nss/mozbz1277569backport.patch

--- ./lib/ssl/sslsock.c.compatibility	2016-06-02 10:59:07.188831825 -0700
+++ ./lib/ssl/sslsock.c	2016-06-02 10:59:07.205831404 -0700
@@ -675,16 +675,28 @@
                     PORT_SetError(SEC_ERROR_INVALID_ARGS);
                     rv = SECFailure; /* not allowed */
                 }
                 break;
             }
             ssl_EnableSSL3(&ss->vrange, on);
             break;
 
+        case SSL_ENABLE_SSL2:
+        case SSL_V2_COMPATIBLE_HELLO:
+            /* We no longer support SSL v2.
+             * However, if an old application requests to disable SSL v2,
+             * we shouldn't fail.
+             */
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure;
+            }
+            break;
+
         case SSL_NO_CACHE:
             ss->opt.noCache = on;
             break;
 
         case SSL_ENABLE_FDX:
             if (on && ss->opt.noLocks) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 rv = SECFailure;
@@ -856,16 +868,20 @@
             on = ss->opt.handshakeAsServer;
             break;
         case SSL_ENABLE_TLS:
             on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
             break;
         case SSL_ENABLE_SSL3:
             on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
             break;
+        case SSL_ENABLE_SSL2:
+        case SSL_V2_COMPATIBLE_HELLO:
+            on = PR_FALSE;
+            break;
         case SSL_NO_CACHE:
             on = ss->opt.noCache;
             break;
         case SSL_ENABLE_FDX:
             on = ss->opt.fdx;
             break;
         case SSL_ROLLBACK_DETECTION:
             on = ss->opt.detectRollBack;
@@ -967,16 +983,20 @@
             on = ssl_defaults.handshakeAsServer;
             break;
         case SSL_ENABLE_TLS:
             on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
             break;
         case SSL_ENABLE_SSL3:
             on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
             break;
+        case SSL_ENABLE_SSL2:
+        case SSL_V2_COMPATIBLE_HELLO:
+            on = PR_FALSE;
+            break;
         case SSL_NO_CACHE:
             on = ssl_defaults.noCache;
             break;
         case SSL_ENABLE_FDX:
             on = ssl_defaults.fdx;
             break;
         case SSL_ROLLBACK_DETECTION:
             on = ssl_defaults.detectRollBack;
@@ -1100,16 +1120,28 @@
         case SSL_ENABLE_TLS:
             ssl_EnableTLS(&versions_defaults_stream, on);
             break;
 
         case SSL_ENABLE_SSL3:
             ssl_EnableSSL3(&versions_defaults_stream, on);
             break;
 
+        case SSL_ENABLE_SSL2:
+        case SSL_V2_COMPATIBLE_HELLO:
+            /* We no longer support SSL v2.
+             * However, if an old application requests to disable SSL v2,
+             * we shouldn't fail.
+             */
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+            break;
+
         case SSL_NO_CACHE:
             ssl_defaults.noCache = on;
             break;
 
         case SSL_ENABLE_FDX:
             if (on && ssl_defaults.noLocks) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 return SECFailure;