Update the bundled libssl to NSS 3.18 RTM

BUG=469516

Review URL: https://codereview.chromium.org/1053903002

Cr-Commit-Position: refs/heads/master@{#323840}
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index f2ead3c..78d16ff 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -1,6 +1,6 @@
 Name: Network Security Services (NSS)
 URL: http://www.mozilla.org/projects/security/pki/nss/
-Version: 3.15.5 Beta 2
+Version: 3.18 RTM
 Security Critical: Yes
 License: MPL 2
 License File: NOT_SHIPPED
@@ -11,7 +11,7 @@
 The same module appears in crypto/third_party/nss (and third_party/nss on some
 platforms), so we don't repeat the license file here.
 
-The snapshot was updated to the hg tag: NSS_3_15_5_BETA2
+The snapshot was updated to the hg tag: NSS_3_18_RTM
 
 Patches:
 
@@ -83,9 +83,6 @@
   * Add a function to allow the cipher suites preference order to be set.
     patches/cipherorder.patch
 
-  * Add TLS_FALLBACK_SCSV cipher suite to version fallback connections.
-    patches/fallbackscsv.patch
-
   * Add explicit functions for managing the SSL/TLS session cache.
     This is a temporary workaround until Chromium migrates to NSS's
     asynchronous certificate verification.
@@ -96,22 +93,15 @@
     patches/nssrwlock.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=957812
 
-  * Use the IANA-assigned value for the TLS padding extension.
-    patches/paddingextvalue.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=994883
-
-  * Move the signature_algorithms extension to the end of the extension list.
-    This works around a bug in WebSphere Application Server 7.0 which is
-    intolerant to the final extension having zero length.
+  * Add a comment explaining why signature_algorithms extension should be at
+    the end of the extension list. This works around a bug in WebSphere
+    Application Server 7.0, which is intolerant to the final extension having
+    zero length. This also ensures that the padding extension has non-zero
+    length.
     patches/reorderextensions.patch
 
-  * Ignore out-of-order DTLS ChangeCipherSpec.
-    patches/ignorechangecipherspec.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=1009227
-
-  * Implement server-side components of ALPN (RFC 7301).
-    patches/alpnserver.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=996250
+  * Make the build metadata deterministic
+    patches/removebuildmetadata.patch
 
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
diff --git a/net/third_party/nss/patches/aesgcmchromium.patch b/net/third_party/nss/patches/aesgcmchromium.patch
index 0cf49a1..e735837 100644
--- a/net/third_party/nss/patches/aesgcmchromium.patch
+++ b/net/third_party/nss/patches/aesgcmchromium.patch
@@ -1,6 +1,7 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 18:04:43.127747463 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 18:06:21.919386088 -0800
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index da0abfb..375ed6a 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
 @@ -8,6 +8,7 @@
  
  /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
@@ -19,7 +20,7 @@
  
  #ifndef PK11_SETATTRS
  #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
-@@ -1842,6 +1846,63 @@ ssl3_BuildRecordPseudoHeader(unsigned ch
+@@ -1874,6 +1878,63 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out,
      return 13;
  }
  
@@ -83,7 +84,7 @@
  static SECStatus
  ssl3_AESGCM(ssl3KeyMaterial *keys,
  	    PRBool doDecrypt,
-@@ -1893,10 +1960,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
+@@ -1925,10 +1986,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
      gcmParams.ulTagBits = tagSize * 8;
  
      if (doDecrypt) {
@@ -96,7 +97,7 @@
  			  maxout, in, inlen);
      }
      *outlen += (int) uOutLen;
-@@ -5103,6 +5170,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5147,6 +5208,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  	ssl3_DisableNonDTLSSuites(ss);
      }
  
@@ -107,7 +108,7 @@
      /* how many suites are permitted by policy and user preference? */
      num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
      if (!num_suites) {
-@@ -8080,6 +8151,10 @@ ssl3_HandleClientHello(sslSocket *ss, SS
+@@ -8159,6 +8224,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
  	ssl3_DisableNonDTLSSuites(ss);
      }
  
