCES/nss-disable-tls13-gtests.patch
deleted file mode 100644
index cc7b661..0000000
--- a/SOURCES/nss-disable-tls13-gtests.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up nss/gtests/ssl_gtest/ssl_skip_unittest.cc.disable-tls13-gtests nss/gtests/ssl_gtest/ssl_skip_unittest.cc
---- nss/gtests/ssl_gtest/ssl_skip_unittest.cc.disable-tls13-gtests	2017-10-16 17:13:51.798825185 +0200
-+++ nss/gtests/ssl_gtest/ssl_skip_unittest.cc	2017-10-16 17:14:08.238496409 +0200
-@@ -234,6 +234,8 @@ INSTANTIATE_TEST_CASE_P(
- INSTANTIATE_TEST_CASE_P(SkipVariants, TlsSkipTest,
-                         ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
-                                            TlsConnectTestBase::kTlsV11V12));
-+#if 0
- INSTANTIATE_TEST_CASE_P(Skip13Variants, Tls13SkipTest,
-                         TlsConnectTestBase::kTlsVariantsAll);
-+#endif
- }  // namespace nss_test
diff --git a/SOURCES/nss-dsa-policy.patch b/SOURCES/nss-dsa-policy.patch
new file mode 100644
index 0000000..5a191ff
--- /dev/null
+++ b/SOURCES/nss-dsa-policy.patch
@@ -0,0 +1,51 @@
+diff --git a/lib/certhigh/certvfy.c b/lib/certhigh/certvfy.c
+--- a/lib/certhigh/certvfy.c
++++ b/lib/certhigh/certvfy.c
+@@ -42,23 +42,16 @@ checkKeyParams(const SECAlgorithmID *sig
+ {
+     SECStatus rv;
+     SECOidTag sigAlg;
+     SECOidTag curve;
+     PRUint32 policyFlags = 0;
+     PRInt32 minLen, len;
+ 
+     sigAlg = SECOID_GetAlgorithmTag(sigAlgorithm);
+-    rv = NSS_GetAlgorithmPolicy(sigAlg, &policyFlags);
+-    if (rv == SECSuccess &&
+-        !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
+-        PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+-        return SECFailure;
+-    }
+-
+     switch (sigAlg) {
+         case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+         case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+         case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+         case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+         case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+             if (key->keyType != ecKey) {
+                 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+@@ -126,16 +119,23 @@ checkKeyParams(const SECAlgorithmID *sig
+             }
+ 
+             if (len < minLen) {
+                 return SECFailure;
+             }
+ 
+             return SECSuccess;
+         case SEC_OID_ANSIX9_DSA_SIGNATURE:
++            rv = NSS_GetAlgorithmPolicy(sigAlg, &policyFlags);
++            if (rv == SECSuccess &&
++                !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
++                PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
++                return SECFailure;
++            }
++            /* fall through */
+         case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+         case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+         case SEC_OID_SDN702_DSA_SIGNATURE:
+         case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
+         case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
+             if (key->keyType != dsaKey) {
+                 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+                 return SECFailure;
diff --git a/SOURCES/nss-enable-cipher-suites.patch b/SOURCES/nss-enable-cipher-suites.patch
deleted file mode 100644
index 0e6aabd..0000000
--- a/SOURCES/nss-enable-cipher-suites.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-diff -up nss/lib/ssl/ssl3con.c.enable-cipher-suites nss/lib/ssl/ssl3con.c
---- nss/lib/ssl/ssl3con.c.enable-cipher-suites	2017-02-20 16:32:39.464067010 +0100
-+++ nss/lib/ssl/ssl3con.c	2017-02-20 16:37:00.506731989 +0100
-@@ -91,7 +91,7 @@ PRBool ssl_IsRsaPssSignatureScheme(SSLSi
- /* clang-format off */
- static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
-    /*      cipher_suite                     policy       enabled   isPresent */
-- { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-@@ -102,7 +102,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
-  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-@@ -113,7 +113,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
-  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-@@ -140,7 +140,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
-  { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDH_ECDSA_WITH_RC4_128_SHA,         SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDH_RSA_WITH_RC4_128_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_RSA_WITH_AES_256_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_RSA_WITH_AES_256_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
diff --git a/SOURCES/nss-fips-disable-tls13.patch b/SOURCES/nss-fips-disable-tls13.patch
new file mode 100644
index 0000000..8b30bbc
--- /dev/null
+++ b/SOURCES/nss-fips-disable-tls13.patch
@@ -0,0 +1,30 @@
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -2382,16 +2382,26 @@ ssl3_CreateOverlapWithPolicy(SSLProtocol
+     rv = ssl3_GetEffectiveVersionPolicy(protocolVariant,
+                                         &effectivePolicyBoundary);
+     if (rv == SECFailure) {
+         /* SECFailure means internal failure or invalid configuration. */
+         overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE;
+         return SECFailure;
+     }
+ 
++    /* TODO: TLSv1.3 doesn't work yet under FIPS mode */
++    if (PK11_IsFIPS()) {
++        if (effectivePolicyBoundary.min >= SSL_LIBRARY_VERSION_TLS_1_3) {
++            effectivePolicyBoundary.min = SSL_LIBRARY_VERSION_TLS_1_2;
++        }
++        if (effectivePolicyBoundary.max >= SSL_LIBRARY_VERSION_TLS_1_3) {
++            effectivePolicyBoundary.max = SSL_LIBRARY_VERSION_TLS_1_2;
++        }
++    }
++
+     vrange.min = PR_MAX(input->min, effectivePolicyBoundary.min);
+     vrange.max = PR_MIN(input->max, effectivePolicyBoundary.max);
+ 
+     if (vrange.max < vrange.min) {
+         /* there was no overlap, turn off range altogether */
+         overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE;
+         return SECFailure;
+     }
diff --git a/SOURCES/nss-fix-public-key-from-priv.patch b/SOURCES/nss-fix-public-key-from-priv.patch
new file mode 100644
index 0000000..275bfc7
--- /dev/null
+++ b/SOURCES/nss-fix-public-key-from-priv.patch
@@ -0,0 +1,299 @@
+diff -up ./nss/gtests/pk11_gtest/pk11_import_unittest.cc.pub-priv-mechs ./nss/gtests/pk11_gtest/pk11_import_unittest.cc
+--- ./nss/gtests/pk11_gtest/pk11_import_unittest.cc.pub-priv-mechs	2019-05-10 14:14:18.000000000 -0700
++++ ./nss/gtests/pk11_gtest/pk11_import_unittest.cc	2019-06-05 12:01:13.728544204 -0700
+@@ -78,17 +78,40 @@ class Pk11KeyImportTestBase : public ::t
+   CK_MECHANISM_TYPE mech_;
+ 
+  private:
++  SECItem GetPublicComponent(ScopedSECKEYPublicKey& pub_key) {
++    SECItem null = { siBuffer, NULL, 0};
++    switch(SECKEY_GetPublicKeyType(pub_key.get())) {
++    case rsaKey:
++    case rsaPssKey:
++    case rsaOaepKey:
++       return pub_key->u.rsa.modulus;
++    case keaKey:
++       return pub_key->u.kea.publicValue;
++    case dsaKey:
++       return pub_key->u.dsa.publicValue;
++    case dhKey:
++       return pub_key->u.dh.publicValue;
++    case ecKey:
++       return pub_key->u.ec.publicValue;
++    case fortezzaKey: /* depricated */
++    case nullKey:
++    /* didn't use default here so we can catch new key types at compile time */
++       break;
++    }
++    return null;
++  }
+   void CheckForPublicKey(const ScopedSECKEYPrivateKey& priv_key,
+                          const SECItem* expected_public) {
+     // Verify the public key exists.
+     StackSECItem priv_id;
++    KeyType type = SECKEY_GetPrivateKeyType(priv_key.get());
+     SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, priv_key.get(),
+                                          CKA_ID, &priv_id);
+     ASSERT_EQ(SECSuccess, rv) << "Couldn't read CKA_ID from private key: "
+                               << PORT_ErrorToName(PORT_GetError());
+ 
+     CK_ATTRIBUTE_TYPE value_type = CKA_VALUE;
+-    switch (SECKEY_GetPrivateKeyType(priv_key.get())) {
++    switch (type) {
+       case rsaKey:
+         value_type = CKA_MODULUS;
+         break;
+@@ -106,6 +129,8 @@ class Pk11KeyImportTestBase : public ::t
+         FAIL() << "unknown key type";
+     }
+ 
++    // Scan public key objects until we find one with the same CKA_ID as
++    // priv_key
+     std::unique_ptr<PK11GenericObject, PK11GenericObjectsDeleter> objs(
+         PK11_FindGenericObjects(slot_.get(), CKO_PUBLIC_KEY));
+     ASSERT_NE(nullptr, objs);
+@@ -128,20 +153,46 @@ class Pk11KeyImportTestBase : public ::t
+       ASSERT_EQ(1U, token.len);
+       ASSERT_NE(0, token.data[0]);
+ 
+-      StackSECItem value;
+-      rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &value);
++      StackSECItem raw_value;
++      SECItem decoded_value;
++      rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &raw_value);
+       ASSERT_EQ(SECSuccess, rv);
++      SECItem value = raw_value;
+ 
++      // Decode the EC_POINT and check the output against expected.
+       // CKA_EC_POINT isn't stable, see Bug 1520649.
++      ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
++      ASSERT_TRUE(arena);
+       if (value_type == CKA_EC_POINT) {
+-        continue;
+-      }
+ 
++        // If this fails due to the noted inconsistency, we may need to
++        // check the whole raw_value, or remove a leading UNCOMPRESSED_POINT tag
++        rv = SEC_QuickDERDecodeItem(arena.get(), &decoded_value,
++                                    SEC_ASN1_GET(SEC_OctetStringTemplate),
++                                    &raw_value);
++        ASSERT_EQ(SECSuccess, rv);
++        value = decoded_value;
++      }
+       ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &value))
+           << "expected: "
+           << DataBuffer(expected_public->data, expected_public->len)
+           << std::endl
+           << "actual: " << DataBuffer(value.data, value.len) << std::endl;
++
++      // Finally, convert the private to public and ensure it matches.
++      ScopedSECKEYPublicKey pub_key(
++            SECKEY_ConvertToPublicKey(priv_key.get()));
++      ASSERT_TRUE(pub_key);
++      SECItem converted_public = GetPublicComponent(pub_key);
++      ASSERT_TRUE(converted_public.len != 0);
++
++      ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &converted_public))
++            << "expected: "
++            << DataBuffer(expected_public->data, expected_public->len)
++            << std::endl
++            << "actual: "
++            << DataBuffer(converted_public.data, converted_public.len)
++            << std::endl;
+     }
+   }
+ 
+diff -up ./nss/lib/cryptohi/seckey.c.pub-priv-mechs ./nss/lib/cryptohi/seckey.c
+--- ./nss/lib/cryptohi/seckey.c.pub-priv-mechs	2019-05-10 14:14:18.000000000 -0700
++++ ./nss/lib/cryptohi/seckey.c	2019-06-05 12:01:13.729544204 -0700
+@@ -1206,6 +1206,37 @@ SECKEY_CopyPublicKey(const SECKEYPublicK
+     return NULL;
+ }
+ 
++/*
++ * Use the private key to find a public key handle. The handle will be on
++ * the same slot as the private key.
++ */
++static CK_OBJECT_HANDLE
++seckey_FindPublicKeyHandle(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk)
++{
++    CK_OBJECT_HANDLE keyID;
++
++    /* this helper function is only used below. If we want to make this more
++     * general, we would need to free up any already cached handles if the
++     * slot doesn't match up with the private key slot */
++    PORT_Assert(pubk->pkcs11ID == CK_INVALID_HANDLE);
++
++    /* first look for a matching public key */
++    keyID = PK11_MatchItem(privk->pkcs11Slot, privk->pkcs11ID, CKO_PUBLIC_KEY);
++    if (keyID != CK_INVALID_HANDLE) {
++        return keyID;
++    }
++
++    /* none found, create a temp one, make the pubk the owner */
++    pubk->pkcs11ID = PK11_DerivePubKeyFromPrivKey(privk);
