diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
--- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible	2012-01-05 13:54:36.430389994 -0800
+++ ./mozilla/security/nss/lib/ssl/sslsock.c	2012-01-05 13:55:25.810750394 -0800
@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
     3,          /* enableRenegotiation (default: transitional) */
     PR_FALSE,   /* requireSafeNegotiation */
     PR_FALSE,   /* enableFalseStart   */
-    PR_TRUE     /* cbcRandomIV        */
+    PR_FALSE    /* cbcRandomIV        */ /* defaults to off for compatibility */
 };
 
 sslSessionIDLookupFunc  ssl_sid_lookup;
@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
 	                PR_TRUE));
 	}
 	ev = getenv("NSS_SSL_CBC_RANDOM_IV");
-	if (ev && ev[0] == '0') {
-	    ssl_defaults.cbcRandomIV = PR_FALSE;
-	    SSL_TRACE(("SSL: cbcRandomIV set to 0"));
+	if (ev && ev[0] == '1') {
+	    ssl_defaults.cbcRandomIV = PR_TRUE;
+	    SSL_TRACE(("SSL: cbcRandomIV set to 1"));
 	}
     }
 #endif /* NSS_HAVE_GETENV */