diff --git a/net/third_party/nss/patches/alpnserver.patch b/net/third_party/nss/patches/alpnserver.patch
deleted file mode 100644
index b4226b7..0000000
--- a/net/third_party/nss/patches/alpnserver.patch
+++ /dev/null
@@ -1,349 +0,0 @@
-diff --git a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs.h
-index 4ff0b7d..3f0078c 100644
---- a/net/third_party/nss/ssl/SSLerrs.h
-+++ b/net/third_party/nss/ssl/SSLerrs.h
-@@ -413,16 +413,22 @@ ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127),
- ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
- "Incorrect signature algorithm specified in a digitally-signed element.")
- 
--ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 129),
--"SSL received a malformed TLS Channel ID extension.")
-+ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129),
-+"The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.")
- 
--ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 130),
--"The application provided an invalid TLS Channel ID key.")
-+ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
-+"The server supports no protocols that the client advertises in the ALPN extension.")
- 
--ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131),
--"The application could not get a TLS Channel ID.")
--
--ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 132),
-+ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
- "The connection was using a lesser TLS version as a result of a previous"
- " handshake failure, but the server indicated that it should not have been"
- " needed.")
-+
-+ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 132),
-+"SSL received a malformed TLS Channel ID extension.")
-+
-+ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 133),
-+"The application provided an invalid TLS Channel ID key.")
-+
-+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 134),
-+"The application could not get a TLS Channel ID.")
-diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
-index 523e49a..f6530fe 100644
---- a/net/third_party/nss/ssl/ssl3ext.c
-+++ b/net/third_party/nss/ssl/ssl3ext.c
-@@ -56,10 +56,14 @@ static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss,
- 			PRUint16 ex_type, SECItem *data);
- static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
- 			PRUint16 ex_type, SECItem *data);
-+static SECStatus ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type,
-+                                              SECItem *data);
-+static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
-+                                               PRUint32 maxBytes);
- static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append,
- 					  PRUint32 maxBytes);
--static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
--					       PRUint32 maxBytes);
-+static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append,
-+                                          PRUint32 maxBytes);
- static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append,
-     PRUint32 maxBytes);
- static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
-@@ -247,6 +251,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
-     { ssl_session_ticket_xtn,     &ssl3_ServerHandleSessionTicketXtn },
-     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
-     { ssl_next_proto_nego_xtn,    &ssl3_ServerHandleNextProtoNegoXtn },
-+    { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn },
-     { ssl_use_srtp_xtn,           &ssl3_HandleUseSRTPXtn },
-     { ssl_cert_status_xtn,        &ssl3_ServerHandleStatusRequestXtn },
-     { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
-@@ -578,7 +583,8 @@ ssl3_SendSessionTicketXtn(
- 
- /* handle an incoming Next Protocol Negotiation extension. */
- static SECStatus
--ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
-+ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type,
-+                                  SECItem *data)
- {
-     if (ss->firstHsDone || data->len != 0) {
- 	/* Clients MUST send an empty NPN extension, if any. */
-@@ -623,14 +629,93 @@ ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length)
-     return SECSuccess;
- }
- 
-+/* protocol selection handler for ALPN (server side) and NPN (client side) */
- static SECStatus
--ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
--				  SECItem *data)
-+ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data)
- {
-     SECStatus rv;
-     unsigned char resultBuffer[255];
-     SECItem result = { siBuffer, resultBuffer, 0 };
- 
-+    rv = ssl3_ValidateNextProtoNego(data->data, data->len);
-+    if (rv != SECSuccess)
-+        return rv;
-+
-+    PORT_Assert(ss->nextProtoCallback);
-+    rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len,
-+                               result.data, &result.len, sizeof resultBuffer);
-+    if (rv != SECSuccess)
-+        return rv;
-+    /* If the callback wrote more than allowed to |result| it has corrupted our
-+     * stack. */
-+    if (result.len > sizeof resultBuffer) {
-+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-+        return SECFailure;
-+    }
-+
-+    if (ex_type == ssl_app_layer_protocol_xtn &&
-+        ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) {
-+        /* The callback might say OK, but then it's picked a default.
-+         * That's OK for NPN, but not ALPN. */
-+        SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
-+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL);
-+        (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol);
-+        return SECFailure;
-+    }
-+
-+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-+
-+    SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
-+    return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result);
-+}
-+
-+/* handle an incoming ALPN extension at the server */
-+static SECStatus
-+ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-+{
-+    int count;
-+    SECStatus rv;
-+
-+    /* We expressly don't want to allow ALPN on renegotiation,
-+     * despite it being permitted by the spec. */
-+    if (ss->firstHsDone || data->len == 0) {
-+        /* Clients MUST send a non-empty ALPN extension. */
-+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-+        return SECFailure;
-+    }
-+
-+    /* unlike NPN, ALPN has extra redundant length information so that
-+     * the extension is the same in both ClientHello and ServerHello */
-+    count = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
-+    if (count < 0) {
-+        return SECFailure; /* fatal alert was sent */
-+    }
-+    if (count != data->len) {
-+        return ssl3_DecodeError(ss);
-+    }
-+
-+    if (!ss->nextProtoCallback) {
-+        /* we're not configured for it */
-+        return SECSuccess;
-+    }
-+
-+    rv = ssl3_SelectAppProtocol(ss, ex_type, data);
-+    if (rv != SECSuccess) {
-+      return rv;
-+    }
-+
-+    /* prepare to send back a response, if we negotiated */
-+    if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) {
-+        return ssl3_RegisterServerHelloExtensionSender(
-+            ss, ex_type, ssl3_ServerSendAppProtoXtn);
-+    }
-+    return SECSuccess;
-+}
-+
-+static SECStatus
-+ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
-+                                  SECItem *data)
-+{
-     PORT_Assert(!ss->firstHsDone);
- 
-     if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) {
-@@ -643,37 +728,16 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
- 	return SECFailure;
-     }
- 
--    rv = ssl3_ValidateNextProtoNego(data->data, data->len);
--    if (rv != SECSuccess)
--	return rv;
--
--    /* ss->nextProtoCallback cannot normally be NULL if we negotiated the
--     * extension. However, It is possible that an application erroneously
--     * cleared the callback between the time we sent the ClientHello and now.
--     */
--    PORT_Assert(ss->nextProtoCallback != NULL);
-+    /* We should only get this call if we sent the extension, so
-+     * ss->nextProtoCallback needs to be non-NULL.  However, it is possible
-+     * that an application erroneously cleared the callback between the time
-+     * we sent the ClientHello and now. */
-     if (!ss->nextProtoCallback) {
--	/* XXX Use a better error code. This is an application error, not an
--	 * NSS bug. */
--	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-+	PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
- 	return SECFailure;
-     }
- 
--    rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len,
--			       result.data, &result.len, sizeof resultBuffer);
--    if (rv != SECSuccess)
--	return rv;
--    /* If the callback wrote more than allowed to |result| it has corrupted our
--     * stack. */
--    if (result.len > sizeof resultBuffer) {
--	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
--	return SECFailure;
--    }
--
--    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
--
--    SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
--    return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result);
-+    return ssl3_SelectAppProtocol(ss, ex_type, data);
- }
- 
- static SECStatus
-@@ -814,6 +878,47 @@ loser:
-     return -1;
- }
- 
-+static PRInt32
-+ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
-+{
-+    PRInt32 extension_length;
-+
-+    PORT_Assert(ss->opt.enableALPN);
-+    PORT_Assert(ss->ssl3.nextProto.data);
-+    PORT_Assert(ss->ssl3.nextProto.len > 0);
-+    PORT_Assert(ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED);
-+    PORT_Assert(!ss->firstHsDone);
-+
-+    extension_length = 2 /* extension type */ + 2 /* extension length */ +
-+                       2 /* protocol name list */ + 1 /* name length */ +
-+                       ss->ssl3.nextProto.len;
-+
-+    if (append && maxBytes >= extension_length) {
-+        SECStatus rv;
-+        rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
-+        if (rv != SECSuccess) {
-+            return -1;
-+        }
-+        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-+        if (rv != SECSuccess) {
-+            return -1;
-+        }
-+        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.nextProto.len + 1, 2);
-+        if (rv != SECSuccess) {
-+            return -1;
-+        }
-+        rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.nextProto.data,
-+                                          ss->ssl3.nextProto.len, 1);
-+        if (rv != SECSuccess) {
-+            return -1;
-+        }
-+    } else if (maxBytes < extension_length) {
-+        return 0;
-+    }
-+
-+    return extension_length;
-+}
-+
- static SECStatus
- ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type,
- 			     SECItem *data)
-diff --git a/net/third_party/nss/ssl/ssl3prot.h b/net/third_party/nss/ssl/ssl3prot.h
-index 4c19ade..d32be38 100644
---- a/net/third_party/nss/ssl/ssl3prot.h
-+++ b/net/third_party/nss/ssl/ssl3prot.h
-@@ -107,7 +107,8 @@ typedef enum {
-     certificate_unobtainable        = 111,
-     unrecognized_name               = 112,
-     bad_certificate_status_response = 113,
--    bad_certificate_hash_value      = 114
-+    bad_certificate_hash_value      = 114,
-+    no_application_protocol         = 120
- 
- } SSL3AlertDescription;
- 
-diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h
-index 82ae7df..5184a6e 100644
---- a/net/third_party/nss/ssl/sslerr.h
-+++ b/net/third_party/nss/ssl/sslerr.h
-@@ -193,10 +193,14 @@ SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126),
- SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
- SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
- 
--SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 129),
--SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 130),
--SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 131),
--SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 132),
-+SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK     = (SSL_ERROR_BASE + 129),
-+SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL     = (SSL_ERROR_BASE + 130),
-+
-+SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
-+
-+SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 132),
-+SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 133),
-+SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 134),
- 
- SSL_ERROR_END_OF_LIST	/* let the c compiler determine the value of this. */
- } SSLErrorCodes;
-diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
-index 028cd98..421ba21 100644
---- a/net/third_party/nss/ssl/sslsock.c
-+++ b/net/third_party/nss/ssl/sslsock.c
-@@ -1432,6 +1432,11 @@ DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd)
-     return ssl_ImportFD(model, fd, ssl_variant_datagram);
- }
- 
-+/* SSL_SetNextProtoCallback is used to select an application protocol
-+ * for ALPN and NPN.  For ALPN, this runs on the server; for NPN it
-+ * runs on the client. */
-+/* Note: The ALPN version doesn't allow for the use of a default, setting a
-+ * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */
- SECStatus
- SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
- 			 void *arg)
-@@ -1452,7 +1457,7 @@ SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
-     return SECSuccess;
- }
- 
--/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when
-+/* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when
-  * SSL_SetNextProtoNego is used.
-  */
- static SECStatus
-@@ -1471,12 +1476,6 @@ ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
- 	return SECFailure;
-     }
- 
--    if (protos_len == 0) {
--	/* The server supports the extension, but doesn't have any protocols
--	 * configured. In this case we request our favoured protocol. */
--	goto pick_first;
--    }
--
-     /* For each protocol in server preference, see if we support it. */
-     for (i = 0; i < protos_len; ) {
- 	for (j = 0; j < ss->opt.nextProtoNego.len; ) {
-@@ -1493,7 +1492,10 @@ ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
- 	i += 1 + (unsigned int)protos[i];
-     }
- 
--pick_first:
-+    /* The other side supports the extension, and either doesn't have any
-+     * protocols configured, or none of its options match ours. In this case we
-+     * request our favoured protocol. */
-+    /* This will be treated as a failure for ALPN. */
-     ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
-     result = ss->opt.nextProtoNego.data;
- 
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index 878d4036..6ddb692 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -7,51 +7,45 @@
 #
 # Point patches_dir to the src/net/third_party/nss/patches directory in a
 # chromium source tree.
-patches_dir=/Users/wtc/chrome1/src/net/third_party/nss/patches
+patches_dir=/Users/sleevi/development/chromium/src/net/third_party/nss/patches
 