++    if (pubk->pkcs11ID == CK_INVALID_HANDLE) {
++        /* end of the road. Token doesn't have matching public key, nor can
++          * token regenerate a new public key from and existing private key. */
++        return CK_INVALID_HANDLE;
++    }
++    pubk->pkcs11Slot = PK11_ReferenceSlot(privk->pkcs11Slot);
++    return pubk->pkcs11ID;
++}
++
+ SECKEYPublicKey *
+ SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
+ {
+@@ -1213,6 +1244,8 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
+     PLArenaPool *arena;
+     CERTCertificate *cert;
+     SECStatus rv;
++    CK_OBJECT_HANDLE pubKeyHandle;
++    SECItem decodedPoint;
+ 
+     /*
+      * First try to look up the cert.
+@@ -1243,11 +1276,47 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
+ 
+     switch (privk->keyType) {
+         case nullKey:
+-        case dhKey:
+-        case dsaKey:
+             /* Nothing to query, if the cert isn't there, we're done -- no way
+              * to get the public key */
+             break;
++        case dsaKey:
++            pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
++            if (pubKeyHandle == CK_INVALID_HANDLE)
++                break;
++            rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++                                    CKA_BASE, arena, &pubk->u.dsa.params.base);
++            if (rv != SECSuccess)
++                break;
++            rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++                                    CKA_PRIME, arena, &pubk->u.dsa.params.prime);
++            if (rv != SECSuccess)
++                break;
++            rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++                                    CKA_SUBPRIME, arena, &pubk->u.dsa.params.subPrime);
++            if (rv != SECSuccess)
++                break;
++            rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++                                    CKA_VALUE, arena, &pubk->u.dsa.publicValue);
++            if (rv != SECSuccess)
++                break;
++            return pubk;
++        case dhKey:
++            pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
++            if (pubKeyHandle == CK_INVALID_HANDLE)
++                break;
++            rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++                                    CKA_BASE, arena, &pubk->u.dh.base);
++            if (rv != SECSuccess)
++                break;
++            rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++                                    CKA_PRIME, arena, &pubk->u.dh.prime);
++            if (rv != SECSuccess)
++                break;
++            rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++                                    CKA_VALUE, arena, &pubk->u.dh.publicValue);
++            if (rv != SECSuccess)
++                break;
++            return pubk;
+         case rsaKey:
+             rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+                                     CKA_MODULUS, arena, &pubk->u.rsa.modulus);
+@@ -1258,7 +1327,6 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
+             if (rv != SECSuccess)
+                 break;
+             return pubk;
+-            break;
+         case ecKey:
+             rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+                                     CKA_EC_PARAMS, arena, &pubk->u.ec.DEREncodedParams);
+@@ -1268,7 +1336,23 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
+             rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+                                     CKA_EC_POINT, arena, &pubk->u.ec.publicValue);
+             if (rv != SECSuccess || pubk->u.ec.publicValue.len == 0) {
+-                break;
++                pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
++                if (pubKeyHandle == CK_INVALID_HANDLE)
++                    break;
++                rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++                                        CKA_EC_POINT, arena, &pubk->u.ec.publicValue);
++                if (rv != SECSuccess)
++                    break;
++            }
++            /* ec.publicValue should be decoded, PKCS #11 defines CKA_EC_POINT
++             * as encoded, but it's not always. try do decoded it and if it
++             * succeeds store the decoded value */
++            rv = SEC_QuickDERDecodeItem(arena, &decodedPoint,
++                                        SEC_ASN1_GET(SEC_OctetStringTemplate), &pubk->u.ec.publicValue);
++            if (rv == SECSuccess) {
++                /* both values are in the public key arena, so it's safe to
++                 * overwrite  the old value */
++                pubk->u.ec.publicValue = decodedPoint;
+             }
+             pubk->u.ec.encoding = ECPoint_Undefined;
+             return pubk;
+@@ -1276,7 +1360,9 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
+             break;
+     }
+ 
+-    PORT_FreeArena(arena, PR_FALSE);
++    /* must use Destroy public key here, because some paths create temporary
++     * PKCS #11 objects which need to be freed */
++    SECKEY_DestroyPublicKey(pubk);
+     return NULL;
+ }
+ 
+diff -up ./nss/lib/pk11wrap/pk11priv.h.pub-priv-mechs ./nss/lib/pk11wrap/pk11priv.h
+--- ./nss/lib/pk11wrap/pk11priv.h.pub-priv-mechs	2019-05-10 14:14:18.000000000 -0700
++++ ./nss/lib/pk11wrap/pk11priv.h	2019-06-05 12:01:13.729544204 -0700
+@@ -111,6 +111,7 @@ CK_OBJECT_HANDLE PK11_FindObjectForCert(
+ PK11SymKey *pk11_CopyToSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                             CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey);
+ unsigned int pk11_GetPredefinedKeyLength(CK_KEY_TYPE keyType);
++CK_OBJECT_HANDLE PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey);
+ 
+ /**********************************************************************
+  *                   Certs
+diff -up ./nss/lib/pk11wrap/pk11skey.c.pub-priv-mechs ./nss/lib/pk11wrap/pk11skey.c
+--- ./nss/lib/pk11wrap/pk11skey.c.pub-priv-mechs	2019-05-10 14:14:18.000000000 -0700
++++ ./nss/lib/pk11wrap/pk11skey.c	2019-06-05 12:01:13.730544203 -0700
+@@ -1840,6 +1840,35 @@ loser:
+ }
+ 
+ /*
++ * This regenerate a public key from a private key. This function is currently
++ * NSS private. If we want to make it public, we need to add and optional
++ * template or at least flags (a.la. PK11_DeriveWithFlags).
++ */
++CK_OBJECT_HANDLE
++PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey)
++{
++    PK11SlotInfo *slot = privKey->pkcs11Slot;
++    CK_MECHANISM mechanism;
++    CK_OBJECT_HANDLE objectID = CK_INVALID_HANDLE;
++    CK_RV crv;
++
++    mechanism.mechanism = CKM_NSS_PUB_FROM_PRIV;
++    mechanism.pParameter = NULL;
++    mechanism.ulParameterLen = 0;
++
++    PK11_EnterSlotMonitor(slot);
++    crv = PK11_GETTAB(slot)->C_DeriveKey(slot->session, &mechanism,
++                                         privKey->pkcs11ID, NULL, 0,
++                                         &objectID);
++    PK11_ExitSlotMonitor(slot);
++    if (crv != CKR_OK) {
++        PORT_SetError(PK11_MapError(crv));
++        return CK_INVALID_HANDLE;
++    }
++    return objectID;
++}
++
++/*
+  * This Generates a wrapping key based on a privateKey, publicKey, and two
+  * random numbers. For Mail usage RandomB should be NULL. In the Sender's
+  * case RandomA is generate, outherwize it is passed.
diff --git a/SOURCES/nss-pkcs12-iterations-limit.patch b/SOURCES/nss-pkcs12-iterations-limit.patch
deleted file mode 100644
index 8b035b8..0000000
--- a/SOURCES/nss-pkcs12-iterations-limit.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-# HG changeset patch
-# User J.C. Jones <jjones@mozilla.com>
-# Date 1521824312 25200
-#      Fri Mar 23 09:58:32 2018 -0700
-# Branch NSS_3_36_BRANCH
-# Node ID ba3f1cc8a8e644ee6f8a763624d97e987816304d
-# Parent  2355c9e3bba477c947a09a2fe8b1ed8971fab1cb
-Bug 1278071 - Limit iterations for PKCS #12 export for Windows r=kaie
-
-Per Bug 1436873, Windows is limited on importing PKCS12 files of 600k rounds
-or less. So for compatibility's sake, let's limit there, too.
-
-diff --git a/lib/pkcs7/p7create.c b/lib/pkcs7/p7create.c
---- a/lib/pkcs7/p7create.c
-+++ b/lib/pkcs7/p7create.c
-@@ -22,7 +22,7 @@ const int NSS_PBE_DEFAULT_ITERATION_COUN
- #ifdef DEBUG
-     10000
- #else
--    1000000
-+    600000
- #endif
-     ;
- 
diff --git a/SOURCES/nss-post-handshake-auth-with-tickets.patch b/SOURCES/nss-post-handshake-auth-with-tickets.patch
new file mode 100644
index 0000000..ac51f07
--- /dev/null
+++ b/SOURCES/nss-post-handshake-auth-with-tickets.patch
@@ -0,0 +1,96 @@
+# HG changeset patch
+# User Daiki Ueno <dueno@redhat.com>
+# Date 1559121620 -7200
+#      Wed May 29 11:20:20 2019 +0200
+# Node ID 29a48b604602a523defd6f9322a5adeca7e284a5
+# Parent  43a7fb4f994a31222c308113b0fccdd5480d5b8e
+Bug 1553443, send session ticket only after handshake is marked as finished
+
+Reviewers: mt
+
+Reviewed By: mt
+
+Bug #: 1553443
+
+Differential Revision: https://phabricator.services.mozilla.com/D32128
+
+diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc
+--- a/gtests/ssl_gtest/ssl_auth_unittest.cc
++++ b/gtests/ssl_gtest/ssl_auth_unittest.cc
+@@ -537,6 +537,40 @@ TEST_F(TlsConnectStreamTls13, PostHandsh
+                       capture_cert_req->buffer().len()));
+ }
+ 
++// Check if post-handshake auth still works when session tickets are enabled:
++// https://bugzilla.mozilla.org/show_bug.cgi?id=1553443
++TEST_F(TlsConnectStreamTls13, PostHandshakeAuthWithSessionTicketsEnabled) {
++  EnsureTlsSetup();
++  client_->SetupClientAuth();
++  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
++                                      SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
++  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
++                                      SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
++  EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
++                                      SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
++  size_t called = 0;
++  server_->SetAuthCertificateCallback(
++      [&called](TlsAgent*, PRBool, PRBool) -> SECStatus {
++        called++;
++        return SECSuccess;
++      });
++  Connect();
++  EXPECT_EQ(0U, called);
++  // Send CertificateRequest.
++  EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook(
++                            client_->ssl_fd(), GetClientAuthDataHook, nullptr));
++  EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
++      << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
++  server_->SendData(50);
++  client_->ReadBytes(50);
++  client_->SendData(50);
++  server_->ReadBytes(50);
++  EXPECT_EQ(1U, called);
++  ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd()));
++  ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd()));
++  EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
++}
++
+ // In TLS 1.3, the client sends its cert rejection on the
+ // second flight, and since it has already received the
+ // server's Finished, it transitions to complete and
+diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c
+--- a/lib/ssl/tls13con.c
++++ b/lib/ssl/tls13con.c
+@@ -4561,6 +4561,11 @@ tls13_ServerHandleFinished(sslSocket *ss
+         return SECFailure;
+     }
+ 
++    rv = tls13_FinishHandshake(ss);
++    if (rv != SECSuccess) {
++        return SECFailure;
++    }
++
+     ssl_GetXmitBufLock(ss);
+     if (ss->opt.enableSessionTickets) {
+         rv = tls13_SendNewSessionTicket(ss, NULL, 0);
+@@ -4573,8 +4578,7 @@ tls13_ServerHandleFinished(sslSocket *ss
+         }
+     }
+     ssl_ReleaseXmitBufLock(ss);
+-
+-    return tls13_FinishHandshake(ss);
++    return SECSuccess;
+ 
+ loser:
+     ssl_ReleaseXmitBufLock(ss);
+diff --git a/tests/ssl/sslauth.txt b/tests/ssl/sslauth.txt
+--- a/tests/ssl/sslauth.txt
