From 3e2a0ea4de98cd119677c5fd2507a77f91dac301 Mon Sep 17 00:00:00 2001
From: Elio Maldonado <emaldona@redhat.com>
Date: Thu, 16 Oct 2014 16:36:18 -0700
Subject: [PATCH] Resolves: Bug 994599 - Enable TLS 1.2 by default

---
 nss.spec    | 10 +++++++++-
 tls12.patch | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 tls12.patch

diff --git a/nss.spec b/nss.spec
index ba1f378..4a6f255 100644
--- a/nss.spec
+++ b/nss.spec
@@ -19,7 +19,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.17.2
-Release:          1%{?dist}
+Release:          2%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -91,6 +91,8 @@ Patch49:          nss-skip-bltest-and-fipstest.patch
 # headers are older. Such is the case when starting an update with API changes or even private export changes.
 # Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
 Patch50:          iquote.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
+Patch51:          tls12.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -178,6 +180,9 @@ low level services.
 %patch47 -p0 -b .templates
 %patch49 -p0 -b .skipthem
 %patch50 -p0 -b .iquote
+pushd nss
+%patch51 -p1 -b .994599
+popd
 
 #########################################################
 # Higher-level libraries and test tools need access to
@@ -761,6 +766,9 @@ fi
 
 
 %changelog
+* Thu Oct 16 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.2-2
+- Resolves: Bug 994599 - Enable TLS 1.2 by default
+
 * Sun Oct 12 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.2-1
 - Update to nss-3.17.2
 
diff --git a/tls12.patch b/tls12.patch
new file mode 100644
index 0000000..0293383
--- /dev/null
+++ b/tls12.patch
@@ -0,0 +1,36 @@
+# HG changeset patch
+# User Martin Thomson <martin.thomson@gmail.com>
+# Date 1413479112 25200
+#      Thu Oct 16 10:05:12 2014 -0700
+# Node ID f7e1c2c652f4c2522a0a5ec232ecebae1983053d
+# Parent  24852c6f89ea7ed2b8f231320d9a0a03bdd706d4
+Bug 1083900 - Updating default maximum version to 1.2
+
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -85,22 +85,22 @@ static sslOptions ssl_defaults = {
+     PR_FALSE    /* enableFallbackSCSV */
+ };
+ 
+ /*
+  * default range of enabled SSL/TLS protocols
+  */
+ static SSLVersionRange versions_defaults_stream = {
+     SSL_LIBRARY_VERSION_3_0,
+-    SSL_LIBRARY_VERSION_TLS_1_0
++    SSL_LIBRARY_VERSION_TLS_1_2
+ };
+ 
+ static SSLVersionRange versions_defaults_datagram = {
+     SSL_LIBRARY_VERSION_TLS_1_1,
+-    SSL_LIBRARY_VERSION_TLS_1_1
++    SSL_LIBRARY_VERSION_TLS_1_2
+ };
+ 
+ #define VERSIONS_DEFAULTS(variant) \
+     (variant == ssl_variant_stream ? &versions_defaults_stream : \
+                                      &versions_defaults_datagram)
+ 
+ sslSessionIDLookupFunc  ssl_sid_lookup;
+ sslSessionIDCacheFunc   ssl_sid_cache;