-patch -p4 < $patches_dir/cachecerts.patch
+patch -p2 < $patches_dir/cachecerts.patch
 
-patch -p4 < $patches_dir/clientauth.patch
+patch -p2 < $patches_dir/clientauth.patch
 
-patch -p4 < $patches_dir/didhandshakeresume.patch
+patch -p2 < $patches_dir/didhandshakeresume.patch
 
-patch -p4 < $patches_dir/getrequestedclientcerttypes.patch
+patch -p2 < $patches_dir/getrequestedclientcerttypes.patch
 
-patch -p4 < $patches_dir/restartclientauth.patch
+patch -p2 < $patches_dir/restartclientauth.patch
 
-patch -p4 < $patches_dir/channelid.patch
+patch -p2 < $patches_dir/channelid.patch
 
-patch -p4 < $patches_dir/tlsunique.patch
+patch -p2 < $patches_dir/tlsunique.patch
 
-patch -p4 < $patches_dir/secretexporterlocks.patch
+patch -p2 < $patches_dir/secretexporterlocks.patch
 
-patch -p4 < $patches_dir/suitebonly.patch
+patch -p2 < $patches_dir/suitebonly.patch
 
-patch -p4 < $patches_dir/secitemarray.patch
+patch -p2 < $patches_dir/secitemarray.patch
 
-patch -p4 < $patches_dir/tls12chromium.patch
+patch -p2 < $patches_dir/tls12chromium.patch
 
-patch -p4 < $patches_dir/aesgcmchromium.patch
+patch -p2 < $patches_dir/aesgcmchromium.patch
 
-patch -p4 < $patches_dir/chacha20poly1305.patch
+patch -p2 < $patches_dir/chacha20poly1305.patch
 
-patch -p4 < $patches_dir/cachelocks.patch
+patch -p2 < $patches_dir/cachelocks.patch
 
-patch -p4 < $patches_dir/signedcertificatetimestamps.patch
+patch -p2 < $patches_dir/signedcertificatetimestamps.patch
 
-patch -p4 < $patches_dir/cipherorder.patch
+patch -p2 < $patches_dir/cipherorder.patch
 
-patch -p4 < $patches_dir/fallbackscsv.patch
+patch -p2 < $patches_dir/sessioncache.patch
 
-patch -p4 < $patches_dir/sessioncache.patch
+patch -p2 < $patches_dir/nssrwlock.patch
 
-patch -p4 < $patches_dir/nssrwlock.patch
+patch -p2 < $patches_dir/reorderextensions.patch
 
-patch -p4 < $patches_dir/paddingextvalue.patch
-
-patch -p4 < $patches_dir/reorderextensions.patch
-
-patch -p5 < $patches_dir/alpnserver.patch
-
-patch -p4 < $patches_dir/removebuildmetadata.patch
+patch -p2 < $patches_dir/removebuildmetadata.patch
 
diff --git a/net/third_party/nss/patches/cachecerts.patch b/net/third_party/nss/patches/cachecerts.patch
index fce438b..adb7e3e 100644
--- a/net/third_party/nss/patches/cachecerts.patch
+++ b/net/third_party/nss/patches/cachecerts.patch
@@ -1,6 +1,7 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 17:49:26.062517203 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 17:51:23.974478249 -0800
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 529eb42..ebaee61 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
 @@ -43,6 +43,7 @@
  
  static SECStatus ssl3_AuthCertificate(sslSocket *ss);
@@ -9,7 +10,7 @@
  static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
                                         PK11SlotInfo * serverKeySlot);
  static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
-@@ -6474,6 +6475,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6534,6 +6535,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
  	/* copy the peer cert from the SID */
  	if (sid->peerCert != NULL) {
  	    ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
@@ -17,7 +18,7 @@
  	}
  
  	/* NULL value for PMS signifies re-use of the old MS */
-@@ -8048,6 +8050,7 @@ compression_found:
+@@ -8127,6 +8129,7 @@ compression_found:
  	ss->sec.ci.sid = sid;
  	if (sid->peerCert != NULL) {
  	    ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
@@ -25,7 +26,7 @@
  	}
  
  	/*
-@@ -9662,6 +9665,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
+@@ -9750,6 +9753,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
      ss->ssl3.peerCertChain = NULL;
  }
  
@@ -70,7 +71,7 @@
  /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
   * ssl3 CertificateStatus message.
   * Caller must hold Handshake and RecvBuf locks.
-@@ -9940,6 +9981,7 @@ ssl3_AuthCertificate(sslSocket *ss)
+@@ -10028,6 +10069,7 @@ ssl3_AuthCertificate(sslSocket *ss)
      }
  
      ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
@@ -78,10 +79,11 @@
  
      if (!ss->sec.isServer) {
          CERTCertificate *cert = ss->sec.peerCert;
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 17:51:23.984478418 -0800
-@@ -595,6 +595,8 @@ typedef enum {	never_cached,
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 858ae0c..88a7039 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -597,6 +597,8 @@ typedef enum {	never_cached,
  		invalid_cache		/* no longer in any cache. */
  } Cached;
  