++++ b/tests/ssl/sslauth.txt
+@@ -42,6 +42,7 @@
+   noECC     0       -r_-r_-r_-r_-E  -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Require client auth on post hs (client auth)
+   noECC     0       -r_-r_-r_-E  -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Request don't require client auth on post hs (client does not provide auth)
+   noECC     1       -r_-r_-r_-r_-E  -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Require client auth on post hs (client does not provide auth)
++  noECC     0       -r_-r_-r_-E_-u  -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Request don't require client auth on post hs with session ticket (client auth)
+ #
+ # Use EC cert for client authentication
+ #
diff --git a/SOURCES/nss-reorder-cipher-suites-gtests.patch b/SOURCES/nss-reorder-cipher-suites-gtests.patch
index 0675959..73b049f 100644
--- a/SOURCES/nss-reorder-cipher-suites-gtests.patch
+++ b/SOURCES/nss-reorder-cipher-suites-gtests.patch
@@ -1,7 +1,7 @@
 diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_auth_unittest.cc
---- nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests	2018-03-05 16:58:32.000000000 +0100
-+++ nss/gtests/ssl_gtest/ssl_auth_unittest.cc	2018-03-09 17:29:32.985313219 +0100
-@@ -231,7 +231,9 @@ static SSLNamedGroup NamedGroupForEcdsa3
+--- nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests	2019-03-16 01:25:08.000000000 +0100
++++ nss/gtests/ssl_gtest/ssl_auth_unittest.cc	2019-03-22 11:25:50.523173253 +0100
+@@ -728,7 +728,9 @@ static SSLNamedGroup NamedGroupForEcdsa3
    // NSS tries to match the group size to the symmetric cipher. In TLS 1.1 and
    // 1.0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is the highest priority suite, so
    // we use P-384. With TLS 1.2 on we pick AES-128 GCM so use x25519.
@@ -12,7 +12,7 @@ diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests 
      return ssl_grp_ec_secp384r1;
    }
    return ssl_grp_ec_curve25519;
-@@ -870,20 +872,24 @@ INSTANTIATE_TEST_CASE_P(
+@@ -1377,20 +1379,24 @@ INSTANTIATE_TEST_CASE_P(
                         ::testing::Values(TlsAgent::kServerEcdsa256),
                         ::testing::Values(ssl_auth_ecdsa),
                         ::testing::Values(ssl_sig_ecdsa_secp256r1_sha256)));
@@ -39,9 +39,63 @@ diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests 
  INSTANTIATE_TEST_CASE_P(
      SignatureSchemeEcdsaSha1, TlsSignatureSchemeConfiguration,
      ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
-@@ -892,4 +898,5 @@ INSTANTIATE_TEST_CASE_P(
+@@ -1399,4 +1405,5 @@ INSTANTIATE_TEST_CASE_P(
                                           TlsAgent::kServerEcdsa384),
                         ::testing::Values(ssl_auth_ecdsa),
                         ::testing::Values(ssl_sig_ecdsa_sha1)));
 +#endif
  }  // namespace nss_test
+diff -up nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc
+--- nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests	2019-03-16 01:25:08.000000000 +0100
++++ nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc	2019-03-22 11:25:50.523173253 +0100
+@@ -71,11 +71,13 @@ void CheckRecordSizes(const std::shared_
+       break;
+ 
+     case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
++    case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+       expansion = 16;
+       iv = 8;
+       break;
+ 
+     case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
++    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+       // Expansion is 20 for the MAC.  Maximum block padding is 16.  Maximum
+       // padding is added when the input plus the MAC is an exact multiple of
+       // the block size.
+diff -up nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc
+--- nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests	2019-03-16 01:25:08.000000000 +0100
++++ nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc	2019-03-22 11:29:30.452433420 +0100
+@@ -133,7 +133,19 @@ TEST_P(TlsConnectGenericPre13, TooLargeR
+ TEST_P(TlsConnectGeneric, ServerAuthBiggestRsa) {
+   Reset(TlsAgent::kRsa8192);
+   Connect();
+-  CheckKeys();
++  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
++    CheckKeys();
++  } else {
++    // in TLS 1.2 or TLS 1.1, AES-256 is selected by default, which
++    // needs a different kea setup
++    SSLSignatureScheme scheme;
++    if (version_ >= SSL_LIBRARY_VERSION_TLS_1_2) {
++        scheme = ssl_sig_rsa_pss_rsae_sha256;
++    } else {
++        scheme = ssl_sig_rsa_pkcs1_sha256;
++    }
++    CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp521r1, ssl_auth_rsa_sign, scheme);
++  }
+ }
+ 
+ }  // namespace nss_test
+diff -up nss/gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/tls_agent.cc
+--- nss/gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests	2019-03-22 11:28:19.936944328 +0100
++++ nss/gtests/ssl_gtest/tls_agent.cc	2019-03-22 11:29:58.712828287 +0100
+@@ -532,6 +532,9 @@ void TlsAgent::CheckKEA(SSLKEAType kea,
+       case ssl_grp_ec_secp384r1:
+         kea_size = 384;
+         break;
++      case ssl_grp_ec_secp521r1:
++        kea_size = 521;
++        break;
+       case ssl_grp_ffdhe_2048:
+         kea_size = 2048;
+         break;
diff --git a/SOURCES/nss-reorder-cipher-suites.patch b/SOURCES/nss-reorder-cipher-suites.patch
index 9806190..c295c1d 100644
--- a/SOURCES/nss-reorder-cipher-suites.patch
+++ b/SOURCES/nss-reorder-cipher-suites.patch
@@ -1,21 +1,16 @@
 diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
---- nss/lib/ssl/ssl3con.c.reorder-cipher-suites	2017-04-26 11:47:33.690047402 +0200
-+++ nss/lib/ssl/ssl3con.c	2017-04-26 11:51:51.103013632 +0200
-@@ -91,54 +91,44 @@ PRBool ssl_IsRsaPssSignatureScheme(SSLSi
- /* clang-format off */
- static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
-    /*      cipher_suite                     policy       enabled   isPresent */
-- /* Special TLS 1.3 suites. */
-- { TLS_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
-- { TLS_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
-- { TLS_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE },
--
+--- nss/lib/ssl/ssl3con.c.reorder-cipher-suites	2019-03-16 01:25:08.000000000 +0100
++++ nss/lib/ssl/ssl3con.c	2019-03-21 14:22:01.578936057 +0100
+@@ -90,49 +90,44 @@ static ssl3CipherSuiteCfg cipherSuites[s
+  { TLS_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
+  { TLS_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE },
+ 
 - { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
 - { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
 - { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
 - { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+  { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
 -   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
 -    * bug 946147.
 -    */
@@ -29,7 +24,7 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
 - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
 + { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
 + { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
++ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
   { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
 - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -42,7 +37,7 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
 - { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
 -
-+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
++ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
 + { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
 + { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
 + { TLS_DHE_DSS_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
@@ -53,7 +48,7 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
   { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
   { TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE,  PR_FALSE},
   { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
 - { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
   { TLS_DHE_DSS_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
@@ -74,14 +69,14 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
   { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-@@ -147,27 +137,21 @@ static ssl3CipherSuiteCfg cipherSuites[s
+@@ -141,27 +136,21 @@ static ssl3CipherSuiteCfg cipherSuites[s
   { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDH_ECDSA_WITH_RC4_128_SHA,         SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDH_RSA_WITH_RC4_128_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
 -
 - /* RSA */
 - { TLS_RSA_WITH_AES_128_GCM_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_FALSE, PR_FALSE},
+  { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
 - { TLS_RSA_WITH_AES_128_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
 - { TLS_RSA_WITH_AES_128_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
 - { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -106,27 +101,13 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
   { TLS_ECDHE_ECDSA_WITH_NULL_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDHE_RSA_WITH_NULL_SHA,             SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDH_RSA_WITH_NULL_SHA,              SSL_ALLOWED, PR_FALSE, PR_FALSE},
-@@ -175,6 +159,9 @@ static ssl3CipherSuiteCfg cipherSuites[s
-  { TLS_RSA_WITH_NULL_SHA,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_RSA_WITH_NULL_SHA256,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_RSA_WITH_NULL_MD5,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
-+ { TLS_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
-+ { TLS_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE },
- };
- /* clang-format on */
- 
 diff -up nss/lib/ssl/sslenum.c.reorder-cipher-suites nss/lib/ssl/sslenum.c
---- nss/lib/ssl/sslenum.c.reorder-cipher-suites	2017-04-26 11:46:50.215066457 +0200
-+++ nss/lib/ssl/sslenum.c	2017-04-26 11:47:09.362617638 +0200
-@@ -55,53 +55,44 @@
-  * the third one.
-  */
- const PRUint16 SSL_ImplementedCiphers[] = {
--    TLS_AES_128_GCM_SHA256,
--    TLS_CHACHA20_POLY1305_SHA256,
--    TLS_AES_256_GCM_SHA384,
--
+--- nss/lib/ssl/sslenum.c.reorder-cipher-suites	2019-03-16 01:25:08.000000000 +0100
++++ nss/lib/ssl/sslenum.c	2019-03-21 14:22:16.479624167 +0100
+@@ -59,49 +59,44 @@ const PRUint16 SSL_ImplementedCiphers[]
+     TLS_CHACHA20_POLY1305_SHA256,
+     TLS_AES_256_GCM_SHA384,
+ 
 -    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 -    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 -    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
@@ -191,7 +172,7 @@ diff -up nss/lib/ssl/sslenum.c.reorder-cipher-suites nss/lib/ssl/sslenum.c
      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-@@ -110,26 +101,21 @@ const PRUint16 SSL_ImplementedCiphers[]
+@@ -110,26 +105,21 @@ const PRUint16 SSL_ImplementedCiphers[]
      TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
      TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
      TLS_ECDH_RSA_WITH_RC4_128_SHA,
@@ -222,13 +203,3 @@ diff -up nss/lib/ssl/sslenum.c.reorder-cipher-suites nss/lib/ssl/sslenum.c
      TLS_ECDHE_ECDSA_WITH_NULL_SHA,
      TLS_ECDHE_RSA_WITH_NULL_SHA,
      TLS_ECDH_RSA_WITH_NULL_SHA,
-@@ -137,6 +123,9 @@ const PRUint16 SSL_ImplementedCiphers[]
-     TLS_RSA_WITH_NULL_SHA,
-     TLS_RSA_WITH_NULL_SHA256,
-     TLS_RSA_WITH_NULL_MD5,
-+    TLS_AES_128_GCM_SHA256,
-+    TLS_CHACHA20_POLY1305_SHA256,
-+    TLS_AES_256_GCM_SHA384,
- 
-     0
- };
diff --git a/SOURCES/nss-rhel7.config b/SOURCES/nss-rhel7.config
index be6d690..84e18ce 100644
--- a/SOURCES/nss-rhel7.config
+++ b/SOURCES/nss-rhel7.config
@@ -3,5 +3,5 @@
 library=
 name=Policy
 NSS=flags=policyOnly,moduleDB
-config="disallow=md5 allow=DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023"
+config="disallow=MD5:RC4 allow=DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023:TLS-VERSION-MIN=tls1.0"
 
