1diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
2--- a/nss/lib/ssl/ssl3con.c	2014-01-17 18:00:11.213237373 -0800
3+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 18:04:22.497405273 -0800
4@@ -31,6 +31,15 @@
5 #include "blapi.h"
6 #endif
7 
8+/* This is a bodge to allow this code to be compiled against older NSS headers
9+ * that don't contain the TLS 1.2 changes. */
10+#ifndef CKM_NSS_TLS_PRF_GENERAL_SHA256
11+#define CKM_NSS_TLS_PRF_GENERAL_SHA256          (CKM_NSS + 21)
12+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256    (CKM_NSS + 22)
13+#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256   (CKM_NSS + 23)
14+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
15+#endif
16+
17 #include <stdio.h>
18 #ifdef NSS_ENABLE_ZLIB
19 #include "zlib.h"
20diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
21--- a/nss/lib/ssl/ssl3ecc.c	2014-01-17 18:01:31.474568608 -0800
22+++ b/nss/lib/ssl/ssl3ecc.c	2014-01-17 18:04:22.497405273 -0800
23@@ -30,6 +30,12 @@
24 
25 #include <stdio.h>
26 
27+/* This is a bodge to allow this code to be compiled against older NSS headers
28+ * that don't contain the TLS 1.2 changes. */
29+#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
30+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
31+#endif
32+
33 #ifdef NSS_ENABLE_ECC
34 
35 #ifndef PK11_SETATTRS
36diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
37--- a/nss/lib/ssl/sslsock.c	2014-01-17 18:00:11.213237373 -0800
38+++ b/nss/lib/ssl/sslsock.c	2014-01-17 18:04:22.497405273 -0800
39@@ -17,8 +17,15 @@
40 #ifndef NO_PKCS11_BYPASS
41 #include "blapi.h"
42 #endif
43+#include "pk11pub.h"
44 #include "nss.h"
45 
46+/* This is a bodge to allow this code to be compiled against older NSS headers
47+ * that don't contain the TLS 1.2 changes. */
48+#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
49+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
50+#endif
51+
52 #define SET_ERROR_CODE   /* reminder */
53 
54 static const sslSocketOps ssl_default_ops = {	/* No SSL. */
55@@ -1836,6 +1843,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLV
56     return SECSuccess;
57 }
58 
59+static PRCallOnceType checkTLS12TokenOnce;
60+static PRBool tls12TokenExists;
61+
62+static PRStatus  
63+ssl_CheckTLS12Token(void)
64+{
65+    tls12TokenExists =
66+	PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256);
67+    return PR_SUCCESS;
68+}
69+
70+static PRBool
71+ssl_TLS12TokenExists(void)
72+{
73+    (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token);
74+    return tls12TokenExists;
75+}
76+
77 SECStatus
78 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
79 {
80@@ -1856,6 +1881,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons
81     ssl_GetSSL3HandshakeLock(ss);
82 
83     ss->vrange = *vrange;
84+    /* If we don't have a sufficiently up-to-date softoken then we cannot do
85+     * TLS 1.2. */
86+    if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 &&
87+        !ssl_TLS12TokenExists()) {
88+	/* If the user requested a minimum version of 1.2, then we don't
89+	 * silently downgrade. */
90+	if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) {
91+	    ssl_ReleaseSSL3HandshakeLock(ss);
92+	    ssl_Release1stHandshakeLock(ss);
93+	    PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
94+	    return SECFailure;
95+	}
96+	ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1;
97+    }
98 
99     ssl_ReleaseSSL3HandshakeLock(ss);
100     ssl_Release1stHandshakeLock(ss);
101