@@ -90,7 +92,7 @@
  struct sslSessionIDStr {
      /* The global cache lock must be held when accessing these members when the
       * sid is in any cache.
-@@ -609,6 +611,7 @@ struct sslSessionIDStr {
+@@ -611,6 +613,7 @@ struct sslSessionIDStr {
       */
  
      CERTCertificate *     peerCert;
@@ -98,9 +100,10 @@
      SECItemArray          peerCertStatus; /* client only */
      const char *          peerID;     /* client only */
      const char *          urlSvrName; /* client only */
-diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
---- a/nss/lib/ssl/sslnonce.c	2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslnonce.c	2014-01-17 17:51:23.984478418 -0800
+diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+index 2e861f1..be11008 100644
+--- a/ssl/sslnonce.c
++++ b/ssl/sslnonce.c
 @@ -164,6 +164,7 @@ lock_cache(void)
  static void
  ssl_DestroySID(sslSessionID *sid)
diff --git a/net/third_party/nss/patches/cachelocks.patch b/net/third_party/nss/patches/cachelocks.patch
index d52bf53..a019b6d 100644
--- a/net/third_party/nss/patches/cachelocks.patch
+++ b/net/third_party/nss/patches/cachelocks.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 18:10:16.783281701 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 18:11:03.734060469 -0800
-@@ -5678,7 +5678,6 @@ SSL3_ShutdownServerCache(void)
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index adaa9a4..708a4c7 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -5733,7 +5733,6 @@ SSL3_ShutdownServerCache(void)
      }
  
      PZ_Unlock(symWrapKeysLock);
@@ -9,7 +10,7 @@
      return SECSuccess;
  }
  
-@@ -5730,7 +5729,7 @@ getWrappingKey( sslSocket *       ss,
+@@ -5785,7 +5784,7 @@ getWrappingKey( sslSocket *       ss,
  
      pSymWrapKey = &symWrapKeys[symWrapMechIndex].symWrapKey[exchKeyType];
  
@@ -18,10 +19,11 @@
  
      PZ_Lock(symWrapKeysLock);
  
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 18:10:16.793281867 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 18:11:03.734060469 -0800
-@@ -1913,9 +1913,7 @@ extern SECStatus ssl_InitSymWrapKeysLock
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 643570f..62f822a 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1917,9 +1917,7 @@ extern SECStatus ssl_InitSymWrapKeysLock(void);
  
  extern SECStatus ssl_FreeSymWrapKeysLock(void);
  
@@ -32,9 +34,10 @@
  
  /***************** platform client auth ****************/
  
-diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
---- a/nss/lib/ssl/sslnonce.c	2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/sslnonce.c	2014-01-17 18:11:03.754060801 -0800
+diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+index 1326a8b..c45849d 100644
+--- a/ssl/sslnonce.c
++++ b/ssl/sslnonce.c
 @@ -35,91 +35,55 @@ static PZLock *      cacheLock = NULL;
  #define LOCK_CACHE 	lock_cache()
  #define UNLOCK_CACHE	PZ_Unlock(cacheLock)
@@ -59,10 +62,15 @@
 -}
 -
 -static PRBool LocksInitializedEarly = PR_FALSE;
--
--static SECStatus
++static PRCallOnceType lockOnce;
+ 
++/* FreeSessionCacheLocks is a callback from NSS_RegisterShutdown which destroys
++ * the session cache locks on shutdown and resets them to their initial
++ * state. */
+ static SECStatus
 -FreeSessionCacheLocks()
--{
++FreeSessionCacheLocks(void* appData, void* nssData)
+ {
 -    SECStatus rv1, rv2;
 -    rv1 = ssl_FreeSymWrapKeysLock();
 -    rv2 = ssl_FreeClientSessionCacheLock();
@@ -71,15 +79,12 @@
 -    }
 -    return SECFailure;
 -}
-+static PRCallOnceType lockOnce;
++    static const PRCallOnceType pristineCallOnce;
++    SECStatus rv;
  
-+/* FreeSessionCacheLocks is a callback from NSS_RegisterShutdown which destroys
-+ * the session cache locks on shutdown and resets them to their initial
-+ * state. */
- static SECStatus
+-static SECStatus
 -InitSessionCacheLocks(void)
-+FreeSessionCacheLocks(void* appData, void* nssData)
- {
+-{
 -    SECStatus rv1, rv2;
 -    PRErrorCode rc;
 -    rv1 = ssl_InitSymWrapKeysLock();
@@ -92,9 +97,7 @@
 -    PORT_SetError(rc);
 -    return SECFailure;
 -}
-+    static const PRCallOnceType pristineCallOnce;
-+    SECStatus rv;
- 
+-
 -/* free the session cache locks if they were initialized early */
 -SECStatus
 -ssl_FreeSessionCacheLocks()
@@ -160,7 +163,7 @@
      PORT_Assert(SECSuccess == rv);
      if (SECSuccess != rv) {
          return PR_FAILURE;
-@@ -127,34 +91,18 @@ static PRStatus initSessionCacheLocksLaz
+@@ -127,34 +91,18 @@ static PRStatus initSessionCacheLocksLazily(void)
      return PR_SUCCESS;
  }
  
@@ -201,10 +204,11 @@
      PZ_Lock(cacheLock);
  }
  
-diff -pu a/nss/lib/ssl/sslsnce.c b/nss/lib/ssl/sslsnce.c
---- a/nss/lib/ssl/sslsnce.c	2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslsnce.c	2014-01-17 18:11:03.774061133 -0800
-@@ -1353,7 +1353,7 @@ SSL_ConfigServerSessionIDCache(	int
+diff --git a/ssl/sslsnce.c b/ssl/sslsnce.c
+index 4d9ef38..3279200 100644
+--- a/ssl/sslsnce.c
++++ b/ssl/sslsnce.c
+@@ -1352,7 +1352,7 @@ SSL_ConfigServerSessionIDCache(	int      maxCacheEntries,
  			       	PRUint32 ssl3_timeout, 
  			  const char *   directory)
  {
@@ -213,7 +217,7 @@
      return SSL_ConfigServerSessionIDCacheInstance(&globalCache, 
      		maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE);
  }
-@@ -1467,7 +1467,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
+@@ -1466,7 +1466,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
                                  PRBool enableMPCache)
  {
      if (!enableMPCache) {
@@ -222,7 +226,7 @@
          return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache, 
             ssl2_timeout, ssl3_timeout, directory, PR_FALSE,
             maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries);
-@@ -1512,7 +1512,7 @@ SSL_InheritMPServerSIDCacheInstance(cach
+@@ -1511,7 +1511,7 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString)
      	return SECSuccess;	/* already done. */
      }
  
diff --git a/net/third_party/nss/patches/chacha20poly1305.patch b/net/third_party/nss/patches/chacha20poly1305.patch
index 028ed70..2a4c5640 100644
--- a/net/third_party/nss/patches/chacha20poly1305.patch
+++ b/net/third_party/nss/patches/chacha20poly1305.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 18:06:41.659713513 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 18:07:10.270188062 -0800
-@@ -40,6 +40,21 @@
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 375ed6a..adaa9a4 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -41,6 +41,21 @@
  #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
  #endif
  