diff --git a/SOURCES/nss-skip-sysinit-gtests.patch b/SOURCES/nss-skip-sysinit-gtests.patch
new file mode 100644
index 0000000..4c3ea29
--- /dev/null
+++ b/SOURCES/nss-skip-sysinit-gtests.patch
@@ -0,0 +1,11 @@
+diff -up nss/gtests/manifest.mn.skip-sysinit-gtests nss/gtests/manifest.mn
+--- nss/gtests/manifest.mn.skip-sysinit-gtests	2019-04-26 12:55:05.979302035 +0200
++++ nss/gtests/manifest.mn	2019-04-26 12:55:09.507228984 +0200
+@@ -27,7 +27,6 @@ NSS_SRCDIRS = \
+ 	smime_gtest \
+ 	softoken_gtest \
+ 	ssl_gtest \
+-	$(SYSINIT_GTEST) \
+ 	nss_bogo_shim \
+ 	$(NULL)
+ endif
diff --git a/SOURCES/nss-skip-tls13-fips-tests.sh b/SOURCES/nss-skip-tls13-fips-tests.sh
new file mode 100644
index 0000000..2d4ff9c
--- /dev/null
+++ b/SOURCES/nss-skip-tls13-fips-tests.sh
@@ -0,0 +1,16 @@
+diff -up nss/tests/ssl/ssl.sh.skip-tls13-fips-mode nss/tests/ssl/ssl.sh
+--- nss/tests/ssl/ssl.sh.skip-tls13-fips-mode	2019-05-16 10:52:35.926904215 +0200
++++ nss/tests/ssl/ssl.sh	2019-05-16 10:53:05.953281239 +0200
+@@ -412,6 +412,12 @@ ssl_auth()
+       echo "${testname}" | grep "TLS 1.3" > /dev/null
+       TLS13=$?
+ 
++      if [ "${TLS13}" -eq 0 ] && \
++	 [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
++          echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
++          continue
++      fi
++
+       if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then
+           echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
+       elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
diff --git a/SOURCES/nss-skip-util-gtest.patch b/SOURCES/nss-skip-util-gtest.patch
index 02bf308..2a914d3 100644
--- a/SOURCES/nss-skip-util-gtest.patch
+++ b/SOURCES/nss-skip-util-gtest.patch
@@ -1,7 +1,7 @@
 diff -up nss/gtests/manifest.mn.skip-util-gtests nss/gtests/manifest.mn
---- nss/gtests/manifest.mn.skip-util-gtests	2017-09-20 08:47:27.000000000 +0200
-+++ nss/gtests/manifest.mn	2017-10-19 11:02:27.773910909 +0200
-@@ -32,6 +32,5 @@ endif
+--- nss/gtests/manifest.mn.skip-util-gtests	2019-03-16 01:25:08.000000000 +0100
++++ nss/gtests/manifest.mn	2019-03-21 12:41:02.264072681 +0100
+@@ -35,6 +35,5 @@ endif
  
