1diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c 2--- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:00:11.213237373 -0800 3+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:04:22.497405273 -0800 4@@ -31,6 +31,15 @@ 5 #include "blapi.h" 6 #endif 7 8+/* This is a bodge to allow this code to be compiled against older NSS headers 9+ * that don't contain the TLS 1.2 changes. */ 10+#ifndef CKM_NSS_TLS_PRF_GENERAL_SHA256 11+#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21) 12+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22) 13+#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) 14+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) 15+#endif 16+ 17 #include <stdio.h> 18 #ifdef NSS_ENABLE_ZLIB 19 #include "zlib.h" 20diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c 21--- a/nss/lib/ssl/ssl3ecc.c 2014-01-17 18:01:31.474568608 -0800 22+++ b/nss/lib/ssl/ssl3ecc.c 2014-01-17 18:04:22.497405273 -0800 23@@ -30,6 +30,12 @@ 24 25 #include <stdio.h> 26 27+/* This is a bodge to allow this code to be compiled against older NSS headers 28+ * that don't contain the TLS 1.2 changes. */ 29+#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 30+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) 31+#endif 32+ 33 #ifdef NSS_ENABLE_ECC 34 35 #ifndef PK11_SETATTRS 36diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c 37--- a/nss/lib/ssl/sslsock.c 2014-01-17 18:00:11.213237373 -0800 38+++ b/nss/lib/ssl/sslsock.c 2014-01-17 18:04:22.497405273 -0800 39@@ -17,8 +17,15 @@ 40 #ifndef NO_PKCS11_BYPASS 41 #include "blapi.h" 42 #endif 43+#include "pk11pub.h" 44 #include "nss.h" 45 46+/* This is a bodge to allow this code to be compiled against older NSS headers 47+ * that don't contain the TLS 1.2 changes. */ 48+#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 49+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) 50+#endif 51+ 52 #define SET_ERROR_CODE /* reminder */ 53 54 static const sslSocketOps ssl_default_ops = { /* No SSL. */ 55@@ -1836,6 +1843,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLV 56 return SECSuccess; 57 } 58 59+static PRCallOnceType checkTLS12TokenOnce; 60+static PRBool tls12TokenExists; 61+ 62+static PRStatus 63+ssl_CheckTLS12Token(void) 64+{ 65+ tls12TokenExists = 66+ PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256); 67+ return PR_SUCCESS; 68+} 69+ 70+static PRBool 71+ssl_TLS12TokenExists(void) 72+{ 73+ (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token); 74+ return tls12TokenExists; 75+} 76+ 77 SECStatus 78 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) 79 { 80@@ -1856,6 +1881,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons 81 ssl_GetSSL3HandshakeLock(ss); 82 83 ss->vrange = *vrange; 84+ /* If we don't have a sufficiently up-to-date softoken then we cannot do 85+ * TLS 1.2. */ 86+ if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 && 87+ !ssl_TLS12TokenExists()) { 88+ /* If the user requested a minimum version of 1.2, then we don't 89+ * silently downgrade. */ 90+ if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) { 91+ ssl_ReleaseSSL3HandshakeLock(ss); 92+ ssl_Release1stHandshakeLock(ss); 93+ PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); 94+ return SECFailure; 95+ } 96+ ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1; 97+ } 98 99 ssl_ReleaseSSL3HandshakeLock(ss); 100 ssl_Release1stHandshakeLock(ss); 101