@@ -23,16 +24,16 @@
  #include <stdio.h>
  #ifdef NSS_ENABLE_ZLIB
  #include "zlib.h"
-@@ -104,6 +119,8 @@ static ssl3CipherSuiteCfg cipherSuites[s
+@@ -105,6 +120,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
     /*      cipher_suite                     policy       enabled   isPresent */
  
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
 + { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,  SSL_ALLOWED, PR_FALSE, PR_FALSE},
 + { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
   { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
     /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
-@@ -292,6 +309,7 @@ static const ssl3BulkCipherDef bulk_ciph
+@@ -296,6 +313,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {
      {cipher_camellia_256, calg_camellia,    32,32, type_block, 16,16, 0, 0},
      {cipher_seed,         calg_seed,        16,16, type_block, 16,16, 0, 0},
      {cipher_aes_128_gcm,  calg_aes_gcm,     16,16, type_aead,   4, 0,16, 8},
@@ -40,16 +41,16 @@
      {cipher_missing,      calg_null,         0, 0, type_stream, 0, 0, 0, 0},
  };
  
-@@ -418,6 +436,8 @@ static const ssl3CipherSuiteDef cipher_s
+@@ -422,6 +440,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
      {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa},
      {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
      {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
 +    {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_rsa},
 +    {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa},
  
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
      {TLS_ECDH_ECDSA_WITH_NULL_SHA,        cipher_null, mac_sha, kea_ecdh_ecdsa},
-@@ -483,6 +503,7 @@ static const SSLCipher2Mech alg2Mech[] =
+@@ -487,6 +507,7 @@ static const SSLCipher2Mech alg2Mech[] = {
      { calg_camellia , CKM_CAMELLIA_CBC			},
      { calg_seed     , CKM_SEED_CBC			},
      { calg_aes_gcm  , CKM_AES_GCM			},
@@ -57,16 +58,16 @@
  /*  { calg_init     , (CK_MECHANISM_TYPE)0x7fffffffL    }  */
  };
  
-@@ -647,6 +668,8 @@ ssl3_CipherSuiteAllowedForVersionRange(
-      *   SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-      */
- 	return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0;
+@@ -662,6 +683,8 @@ ssl3_CipherSuiteAllowedForVersionRange(
+     case TLS_RSA_WITH_NULL_SHA256:
+         return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
+ 
 +    case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305:
 +    case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305:
-     case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
-     case TLS_RSA_WITH_AES_256_CBC_SHA256:
-     case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
-@@ -2043,6 +2066,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
+     case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+     case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+     case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
+@@ -2070,6 +2093,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
  }
  #endif
  
@@ -113,7 +114,7 @@
  /* Initialize encryption and MAC contexts for pending spec.
   * Master Secret already is derived.
   * Caller holds Spec write lock.
-@@ -2076,13 +2139,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket
+@@ -2103,13 +2166,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss)
      pwSpec->client.write_mac_context = NULL;
      pwSpec->server.write_mac_context = NULL;
  
@@ -133,10 +134,11 @@
  	return SECSuccess;
      }
  
-diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
---- a/nss/lib/ssl/ssl3ecc.c	2014-01-17 18:04:43.127747463 -0800
-+++ b/nss/lib/ssl/ssl3ecc.c	2014-01-17 18:07:10.270188062 -0800
-@@ -904,6 +904,7 @@ static const ssl3CipherSuite ecdhe_ecdsa
+diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
+index 003ed78..d5d6c9c 100644
+--- a/ssl/ssl3ecc.c
++++ b/ssl/ssl3ecc.c
+@@ -920,6 +920,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
@@ -144,7 +146,7 @@
      TLS_ECDHE_ECDSA_WITH_NULL_SHA,
      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
      0 /* end of list marker */
-@@ -915,6 +916,7 @@ static const ssl3CipherSuite ecdhe_rsa_s
+@@ -931,6 +932,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
@@ -152,7 +154,7 @@
      TLS_ECDHE_RSA_WITH_NULL_SHA,
      TLS_ECDHE_RSA_WITH_RC4_128_SHA,
      0 /* end of list marker */
-@@ -927,6 +929,7 @@ static const ssl3CipherSuite ecSuites[]
+@@ -943,6 +945,7 @@ static const ssl3CipherSuite ecSuites[] = {
      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
@@ -160,7 +162,7 @@
      TLS_ECDHE_ECDSA_WITH_NULL_SHA,
      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-@@ -934,6 +937,7 @@ static const ssl3CipherSuite ecSuites[]
+@@ -950,6 +953,7 @@ static const ssl3CipherSuite ecSuites[] = {
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
@@ -168,9 +170,10 @@
      TLS_ECDHE_RSA_WITH_NULL_SHA,
      TLS_ECDHE_RSA_WITH_RC4_128_SHA,
      TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-diff -pu a/nss/lib/ssl/sslenum.c b/nss/lib/ssl/sslenum.c
---- a/nss/lib/ssl/sslenum.c	2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslenum.c	2014-01-17 18:08:43.791739267 -0800
+diff --git a/ssl/sslenum.c b/ssl/sslenum.c
+index 09ce43f..a036627 100644
+--- a/ssl/sslenum.c
++++ b/ssl/sslenum.c
 @@ -37,17 +37,21 @@
   *
   * Exception: Because some servers ignore the high-order byte of the cipher
@@ -190,15 +193,16 @@
 + * the fifth one.
   */
  const PRUint16 SSL_ImplementedCiphers[] = {
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
 +    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
 +    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
      /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 18:03:47.906831535 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 18:07:10.270188062 -0800
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 88f559a..643570f 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
 @@ -65,6 +65,7 @@ typedef SSLSignType     SSL3SignType;
  #define calg_camellia	ssl_calg_camellia
  #define calg_seed	ssl_calg_seed
@@ -210,13 +214,13 @@
 @@ -299,7 +300,7 @@ typedef struct {
  } ssl3CipherSuiteCfg;
  
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
 -#define ssl_V3_SUITES_IMPLEMENTED 61
 +#define ssl_V3_SUITES_IMPLEMENTED 63
  #else
  #define ssl_V3_SUITES_IMPLEMENTED 37
- #endif /* NSS_ENABLE_ECC */
-@@ -483,6 +484,7 @@ typedef enum {
+ #endif /* NSS_DISABLE_ECC */
+@@ -485,6 +486,7 @@ typedef enum {
      cipher_camellia_256,
      cipher_seed,
      cipher_aes_128_gcm,
@@ -224,10 +228,11 @@
      cipher_missing              /* reserved for no such supported cipher */
      /* This enum must match ssl3_cipherName[] in ssl3con.c.  */
  } SSL3BulkCipher;
-diff -pu a/nss/lib/ssl/sslinfo.c b/nss/lib/ssl/sslinfo.c
---- a/nss/lib/ssl/sslinfo.c	2014-01-17 18:00:45.503806125 -0800
-+++ b/nss/lib/ssl/sslinfo.c	2014-01-17 18:07:10.270188062 -0800
-@@ -110,6 +110,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLCh
+diff --git a/ssl/sslinfo.c b/ssl/sslinfo.c
+index ba230d2..845d9f0 100644
+--- a/ssl/sslinfo.c
++++ b/ssl/sslinfo.c
+@@ -110,6 +110,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
  #define C_NULL  "NULL", calg_null
  #define C_SJ 	"SKIPJACK", calg_sj
  #define C_AESGCM "AES-GCM", calg_aes_gcm
@@ -235,7 +240,7 @@
  