  DIRS = \
  	$(LIB_SRCDIRS) \
@@ -9,9 +9,9 @@ diff -up nss/gtests/manifest.mn.skip-util-gtests nss/gtests/manifest.mn
  	$(NSS_SRCDIRS) \
  	$(NULL)
 diff -up nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests nss/gtests/ssl_gtest/manifest.mn
---- nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests	2017-09-20 08:47:27.000000000 +0200
-+++ nss/gtests/ssl_gtest/manifest.mn	2017-10-19 11:02:27.773910909 +0200
-@@ -58,6 +58,7 @@ PROGRAM = ssl_gtest
+--- nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests	2019-03-16 01:25:08.000000000 +0100
++++ nss/gtests/ssl_gtest/manifest.mn	2019-03-21 12:41:02.265072660 +0100
+@@ -67,6 +67,7 @@ PROGRAM = ssl_gtest
  EXTRA_LIBS += \
        $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
        $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \
@@ -19,15 +19,3 @@ diff -up nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests nss/gtests/ssl_gtest/
        $(NULL)
  
  USE_STATIC_LIBS = 1
-diff -up nss/tests/gtests/gtests.sh.skip-util-gtests nss/tests/gtests/gtests.sh
---- nss/tests/gtests/gtests.sh.skip-util-gtests	2017-09-20 08:47:27.000000000 +0200
-+++ nss/tests/gtests/gtests.sh	2017-10-19 11:03:57.473976538 +0200
-@@ -83,7 +83,7 @@ gtest_cleanup()
- }
- 
- ################## main #################################################
--GTESTS="prng_gtest certhigh_gtest certdb_gtest der_gtest pk11_gtest util_gtest freebl_gtest softoken_gtest blake2b_gtest"
-+GTESTS="certhigh_gtest certdb_gtest der_gtest pk11_gtest softoken_gtest"
- SOURCE_DIR="$PWD"/../..
- gtest_init $0
- gtest_start
diff --git a/SOURCES/nss-ssl2-compatible-client-hello.patch b/SOURCES/nss-ssl2-compatible-client-hello.patch
new file mode 100644
index 0000000..a1f5217
--- /dev/null
+++ b/SOURCES/nss-ssl2-compatible-client-hello.patch
@@ -0,0 +1,12 @@
+diff -up nss/lib/ssl/sslsock.c.ssl2hello nss/lib/ssl/sslsock.c
+--- nss/lib/ssl/sslsock.c.ssl2hello	2019-04-26 11:31:02.139693304 +0200
++++ nss/lib/ssl/sslsock.c	2019-04-26 11:31:36.842975724 +0200
+@@ -86,7 +86,7 @@ static sslOptions ssl_defaults = {
+     .enableTls13CompatMode = PR_FALSE,
+     .enableDtlsShortHeader = PR_FALSE,
+     .enableHelloDowngradeCheck = PR_FALSE,
+-    .enableV2CompatibleHello = PR_FALSE,
++    .enableV2CompatibleHello = PR_TRUE,
+     .enablePostHandshakeAuth = PR_FALSE
+ };
+ 
diff --git a/SOURCES/nss-ssl2-server-random.patch b/SOURCES/nss-ssl2-server-random.patch
deleted file mode 100644
index 0a242c8..0000000
--- a/SOURCES/nss-ssl2-server-random.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-# HG changeset patch
-# User Martin Thomson <martin.thomson@gmail.com>
-# Date 1535458477 -7200
-#      Tue Aug 28 14:14:37 2018 +0200
-# Branch NSS_3_36_BRANCH
-# Node ID 14bfa8390396e18ba5b35c7fb299a2c2023f6448
-# Parent  42bc6956fda39f6afe81b8de7afb542f3216bc7e
-Bug 1483128 - Move random generation, r?ekr
-
-Summary: This is the simpler fix.  It's making the bug pretty obvious though.
-
-Reviewers: ekr, kaie
-
-Subscribers: HubertKario, mt, ekr, beurdouche, kaie, jcj, ueno, wtc, rrelyea
-
-Tags: #secure-revision, PHID-PROJ-ffhf7tdvqze7zrdn6dh3
-
-Bug #: 1483128
-
-Differential Revision: https://phabricator.services.mozilla.com/D4282
-
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -8082,14 +8082,6 @@ ssl3_HandleClientHello(sslSocket *ss, PR
-         }
-     }
- 
--    /* Generate the Server Random now so it is available
--     * when we process the ClientKeyShare in TLS 1.3 */
--    rv = ssl3_GetNewRandom(ss->ssl3.hs.server_random);
--    if (rv != SECSuccess) {
--        errCode = SSL_ERROR_GENERATE_RANDOM_FAILURE;
--        goto loser;
--    }
--
- #ifndef TLS_1_3_DRAFT_VERSION
-     /*
-      * [draft-ietf-tls-tls13-11 Section 6.3.1.1].
-@@ -8878,6 +8870,7 @@ ssl_ConstructServerHello(sslSocket *ss, 
-     SECStatus rv;
-     SSL3ProtocolVersion version;
-     sslSessionID *sid = ss->sec.ci.sid;
-+    const PRUint8 *random;
- 
-     if (IS_DTLS(ss) && ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-         version = dtls_TLSVersionToDTLSVersion(ss->version);
-@@ -8889,9 +8882,17 @@ ssl_ConstructServerHello(sslSocket *ss, 
-     if (rv != SECSuccess) {
-         return SECFailure;
-     }
--    /* Random already generated in ssl3_HandleClientHello */
--    rv = sslBuffer_Append(messageBuf, helloRetry ? ssl_hello_retry_random : ss->ssl3.hs.server_random,
--                          SSL3_RANDOM_LENGTH);
-+
-+    if (helloRetry) {
-+        random = ssl_hello_retry_random;
-+    } else {
-+        rv = ssl3_GetNewRandom(ss->ssl3.hs.server_random);
-+        if (rv != SECSuccess) {
-+            return SECFailure;
-+        }
-+        random = ss->ssl3.hs.server_random;
-+    }
-+    rv = sslBuffer_Append(messageBuf, random, SSL3_RANDOM_LENGTH);
-     if (rv != SECSuccess) {
-         return SECFailure;
-     }
-# HG changeset patch
-# User Martin Thomson <martin.thomson@gmail.com>
-# Date 1535458545 -7200
-#      Tue Aug 28 14:15:45 2018 +0200
-# Node ID eee3954f57355ad04bc32f1c2dfe25d7e13a3382
-# Parent  4c7ffcfd43f613eb08ee7b4a75dbeb1a7fb540ce
-Bug 1483128 - Test that randoms aren't fixed, r?ekr
-
-Summary:
-We can't easily test that ClientHello.random and ServerHello.random are truly
-random in these tests, but we can catch mistakes the likes of which produced
-this bug.  This just runs a few handshakes and tests that none of the random
-values are equal to any other, or they are equal to zero.
-
-Reviewers: ekr
-
-Subscribers: mt, ekr, beurdouche, kaie, jcj, ueno, rrelyea, wtc, HubertKario
-
-Tags: #secure-revision, PHID-PROJ-ffhf7tdvqze7zrdn6dh3
-
-Bug #: 1483128
-
-Differential Revision: https://phabricator.services.mozilla.com/D4413
-
-diff --git a/gtests/ssl_gtest/ssl_loopback_unittest.cc b/gtests/ssl_gtest/ssl_loopback_unittest.cc
---- a/gtests/ssl_gtest/ssl_loopback_unittest.cc
-+++ b/gtests/ssl_gtest/ssl_loopback_unittest.cc
-@@ -541,6 +541,47 @@ TEST_F(TlsConnectTest, OneNRecordSplitti
-   EXPECT_EQ(ExpectedCbcLen(20), records->record(2).buffer.len());
- }
- 
-+// We can't test for randomness easily here, but we can test that we don't
-+// produce a zero value, or produce the same value twice.  There are 5 values
-+// here: two ClientHello.random, two ServerHello.random, and one zero value.
-+// Matrix them and fail if any are the same.
-+TEST_P(TlsConnectGeneric, CheckRandoms) {
-+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
-+
-+  static const size_t random_len = 32;
-+  uint8_t crandom1[random_len], srandom1[random_len];
-+  uint8_t z[random_len] = {0};
-+
-+  auto ch = MakeTlsFilter<TlsHandshakeRecorder>(client_, ssl_hs_client_hello);
-+  auto sh = MakeTlsFilter<TlsHandshakeRecorder>(server_, ssl_hs_server_hello);
-+  Connect();
-+  ASSERT_TRUE(ch->buffer().len() > (random_len + 2));
-+  ASSERT_TRUE(sh->buffer().len() > (random_len + 2));
-+  memcpy(crandom1, ch->buffer().data() + 2, random_len);
-+  memcpy(srandom1, sh->buffer().data() + 2, random_len);
-+  EXPECT_NE(0, memcmp(crandom1, srandom1, random_len));
-+  EXPECT_NE(0, memcmp(crandom1, z, random_len));
-+  EXPECT_NE(0, memcmp(srandom1, z, random_len));
-+
-+  Reset();
-+  ch = MakeTlsFilter<TlsHandshakeRecorder>(client_, ssl_hs_client_hello);
-+  sh = MakeTlsFilter<TlsHandshakeRecorder>(server_, ssl_hs_server_hello);
-+  Connect();
-+  ASSERT_TRUE(ch->buffer().len() > (random_len + 2));
-+  ASSERT_TRUE(sh->buffer().len() > (random_len + 2));
-+  const uint8_t* crandom2 = ch->buffer().data() + 2;
-+  const uint8_t* srandom2 = sh->buffer().data() + 2;
-+
-+  EXPECT_NE(0, memcmp(crandom2, srandom2, random_len));
-+  EXPECT_NE(0, memcmp(crandom2, z, random_len));
-+  EXPECT_NE(0, memcmp(srandom2, z, random_len));
-+
-+  EXPECT_NE(0, memcmp(crandom1, crandom2, random_len));
-+  EXPECT_NE(0, memcmp(crandom1, srandom2, random_len));
-+  EXPECT_NE(0, memcmp(srandom1, crandom2, random_len));
-+  EXPECT_NE(0, memcmp(srandom1, srandom2, random_len));
-+}
-+
- INSTANTIATE_TEST_CASE_P(
-     GenericStream, TlsConnectGeneric,
-     ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
-diff --git a/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc b/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
---- a/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
-+++ b/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
-@@ -350,6 +350,30 @@ TEST_P(SSLv2ClientHelloTest, RequireSafe
-   Connect();
- }
- 
-+TEST_P(SSLv2ClientHelloTest, CheckServerRandom) {
-+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
-+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
-+
-+  static const size_t random_len = 32;
-+  uint8_t srandom1[random_len];
-+  uint8_t z[random_len] = {0};
-+
-+  auto sh = MakeTlsFilter<TlsHandshakeRecorder>(server_, ssl_hs_server_hello);
-+  Connect();
-+  ASSERT_TRUE(sh->buffer().len() > (random_len + 2));
-+  memcpy(srandom1, sh->buffer().data() + 2, random_len);
-+  EXPECT_NE(0, memcmp(srandom1, z, random_len));
-+
-+  Reset();
-+  sh = MakeTlsFilter<TlsHandshakeRecorder>(server_, ssl_hs_server_hello);
-+  Connect();
-+  ASSERT_TRUE(sh->buffer().len() > (random_len + 2));
-+  const uint8_t* srandom2 = sh->buffer().data() + 2;
-+
-+  EXPECT_NE(0, memcmp(srandom2, z, random_len));
-+  EXPECT_NE(0, memcmp(srandom1, srandom2, random_len));
-+}
-+
- // Connect to the server with TLS 1.1, signalling that this is a fallback from
- // a higher version. As the server doesn't support anything higher than TLS 1.1
- // it must accept the connection.
diff --git a/SOURCES/nss-sysinit-getenv.patch b/SOURCES/nss-sysinit-getenv.patch
index d3f47bc..9352e33 100644
--- a/SOURCES/nss-sysinit-getenv.patch
+++ b/SOURCES/nss-sysinit-getenv.patch
@@ -1,7 +1,7 @@
-diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
---- a/lib/sysinit/nsssysinit.c
-+++ b/lib/sysinit/nsssysinit.c
-@@ -1,11 +1,15 @@
+diff -up nss/lib/sysinit/nsssysinit.c.sysinit-getenv nss/lib/sysinit/nsssysinit.c
+--- nss/lib/sysinit/nsssysinit.c.sysinit-getenv	2019-04-26 12:08:48.155862312 +0200
++++ nss/lib/sysinit/nsssysinit.c	2019-04-26 12:09:13.228344780 +0200
+@@ -1,6 +1,10 @@
  /* This Source Code Form is subject to the terms of the Mozilla Public
   * License, v. 2.0. If a copy of the MPL was not distributed with this
   * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@@ -12,17 +12,7 @@ diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
  #include "seccomon.h"
  #include "prio.h"
  #include "prprf.h"
- #include "plhash.h"
- #include "prenv.h"
- 
- /*
-  * The following provides a default example for operating systems to set up
-@@ -37,17 +41,17 @@ testdir(char *dir)
-     return S_ISDIR(buf.st_mode);
- }
- 
- #define NSS_USER_PATH1 "/.pki"
- #define NSS_USER_PATH2 "/nssdb"
+@@ -41,7 +45,7 @@ testdir(char *dir)
  static char *
  getUserDB(void)
  {
@@ -31,17 +21,7 @@ diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
      char *nssdir = NULL;
  