  #define B_256	256, 256, 256
  #define B_128	128, 128, 128
-@@ -188,12 +189,14 @@ static const SSLCipherSuiteInfo suiteInf
+@@ -188,12 +189,14 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
  {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA),  S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
  {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
  {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA),  S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
@@ -250,10 +255,11 @@
  
  {0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA),           S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, },
  {0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA),        S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
-diff -pu a/nss/lib/ssl/sslproto.h b/nss/lib/ssl/sslproto.h
---- a/nss/lib/ssl/sslproto.h	2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslproto.h	2014-01-17 18:07:10.270188062 -0800
-@@ -213,6 +213,9 @@
+diff --git a/ssl/sslproto.h b/ssl/sslproto.h
+index e02442c..dc653c9 100644
+--- a/ssl/sslproto.h
++++ b/ssl/sslproto.h
+@@ -258,6 +258,9 @@
  #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   0xC02F
  #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256    0xC031
  
@@ -261,11 +267,12 @@
 +#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305	0xCC14
 +
  /* Netscape "experimental" cipher suites. */
- #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA	0xffe0
- #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA	0xffe1
-diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
---- a/nss/lib/ssl/sslt.h	2014-01-17 18:03:47.906831535 -0800
-+++ b/nss/lib/ssl/sslt.h	2014-01-17 18:07:10.270188062 -0800
+ #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA   0xffe0
+ #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA        0xffe1
+diff --git a/ssl/sslt.h b/ssl/sslt.h
+index 430d216..fe0ad07 100644
+--- a/ssl/sslt.h
++++ b/ssl/sslt.h
 @@ -94,7 +94,8 @@ typedef enum {
      ssl_calg_aes      = 7,
      ssl_calg_camellia = 8,
diff --git a/net/third_party/nss/patches/channelid.patch b/net/third_party/nss/patches/channelid.patch
index 670a6fa..9fc6012 100644
--- a/net/third_party/nss/patches/channelid.patch
+++ b/net/third_party/nss/patches/channelid.patch
@@ -1,7 +1,64 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-18 10:39:50.799150460 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-18 10:40:15.489552270 -0800
-@@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateSta
+diff --git a/ssl/SSLerrs.h b/ssl/SSLerrs.h
+index 174037b..81da41c 100644
+--- a/ssl/SSLerrs.h
++++ b/ssl/SSLerrs.h
+@@ -422,3 +422,12 @@ ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
+ ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
+ "The server rejected the handshake because the client downgraded to a lower "
+ "TLS version than the server supports.")
++
++ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 132),
++"SSL received a malformed TLS Channel ID extension.")
++
++ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 133),
++"The application provided an invalid TLS Channel ID key.")
++
++ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 134),
++"The application could not get a TLS Channel ID.")
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 593dd00..716537d 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -1025,6 +1025,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
+ SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
+                                                  PRBool *last_handshake_resumed);
+ 
++/* See SSL_SetClientChannelIDCallback for usage. If the callback returns
++ * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in
++ * the future to restart the handshake.  On SECSuccess, the callback must have
++ * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */
++typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)(
++    void *arg,
++    PRFileDesc *fd,
++    SECKEYPublicKey **out_public_key,
++    SECKEYPrivateKey **out_private_key);
++
++/* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake
++ * after a ChannelID callback returned SECWouldBlock.
++ *
++ * This function takes ownership of |channelIDPub| and |channelID|. */
++SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq(
++    PRFileDesc *fd,
++    SECKEYPublicKey *channelIDPub,
++    SECKEYPrivateKey *channelID);
++
++/* SSL_SetClientChannelIDCallback sets a callback function that will be called
++ * once the server's ServerHello has been processed. This is only applicable to
++ * a client socket and setting this callback causes the TLS Channel ID
++ * extension to be advertised. */
++SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback(
++    PRFileDesc *fd,
++    SSLClientChannelIDCallback callback,
++    void *arg);
++
+ /*
+ ** How long should we wait before retransmitting the next flight of
+ ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 1852806..45c3454 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateStatus( sslSocket *ss);
  static SECStatus ssl3_SendEmptyCertificate(  sslSocket *ss);
  static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
  static SECStatus ssl3_SendNextProto(         sslSocket *ss);
@@ -9,7 +66,7 @@
  static SECStatus ssl3_SendFinished(          sslSocket *ss, PRInt32 flags);
  static SECStatus ssl3_SendServerHello(       sslSocket *ss);
  static SECStatus ssl3_SendServerHelloDone(   sslSocket *ss);
-@@ -6221,6 +6222,15 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6281,6 +6282,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
      }
  #endif  /* NSS_PLATFORM_CLIENT_AUTH */
  
@@ -25,7 +82,7 @@
      temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
      if (temp < 0) {
      	goto loser; 	/* alert has been sent */
-@@ -6503,7 +6513,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6563,7 +6573,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
  	if (rv != SECSuccess) {
  	    goto alert_loser;	/* err code was set */
  	}
@@ -34,7 +91,7 @@
      } while (0);
  
      if (sid_match)
-@@ -6529,6 +6539,27 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6589,6 +6599,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
  
      ss->ssl3.hs.isResuming = PR_FALSE;
      ss->ssl3.hs.ws         = wait_server_cert;
@@ -62,22 +119,22 @@
      return SECSuccess;
  
  alert_loser:
-@@ -7490,7 +7521,14 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -7550,7 +7581,14 @@ ssl3_SendClientSecondRound(sslSocket *ss)
  	if (rv != SECSuccess) {
  	    goto loser;	/* err code was set. */
  	}
 +    }
- 
++
 +    rv = ssl3_SendEncryptedExtensions(ss);
 +    if (rv != SECSuccess) {
 +	goto loser; /* err code was set. */
 +    }
-+
+ 
 +    if (!ss->firstHsDone) {
  	if (ss->opt.enableFalseStart) {
  	    if (!ss->ssl3.hs.authCertificatePending) {
  		/* When we fix bug 589047, we will need to know whether we are
-@@ -7527,6 +7565,33 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -7587,6 +7625,33 @@ ssl3_SendClientSecondRound(sslSocket *ss)
  
      ssl_ReleaseXmitBufLock(ss);		/*******************************/
  
@@ -111,7 +168,7 @@
      if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
  	ss->ssl3.hs.ws = wait_new_session_ticket;
      else
-@@ -10494,6 +10559,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
+@@ -10582,6 +10647,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
  }
  