      if (userdir == NULL) {
-         return NULL;
-     }
- 
-     nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2));
-     if (nssdir == NULL) {
-@@ -129,17 +133,17 @@ userCanModifySystemDB()
- #else
- #error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions"
- #endif
- #endif
- 
+@@ -95,7 +99,7 @@ userCanModifySystemDB()
  static PRBool
  getFIPSEnv(void)
  {
@@ -50,8 +30,3 @@ diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
      if (!fipsEnv) {
          return PR_FALSE;
      }
-     if ((strcasecmp(fipsEnv, "fips") == 0) ||
-         (strcasecmp(fipsEnv, "true") == 0) ||
-         (strcasecmp(fipsEnv, "on") == 0) ||
-         (strcasecmp(fipsEnv, "1") == 0)) {
-         return PR_TRUE;
diff --git a/SOURCES/nss-sysinit-userdb.patch b/SOURCES/nss-sysinit-userdb.patch
new file mode 100644
index 0000000..a88132a
--- /dev/null
+++ b/SOURCES/nss-sysinit-userdb.patch
@@ -0,0 +1,132 @@
+# HG changeset patch
+# User EdĂȘnis Freindorfer Azevedo <edenisfa@gmail.com>
+# Date 1547073505 -39600
+#      Thu Jan 10 09:38:25 2019 +1100
+# Node ID da45424cb9a0b4d8e45e5040e2e3b574d994e254
+# Parent  f7187a33fad7b9cafe0c2947c6d48618fdda57e4
+Bug 818686 - XDG Base Directory Specification support with fallback, r=mt
+
+Summary:
+We check if $HOME/.pki and $HOME/.pki/nssdb exist; if they do, then we use
+this path. Otherwise, use ${XDG_DATA_HOME:-$HOME/.local/share}/pki/nssdb
+
+Test Plan:
+Create dummy empty dir and set HOME to it. Then, check if getUserDb returns:
+1. $HOME/.pki/nssdb when this path exists;
+2. $HOME/.local/share/pki/nssdb when $HOME/.pki/nssdb does not and XDG_DATA_HOME is not defined;
+3. $XDG_DATA_HOME/pki/nssdb when $HOME/.pki/nssdb does not exist and XDG_DATA_HOME is defined.
+
+Reviewers: mt
+
+Reviewed By: mt
+
+Bug #: 818686
+
+Differential Revision: https://phabricator.services.mozilla.com/D14007
+
+diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
+--- a/lib/sysinit/nsssysinit.c
++++ b/lib/sysinit/nsssysinit.c
+@@ -37,9 +37,41 @@ testdir(char *dir)
+     return S_ISDIR(buf.st_mode);
+ }
+ 
++/**
++ * Append given @dir to @path and creates the directory with mode @mode.
++ * Returns 0 if successful, -1 otherwise.
++ * Assumes that the allocation for @path has sufficient space for @dir
++ * to be added.
++ */
++static int
++appendDirAndCreate(char *path, char *dir, mode_t mode)
++{
++    PORT_Strcat(path, dir);
++    if (!testdir(path)) {
++        if (mkdir(path, mode)) {
++            return -1;
++        }
++    }
++    return 0;
++}
++
++#define XDG_NSS_USER_PATH1 "/.local"
++#define XDG_NSS_USER_PATH2 "/share"
++#define XDG_NSS_USER_PATH3 "/pki"
++
+ #define NSS_USER_PATH1 "/.pki"
+ #define NSS_USER_PATH2 "/nssdb"
+-static char *
++
++/**
++ * Return the path to user's NSS database.
++ * We search in the following dirs in order:
++ * (1) $HOME/.pki/nssdb;
++ * (2) $XDG_DATA_HOME/pki/nssdb if XDG_DATA_HOME is set;
++ * (3) $HOME/.local/share/pki/nssdb (default XDG_DATA_HOME value).
++ * If (1) does not exist, then the returned dir will be set to either
++ * (2) or (3), depending if XDG_DATA_HOME is set.
++ */
++char *
+ getUserDB(void)
+ {
+     char *userdir = PR_GetEnvSecure("HOME");
+@@ -50,22 +82,47 @@ getUserDB(void)
+     }
+ 
+     nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2));
++    PORT_Strcpy(nssdir, userdir);
++    PORT_Strcat(nssdir, NSS_USER_PATH1 NSS_USER_PATH2);
++    if (testdir(nssdir)) {
++        /* $HOME/.pki/nssdb exists */
++        return nssdir;
++    } else {
++        /* either $HOME/.pki or $HOME/.pki/nssdb does not exist */
++        PORT_Free(nssdir);
++    }
++    int size = 0;
++    char *xdguserdatadir = PR_GetEnvSecure("XDG_DATA_HOME");
++    if (xdguserdatadir) {
++        size = strlen(xdguserdatadir);
++    } else {
++        size = strlen(userdir) + sizeof(XDG_NSS_USER_PATH1) + sizeof(XDG_NSS_USER_PATH2);
++    }
++    size += sizeof(XDG_NSS_USER_PATH3) + sizeof(NSS_USER_PATH2);
++
++    nssdir = PORT_Alloc(size);
+     if (nssdir == NULL) {
+         return NULL;
+     }
+-    PORT_Strcpy(nssdir, userdir);
+-    /* verify it exists */
+-    if (!testdir(nssdir)) {
+-        PORT_Free(nssdir);
+-        return NULL;
++
++    if (xdguserdatadir) {
++        PORT_Strcpy(nssdir, xdguserdatadir);
++        if (!testdir(nssdir)) {
++            PORT_Free(nssdir);
++            return NULL;
++        }
++
++    } else {
++        PORT_Strcpy(nssdir, userdir);
++        if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH1, 0755) ||
++            appendDirAndCreate(nssdir, XDG_NSS_USER_PATH2, 0755)) {
++            PORT_Free(nssdir);
++            return NULL;
++        }
+     }
+-    PORT_Strcat(nssdir, NSS_USER_PATH1);
+-    if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
+-        PORT_Free(nssdir);
+-        return NULL;
+-    }
+-    PORT_Strcat(nssdir, NSS_USER_PATH2);
+-    if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
++    /* ${XDG_DATA_HOME:-$HOME/.local/share}/pki/nssdb */
++    if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH3, 0760) ||
++        appendDirAndCreate(nssdir, NSS_USER_PATH2, 0760)) {
+         PORT_Free(nssdir);
+         return NULL;
+     }
diff --git a/SOURCES/nss-tests-paypal-certs-v2.patch b/SOURCES/nss-tests-paypal-certs-v2.patch
deleted file mode 100644
index 8f37f8c..0000000
--- a/SOURCES/nss-tests-paypal-certs-v2.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1541595734 -3600
-#      Wed Nov 07 14:02:14 2018 +0100
-# Node ID 19fd907784e38a5febb54588353368af91b12551
-# Parent  3b79af0fa294b4b1c009c1c0b659bb72b4d2c1c8
-Bug 1505317, update PayPal test certs
-
-diff --git a/tests/chains/scenarios/realcerts.cfg b/tests/chains/scenarios/realcerts.cfg
---- a/tests/chains/scenarios/realcerts.cfg
-+++ b/tests/chains/scenarios/realcerts.cfg
-@@ -21,7 +21,7 @@ verify TestUser51:x
-   result pass
- 
- verify PayPalEE:x
--  policy OID.2.16.840.1.114412.1.1 
-+  policy OID.2.16.840.1.114412.2.1 
-   result pass
- 
- verify BrAirWaysBadSig:x
-diff --git a/tests/libpkix/vfychain_test.lst b/tests/libpkix/vfychain_test.lst
---- a/tests/libpkix/vfychain_test.lst
-+++ b/tests/libpkix/vfychain_test.lst
-@@ -1,4 +1,4 @@
- # Status | Leaf Cert | Policies | Others(undef)
- 0 TestUser50 undef
- 0 TestUser51 undef
--0 PayPalEE OID.2.16.840.1.114412.1.1
-+0 PayPalEE OID.2.16.840.1.114412.2.1
diff --git a/SOURCES/nss-tests-ssl-normal-normal.patch b/SOURCES/nss-tests-ssl-normal-normal.patch
deleted file mode 100644
index aa5346a..0000000
--- a/SOURCES/nss-tests-ssl-normal-normal.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1520875743 -3600
-#      Mon Mar 12 18:29:03 2018 +0100
-# Node ID 1053cc7b45a2dfe4a44558f0a0e7c4b3f0e9c6ec
-# Parent  be88b7a4fb599a367a13688a9790d3010f3b3692
-Bug 1444960, Exercise SSL tests which only run under non-FIPS, r=kaie
-
-diff --git a/tests/all.sh b/tests/all.sh
---- a/tests/all.sh
-+++ b/tests/all.sh
-@@ -309,7 +309,7 @@ TESTS=${NSS_TESTS:-$tests}
- 
- ALL_TESTS=${TESTS}
- 
--nss_ssl_tests="crl iopr policy"
-+nss_ssl_tests="crl iopr policy normal_normal"
- if [ $NO_INIT_SUPPORT -eq 0 ]; then
-     nss_ssl_tests="$nss_ssl_tests fips_normal normal_fips"
- fi
diff --git a/SOURCES/nss-version-range-set.patch b/SOURCES/nss-version-range-set.patch
new file mode 100644
index 0000000..8b3b25a
--- /dev/null
+++ b/SOURCES/nss-version-range-set.patch
@@ -0,0 +1,43 @@
+diff -up nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc
+--- nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set	2019-04-26 16:56:32.753283497 +0200
++++ nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc	2019-04-26 16:56:51.096889439 +0200
+@@ -151,12 +151,6 @@ class TestPolicyVersionRange
+   }
+ 
+   bool IsValidInputForVersionRangeSet(SSLVersionRange* expectedEffectiveRange) {
+-    if (input_.min() <= SSL_LIBRARY_VERSION_3_0 &&
+-        input_.max() >= SSL_LIBRARY_VERSION_TLS_1_3) {
+-      // This is always invalid input, independent of policy
+-      return false;
+-    }
+-
+     if (input_.min() < library_.min() || input_.max() > library_.max() ||
+         input_.min() > input_.max()) {
+       // Asking for unsupported ranges is invalid input for VersionRangeSet
+diff -up nss/lib/ssl/sslsock.c.version-range-set nss/lib/ssl/sslsock.c
+--- nss/lib/ssl/sslsock.c.version-range-set	2019-04-26 16:56:11.810733383 +0200
++++ nss/lib/ssl/sslsock.c	2019-04-26 16:56:11.813733319 +0200
+@@ -2542,13 +2542,6 @@ SSL_VersionRangeGetDefault(SSLProtocolVa
+     return ssl3_CreateOverlapWithPolicy(protocolVariant, vrange, vrange);
+ }
+ 
+-static PRBool
+-ssl3_HasConflictingSSLVersions(const SSLVersionRange *vrange)
+-{
+-    return (vrange->min <= SSL_LIBRARY_VERSION_3_0 &&
+-            vrange->max >= SSL_LIBRARY_VERSION_TLS_1_3);
+-}
+-
+ static SECStatus
+ ssl3_CheckRangeValidAndConstrainByPolicy(SSLProtocolVariant protocolVariant,
+                                          SSLVersionRange *vrange)
+@@ -2557,8 +2550,7 @@ ssl3_CheckRangeValidAndConstrainByPolicy
+ 
+     if (vrange->min > vrange->max ||
+         !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->min) ||
+-        !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max) ||
+-        ssl3_HasConflictingSSLVersions(vrange)) {
++        !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max)) {
+         PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+         return SECFailure;
+     }
diff --git a/SPECS/nss.spec b/SPECS/nss.spec
index 2ad67f6..8b7324e 100644
--- a/SPECS/nss.spec
+++ b/SPECS/nss.spec
@@ -1,16 +1,28 @@
-%global nspr_version 4.19.0
-%global nss_util_version 3.36.0
-%global nss_util_build -1.1
+%global nspr_version 4.21.0
+%global nss_util_version 3.44.0
+%global nss_util_build -3
 # adjust to the version that gets submitted for FIPS validation
-%global nss_softokn_fips_version 3.36.0
-%global nss_softokn_version 3.36.0
+%global nss_softokn_fips_version 3.44.0
+%global nss_softokn_version 3.44.0
 # Attention: Separate softokn versions for build and runtime.
 %global runtime_required_softokn_build_version -1
 # Building NSS doesn't require the same version of softokn built for runtime.
 %global build_required_softokn_build_version -1
+%global nss_version 3.44.0
 
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
-%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
+%global allTools "certutil cmsutil crlutil derdump modutil nss-policy-check pk12util pp signtool signver ssltap vfychain vfyserv"
+
+# The timestamp of our downstream manual pages, e.g., nss-config.1
+%global manual_date "Nov 13 2013"
+
+# The upstream omits the trailing ".0", while we need it for
+# consistency with the pkg-config version:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1578106
+%{lua:
+rpm.define(string.format("nss_archive_version %s",
+           string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1")))
+}
 
 # solution taken from icedtea-web.spec
 %define multilib_arches ppc64 s390x sparc64 x86_64
@@ -24,10 +36,12 @@
 # To "disable", add "#" to start of line, AND a space after "%".
 #% define nss_ckbi_suffix .with.ckbi.1.93
 
+%bcond_without tests
+
 Summary:          Network Security Services
 Name:             nss
-Version:          3.36.0
-Release:          7.1%{?dist}
+Version:          %{nss_version}
+Release:          4%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -63,7 +77,7 @@ Requires:         nss-pem%{?_isa}
 %define full_nss_version %{version}
 %endif
 
-Source0:          %{name}-%{full_nss_version}.tar.gz
+Source0:          %{name}-%{nss_archive_version}.tar.gz
 Source1:          nss.pc.in
 Source2:          nss-config.in
 Source3:          blank-cert8.db
@@ -93,9 +107,6 @@ Source33:         TestOldCA.p12
 Patch2:           add-relro-linker-option.patch
 Patch3:           renegotiate-transitional.patch
 Patch16:          nss-539183.patch
-# Remove this patch on when we rebase to NSS 3.40, bug 1639404
-Patch17:          nss-3.36-ipsec_cert_vfy.patch
-Patch18:	  nss-tests-paypal-certs-v2.patch
 # TODO: Remove this patch when the ocsp test are fixed
 Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
 # Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
@@ -111,7 +122,6 @@ Patch49:          nss-skip-bltest-and-fipstest.patch
 Patch50:          iquote.patch
 Patch52:          Bug-1001841-disable-sslv2-libssl.patch
 Patch53:          Bug-1001841-disable-sslv2-tests.patch
-Patch55:          enable-fips-when-system-is-in-fips-mode.patch
 # rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1026677
 Patch56:          p-ignore-setpolicy.patch
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=943144
@@ -121,27 +131,42 @@ Patch108: nss-sni-c-v-fix.patch
 Patch123: nss-skip-util-gtest.patch
 Patch126: nss-reorder-cipher-suites.patch
 Patch127: nss-disable-cipher-suites.patch
-Patch128: nss-enable-cipher-suites.patch
 Patch130: nss-reorder-cipher-suites-gtests.patch
-Patch131: nss-disable-tls13-gtests.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
-Patch135: nss-check-policy-file.patch
 # To revert the change in:
 # https://bugzilla.mozilla.org/show_bug.cgi?id=1377940
 Patch136: nss-sql-default.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1278071
-Patch137: nss-pkcs12-iterations-limit.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1447628
-Patch138: nss-devslot-reinsert.patch
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1453408
 Patch139: nss-modutil-skip-changepw-fips.patch
 # Work around for yum
 # https://bugzilla.redhat.com/show_bug.cgi?id=1469526
 Patch141: nss-sysinit-getenv.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
-Patch142: nss-ssl2-server-random.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1444960
-Patch143: nss-tests-ssl-normal-normal.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1542207
+Patch147: nss-dsa-policy.patch
+# To revert the change in:
+# https://bugzilla.mozilla.org/show_bug.cgi?id=818686
+Patch148: nss-sysinit-userdb.patch
+# Disable nss-sysinit test which is sorely to test the above change
+Patch149: nss-skip-sysinit-gtests.patch
+# Enable SSLv2 compatible ClientHello, disabled in the change:
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
+Patch150: nss-ssl2-compatible-client-hello.patch
+# TLS 1.3 currently doesn't work under FIPS mode:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1710372
+Patch151: nss-skip-tls13-fips-tests.sh
+# For backward compatibility: make -V "ssl3:" continue working, while
+# the minimum version is clamped to tls1.0
+Patch152: nss-version-range-set.patch
+# TLS 1.3 currently doesn't work under FIPS mode:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1710372
+Patch153: nss-fips-disable-tls13.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1552208
+Patch154: nss-disable-pkcs1-sigalgs-tls13.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1553443
+Patch155: nss-post-handshake-auth-with-tickets.patch
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1473806
+Patch156: nss-fix-public-key-from-priv.patch
+Patch157: nss-add-ipsec-usage-to-manpage.patch
+
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -211,7 +236,7 @@ low level services.
 