  /* called from ssl3_SendClientSecondRound
@@ -296,7 +353,7 @@
   *             ssl3_HandleClientHello
   *             ssl3_HandleFinished
   */
-@@ -10753,11 +10996,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
+@@ -10841,11 +11084,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
  	    flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
  	}
  
@@ -317,7 +374,7 @@
  	}
  
  	if (IS_DTLS(ss)) {
-@@ -12237,6 +12485,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -12325,6 +12573,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
  	ssl_FreePlatformKey(ss->ssl3.platformClientKey);
  #endif /* NSS_PLATFORM_CLIENT_AUTH */
  
@@ -329,10 +386,11 @@
      if (ss->ssl3.peerCertArena != NULL)
  	ssl3_CleanupPeerCerts(ss);
  
-diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
---- a/nss/lib/ssl/ssl3ext.c	2014-01-18 10:39:50.749149654 -0800
-+++ b/nss/lib/ssl/ssl3ext.c	2014-01-18 10:43:52.543083984 -0800
-@@ -64,6 +64,10 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSo
+diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
+index 9345be8..b6ed17d 100644
+--- a/ssl/ssl3ext.c
++++ b/ssl/ssl3ext.c
+@@ -68,6 +68,10 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append,
      PRUint32 maxBytes);
  static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
      SECItem *data);
@@ -340,10 +398,10 @@
 +    PRUint16 ex_type, SECItem *data);
 +static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
 +    PRUint32 maxBytes);
- static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
+ static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
      PRBool append, PRUint32 maxBytes);
  static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
-@@ -253,6 +257,7 @@ static const ssl3HelloExtensionHandler s
+@@ -264,6 +268,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
      { ssl_next_proto_nego_xtn,    &ssl3_ClientHandleNextProtoNegoXtn },
      { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn },
      { ssl_use_srtp_xtn,           &ssl3_HandleUseSRTPXtn },
@@ -351,19 +409,18 @@
      { ssl_cert_status_xtn,        &ssl3_ClientHandleStatusRequestXtn },
      { -1, NULL }
  };
-@@ -280,6 +285,7 @@ ssl3HelloExtensionSender clientHelloSend
+@@ -291,6 +296,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
      { ssl_next_proto_nego_xtn,    &ssl3_ClientSendNextProtoNegoXtn },
      { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
      { ssl_use_srtp_xtn,           &ssl3_SendUseSRTPXtn },
 +    { ssl_channel_id_xtn,         &ssl3_ClientSendChannelIDXtn },
      { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
-     { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
-     /* any extra entries will appear as { 0, NULL }    */
-@@ -795,6 +801,61 @@ loser:
-     return -1;
+     { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+     { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
+@@ -910,6 +916,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
  }
  
-+static SECStatus
+ static SECStatus
 +ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type,
 +			     SECItem *data)
 +{
@@ -418,26 +475,29 @@
 +    return -1;
 +}
 +
- static SECStatus
++static SECStatus
  ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
                                   SECItem *data)
-diff -pu a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h
---- a/nss/lib/ssl/ssl3prot.h	2014-01-18 10:39:34.278881614 -0800
-+++ b/nss/lib/ssl/ssl3prot.h	2014-01-18 10:40:15.499552430 -0800
-@@ -129,7 +129,8 @@ typedef enum {
-     client_key_exchange	= 16, 
-     finished		= 20,
+ {
+diff --git a/ssl/ssl3prot.h b/ssl/ssl3prot.h
+index 485d7dd..78fbcaa 100644
+--- a/ssl/ssl3prot.h
++++ b/ssl/ssl3prot.h
+@@ -136,7 +136,8 @@ typedef enum {
+     client_key_exchange = 16,
+     finished            = 20,
      certificate_status  = 22,
--    next_proto		= 67
-+    next_proto		= 67,
-+    encrypted_extensions= 203
+-    next_proto          = 67
++    next_proto          = 67,
++    encrypted_extensions = 203,
  } SSL3HandshakeType;
  
  typedef struct {
-diff -pu a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c
---- a/nss/lib/ssl/sslauth.c	2014-01-18 10:39:50.749149654 -0800
-+++ b/nss/lib/ssl/sslauth.c	2014-01-18 10:40:15.499552430 -0800
-@@ -216,6 +216,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
+diff --git a/ssl/sslauth.c b/ssl/sslauth.c
+index 7f9c43b..c2d9201 100644
+--- a/ssl/sslauth.c
++++ b/ssl/sslauth.c
+@@ -216,6 +216,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
      return SECSuccess;
  }
  
@@ -462,78 +522,26 @@
  #ifdef NSS_PLATFORM_CLIENT_AUTH
  /* NEED LOCKS IN HERE.  */
  SECStatus 
-diff -pu a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h
---- a/nss/lib/ssl/sslerr.h	2014-01-18 10:39:34.288881780 -0800
-+++ b/nss/lib/ssl/sslerr.h	2014-01-18 10:40:15.499552430 -0800
-@@ -193,6 +193,10 @@ SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (
- SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
- SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
+diff --git a/ssl/sslerr.h b/ssl/sslerr.h
+index 12dbb1d..24bf893 100644
+--- a/ssl/sslerr.h
++++ b/ssl/sslerr.h
+@@ -198,6 +198,10 @@ SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL     = (SSL_ERROR_BASE + 130),
  
-+SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 129),
-+SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 130),
-+SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 131),
+ SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT  = (SSL_ERROR_BASE + 131),
+ 
++SSL_ERROR_BAD_CHANNEL_ID_DATA           = (SSL_ERROR_BASE + 132),
++SSL_ERROR_INVALID_CHANNEL_ID_KEY        = (SSL_ERROR_BASE + 133),
++SSL_ERROR_GET_CHANNEL_ID_FAILED         = (SSL_ERROR_BASE + 134),
 +
- SSL_ERROR_END_OF_LIST	/* let the c compiler determine the value of this. */
+ SSL_ERROR_END_OF_LIST   /* let the c compiler determine the value of this. */
  } SSLErrorCodes;
  #endif /* NO_SECURITY_ERROR_ENUM */
-diff -pu a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h
---- a/nss/lib/ssl/SSLerrs.h	2014-01-18 10:39:34.238880964 -0800
-+++ b/nss/lib/ssl/SSLerrs.h	2014-01-18 10:40:15.499552430 -0800
-@@ -412,3 +412,12 @@ ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR
- 
- ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
- "Incorrect signature algorithm specified in a digitally-signed element.")
-+
-+ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 129),
-+"SSL received a malformed TLS Channel ID extension.")
-+
-+ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 130),
-+"The application provided an invalid TLS Channel ID key.")
-+
-+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131),
-+"The application could not get a TLS Channel ID.")
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h	2014-01-18 10:39:50.799150460 -0800
-+++ b/nss/lib/ssl/ssl.h	2014-01-18 10:40:15.499552430 -0800
-@@ -1015,6 +1015,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
- SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
-                                                  PRBool *last_handshake_resumed);
- 
-+/* See SSL_SetClientChannelIDCallback for usage. If the callback returns
-+ * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in
-+ * the future to restart the handshake.  On SECSuccess, the callback must have
-+ * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */
-+typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)(
-+    void *arg,
-+    PRFileDesc *fd,
-+    SECKEYPublicKey **out_public_key,
-+    SECKEYPrivateKey **out_private_key);
-+
-+/* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake
-+ * after a ChannelID callback returned SECWouldBlock.
-+ *
-+ * This function takes ownership of |channelIDPub| and |channelID|. */
-+SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq(
-+    PRFileDesc *fd,
-+    SECKEYPublicKey *channelIDPub,
-+    SECKEYPrivateKey *channelID);
-+
-+/* SSL_SetClientChannelIDCallback sets a callback function that will be called
-+ * once the server's ServerHello has been processed. This is only applicable to
-+ * a client socket and setting this callback causes the TLS Channel ID
-+ * extension to be advertised. */
-+SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback(
-+    PRFileDesc *fd,
-+    SSLClientChannelIDCallback callback,
-+    void *arg);
-+
- /*
- ** How long should we wait before retransmitting the next flight of
- ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-18 10:39:50.799150460 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-18 10:40:15.499552430 -0800
-@@ -709,6 +709,14 @@ struct sslSessionIDStr {
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index c6ac398..57346cb 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -711,6 +711,14 @@ struct sslSessionIDStr {
  