 
 %prep
-%setup -q
+%setup -q -n %{name}-%{nss_archive_version}
 %{__cp} %{SOURCE10} -f ./nss/tests/libpkix/certs
 %{__cp} %{SOURCE17} -f ./nss/tests/libpkix/certs
 %{__cp} %{SOURCE18} -f ./nss/tests/libpkix/certs
@@ -219,15 +244,10 @@ low level services.
 %{__cp} %{SOURCE30} -f ./nss/tests/libpkix/certs
 %{__cp} %{SOURCE31} -f ./nss/tests/libpkix/certs
 %{__cp} %{SOURCE33} -f ./nss/tests/tools
-%setup -q -T -D -n %{name}-%{version}
 
 %patch2 -p0 -b .relro
 %patch3 -p0 -b .transitional
 %patch16 -p0 -b .539183
-pushd nss
-%patch17 -p1 -b .ipsec_vfy
-%patch18 -p1 -b .update_paypal
-popd
 %patch40 -p0 -b .noocsptest
 %patch47 -p0 -b .templates
 %patch49 -p0 -b .skipthem
@@ -235,7 +255,6 @@ popd
 pushd nss
 %patch52 -p1 -b .disableSSL2libssl
 %patch53 -p1 -b .disableSSL2tests
-%patch55 -p1 -b .852023_enable_fips_when_in_fips_mode
 %patch56 -p1 -b .1026677_ignore_set_policy
 %patch62 -p1 -b .fix_deadlock
 %patch100 -p0 -b .1171318
@@ -245,18 +264,22 @@ pushd nss
 %patch123 -p1 -b .skip-util-gtests
 %patch126 -p1 -b .reorder-cipher-suites
 %patch127 -p1 -b .disable-cipher-suites
-%patch128 -p1 -b .enable-cipher-suites
 %patch130 -p1 -b .reorder-cipher-suites-gtests
-%patch131 -p1 -b .disable-tls13-gtests
-%patch135 -p1 -b .check_policy_file
 %patch136 -p1 -R -b .sql-default
-%patch137 -p1 -b .pkcs12-iterations-limit
-%patch138 -p1 -b .devslot-reinsert
 %patch139 -p1 -b .modutil-skip-changepw-fips
+%patch148 -R -p1 -b .sysinit-userdb
 %patch141 -p1 -b .sysinit-getenv
-%patch142 -p1 -b .ssl2-server-random
-%patch143 -p1 -b .tests-ssl-normal-normal
+%patch147 -p1 -b .dsa-policy
+%patch149 -p1 -b .skip-sysinit-gtests
+%patch150 -p1 -b .ssl2hello
+%patch151 -p1 -b .skip-tls13-fips-mode
+%patch152 -p1 -b .version-range-set
+%patch153 -p1 -b .fips-disable-tls13
+%patch154 -p1 -b .disable-pkcs1-sigalgs-tls13
+%patch155 -p1 -b .post-handshake-auth-with-tickets
 popd
+%patch156 -p1 -b .pub-priv-mechs
+%patch157 -p1 -b .ipsec-usage
 
 #########################################################
 # Higher-level libraries and test tools need access to
@@ -360,8 +383,6 @@ export IN_TREE_FREEBL_HEADERS_FIRST=1
 ##### phase 2: build the rest of nss
 export NSS_BLTEST_NOT_AVAILABLE=1
 
-export NSS_DISABLE_TLS_1_3=1
-
 export NSS_FORCE_FIPS=1
 
 %{__make} -C ./nss/coreconf
@@ -383,8 +404,12 @@ export POLICY_PATH="/etc/pki/nss-legacy"
 unset NSS_BLTEST_NOT_AVAILABLE
 
 # build the man pages clean
-pushd ./nss
-%{__make} clean_docs build_docs
+pushd ./nss/doc
+rm -rf ./nroff
+%{__make} clean
+echo -n %{manual_date} > date.xml
+echo -n %{version} > version.xml
+%{__make}
 popd
 
 # and copy them to the dist directory for %%install to find them
@@ -430,7 +455,7 @@ chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh
 
 %{__cp} ./nss/lib/ckfw/nssck.api ./dist/private/nss/
 
-date +"%e %B %Y" | tr -d '\n' > date.xml
+echo -n %{manual_date} > date.xml
 echo -n %{version} > version.xml
 
 # configuration files and setup script
@@ -451,6 +476,7 @@ done
  
 
 %check
+%if %{with tests}
 if [ ${DISABLETEST:-0} -eq 1 ]; then
   echo "testing disabled"
   exit 0
@@ -475,8 +501,6 @@ export USE_64
 
 export NSS_BLTEST_NOT_AVAILABLE=1
 
-export NSS_DISABLE_TLS_1_3=1
-
 export NSS_FORCE_FIPS=1
 
 # needed for the fips mangling test
@@ -484,6 +508,13 @@ export SOFTOKEN_LIB_DIR=%{_libdir}
 
 # End -- copied from the build section
 
+export GTESTS="certhigh_gtest certdb_gtest der_gtest pk11_gtest softoken_gtest smime_gtest"
+export GTESTFILTER='-TlsConnectTest.DisallowSSLv3HelloWithTLSv13Enabled'
+
+# This is necessary because the test suite tests algorithms that are
+# disabled by the system policy.
+export NSS_IGNORE_SYSTEM_POLICY=1
+
 # enable the following line to force a test failure
 # find ./nss -name \*.chk | xargs rm -f
 
@@ -550,7 +581,7 @@ popd
 # GREP_EXIT_STATUS > 1 would indicate an error in grep such as failure to find the log file.
 killall $RANDSERV || :
 
-TEST_FAILURES=$(grep -c FAILED ./tests_results/security/localhost.1/output.log) || GREP_EXIT_STATUS=$?
+TEST_FAILURES=$(grep -c -- '- FAILED$' ./tests_results/security/localhost.1/output.log) || GREP_EXIT_STATUS=$?
 if [ ${GREP_EXIT_STATUS:-0} -eq 1 ]; then
   echo "okay: test suite detected no failures"
 else
@@ -577,6 +608,7 @@ else
 %endif
 fi
 echo "test suite completed"
+%endif
 
 %install
 
@@ -621,13 +653,13 @@ do
 done
 
 # Copy the binaries we want
-for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
+for file in certutil cmsutil crlutil modutil nss-policy-check pk12util signver ssltap
 do
   %{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
 done
 
 # Copy the binaries we ship as unsupported
-for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+for file in atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain
 do
   %{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
 done
@@ -749,8 +781,8 @@ fi
 %{_bindir}/cmsutil
 %{_bindir}/crlutil
 %{_bindir}/modutil
+%{_bindir}/nss-policy-check
 %{_bindir}/pk12util
-%{_bindir}/signtool
 %{_bindir}/signver
 %{_bindir}/ssltap
 %{unsupported_tools_directory}/atob
@@ -760,6 +792,7 @@ fi
 %{unsupported_tools_directory}/ocspclnt
 %{unsupported_tools_directory}/pp
 %{unsupported_tools_directory}/selfserv
+%{unsupported_tools_directory}/signtool
 %{unsupported_tools_directory}/strsclnt
 %{unsupported_tools_directory}/symkeyutil
 %{unsupported_tools_directory}/tstclnt
@@ -771,12 +804,13 @@ fi
 %attr(0644,root,root) %doc /usr/share/man/man1/cmsutil.1.gz
 %attr(0644,root,root) %doc /usr/share/man/man1/crlutil.1.gz
 %attr(0644,root,root) %doc /usr/share/man/man1/modutil.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/nss-policy-check.1.gz
 %attr(0644,root,root) %doc /usr/share/man/man1/pk12util.1.gz
-%attr(0644,root,root) %doc /usr/share/man/man1/signtool.1.gz
 %attr(0644,root,root) %doc /usr/share/man/man1/signver.1.gz
 # unsupported tools
 %attr(0644,root,root) %doc /usr/share/man/man1/derdump.1.gz
 %attr(0644,root,root) %doc /usr/share/man/man1/pp.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/signtool.1.gz
 %attr(0644,root,root) %doc /usr/share/man/man1/ssltap.1.gz
 %attr(0644,root,root) %doc /usr/share/man/man1/vfychain.1.gz
 %attr(0644,root,root) %doc /usr/share/man/man1/vfyserv.1.gz
@@ -856,7 +890,64 @@ fi
 
 
 %changelog
-* Mon Nov 12 2018 Bob Relyea <rrelyea@redhat.com> - 3.36.0-7.1
+* Wed Jun 5 2019 Bob Relyea <rrelyea@redhat.com> - 3.44.0-4
+- Fix certutil man page
+- Fix extracting a public key from a private key for dh, ec, and dsa
+
+* Thu May 30 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-3
+- Disable TLS 1.3 under FIPS mode
+- Disable RSASSA-PKCS1-v1_5 in TLS 1.3
+- Fix post-handshake auth transcript calculation if
+  SSL_ENABLE_SESSION_TICKETS is set
+
+* Thu May 16 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-2
+- Skip sysinit gtests properly
+- Fix shell syntax error in tests/ssl/ssl.sh
+- Regenerate manual pages
+
+* Wed May 15 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-1
+- Rebase to NSS 3.44
+- Restore fix-min-library-version-in-SSLVersionRange.patch to keep
+  SSL3 supported in the code level while it is disabled by policy
+- Skip TLS 1.3 tests under FIPS mode
+
+* Fri May 10 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-9
+- Ignore system policy when running %%check
+
+* Fri May  3 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-8
+- Fix policy string
+
+* Fri Apr 26 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-7
+- Don't override date in man-pages
+- Revert the change to use XDG basedirs (mozilla#818686)
+- Enable SSL2 compatible ClientHello by default
+- Disable SSL3 and RC4 by default
+
+* Mon Apr  8 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-6
+- Make "-V ssl3:" option work with tools
+
+* Fri Apr  5 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-5
+- Fix regression in MD5 disablement
+
+* Mon Apr 1 2019 Bob Relyea <rrelyea@redhat.com> - 3.43.0-4
+- add certutil documentation
+
+* Thu Mar 28 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-3
+- Restore complete removal of SSLv2
+- Disable SSLv3
+- Move signtool to unsupported directory
+
+* Mon Mar 25 2019 Bob Relyea <rrelyea@redhat.com> - 3.43.0-2
+- Expand IPSEC usage to include ssl and email certs. Remove special
+  processing of the usage based on the critical flag
+
+* Thu Mar 21 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-1
+- Rebase to NSS 3.43
+
+* Mon Feb 25 2019 Bob Relyea <rrelyea@redhat.com> - 3.36.0-8.1
+- move key on unwrap failure and retry.
+
+* Mon Nov 12 2018 Bob Relyea <rrelyea@redhat.com> - 3.36.0-8
 - Update the cert verify code to allow a new ipsec usage and follow RFC 4945
 
 * Wed Aug 29 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-7