  	    SECItem           srvName;
  
@@ -548,7 +556,7 @@
  	    /* This lock is lazily initialized by CacheSID when a sid is first
  	     * cached. Before then, there is no need to lock anything because
  	     * the sid isn't being shared by anything.
-@@ -978,6 +986,9 @@ struct ssl3StateStr {
+@@ -980,6 +988,9 @@ struct ssl3StateStr {
      CERTCertificateList *clientCertChain;    /* used by client */
      PRBool               sendEmptyCert;      /* used by client */
  
@@ -558,7 +566,7 @@
      int                  policy;
  			/* This says what cipher suites we can do, and should 
  			 * be either SSL_ALLOWED or SSL_RESTRICTED 
-@@ -1255,6 +1266,8 @@ const unsigned char *  preferredCipher;
+@@ -1257,6 +1268,8 @@ const unsigned char *  preferredCipher;
      void                     *pkcs11PinArg;
      SSLNextProtoCallback      nextProtoCallback;
      void                     *nextProtoArg;
@@ -567,7 +575,7 @@
  
      PRIntervalTime            rTimeout; /* timeout for NSPR I/O */
      PRIntervalTime            wTimeout; /* timeout for NSPR I/O */
-@@ -1599,6 +1612,11 @@ extern SECStatus ssl3_RestartHandshakeAf
+@@ -1603,6 +1616,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket *    ss,
  					     SECKEYPrivateKey *   key,
  					     CERTCertificateList *certChain);
  
@@ -579,9 +587,10 @@
  extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
  
  /*
-diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
---- a/nss/lib/ssl/sslnonce.c	2014-01-18 10:39:50.739149486 -0800
-+++ b/nss/lib/ssl/sslnonce.c	2014-01-18 10:40:15.499552430 -0800
+diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+index be11008..1326a8b 100644
+--- a/ssl/sslnonce.c
++++ b/ssl/sslnonce.c
 @@ -180,6 +180,9 @@ ssl_DestroySID(sslSessionID *sid)
          if (sid->u.ssl3.srvName.data) {
              SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
@@ -592,10 +601,11 @@
  
          if (sid->u.ssl3.lock) {
              PR_DestroyRWLock(sid->u.ssl3.lock);
-diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
---- a/nss/lib/ssl/sslsecur.c	2014-01-18 10:39:50.799150460 -0800
-+++ b/nss/lib/ssl/sslsecur.c	2014-01-18 10:40:15.499552430 -0800
-@@ -1584,6 +1584,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileD
+diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
+index d44336e..5c6751a 100644
+--- a/ssl/sslsecur.c
++++ b/ssl/sslsecur.c
+@@ -1582,6 +1582,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileDesc *        fd,
      return ret;
  }
  
@@ -638,19 +648,20 @@
  /* DO NOT USE. This function was exported in ssl.def with the wrong signature;
   * this implementation exists to maintain link-time compatibility.
   */
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c	2014-01-18 10:39:50.769149984 -0800
-+++ b/nss/lib/ssl/sslsock.c	2014-01-18 10:40:15.499552430 -0800
-@@ -276,6 +276,8 @@ ssl_DupSocket(sslSocket *os)
- 	    ss->canFalseStartCallback = os->canFalseStartCallback;
- 	    ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
- 	    ss->pkcs11PinArg          = os->pkcs11PinArg;
-+	    ss->getChannelID          = os->getChannelID;
-+	    ss->getChannelIDArg       = os->getChannelIDArg;
-     
- 	    /* Create security data */
- 	    rv = ssl_CopySecurityInfo(ss, os);
-@@ -1691,6 +1693,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index a939781..d3f3bf4 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -288,6 +288,8 @@ ssl_DupSocket(sslSocket *os)
+             ss->canFalseStartCallback = os->canFalseStartCallback;
+             ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
+             ss->pkcs11PinArg          = os->pkcs11PinArg;
++            ss->getChannelID          = os->getChannelID;
++            ss->getChannelIDArg       = os->getChannelIDArg;
+ 
+             /* Create security data */
+             rv = ssl_CopySecurityInfo(ss, os);
+@@ -1733,6 +1735,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
          ss->handshakeCallbackData = sm->handshakeCallbackData;
      if (sm->pkcs11PinArg)
          ss->pkcs11PinArg          = sm->pkcs11PinArg;
@@ -661,28 +672,29 @@
      return fd;
  loser:
      return NULL;
-@@ -2968,6 +2974,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
- 	ss->badCertArg         = NULL;
- 	ss->pkcs11PinArg       = NULL;
- 	ss->ephemeralECDHKeyPair = NULL;
-+	ss->getChannelID       = NULL;
-+	ss->getChannelIDArg    = NULL;
+@@ -3021,6 +3027,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
+         ss->badCertArg         = NULL;
+         ss->pkcs11PinArg       = NULL;
+         ss->ephemeralECDHKeyPair = NULL;
++        ss->getChannelID       = NULL;
++        ss->getChannelIDArg    = NULL;
  
- 	ssl_ChooseOps(ss);
- 	ssl2_InitSocketPolicy(ss);
-diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
---- a/nss/lib/ssl/sslt.h	2014-01-18 10:39:34.328882426 -0800
-+++ b/nss/lib/ssl/sslt.h	2014-01-18 10:40:15.499552430 -0800
-@@ -190,10 +190,11 @@ typedef enum {
-     ssl_app_layer_protocol_xtn       = 16,
+         ssl_ChooseOps(ss);
+         ssl2_InitSocketPolicy(ss);
+diff --git a/ssl/sslt.h b/ssl/sslt.h
+index 1d28feb..0900f28 100644
+--- a/ssl/sslt.h
++++ b/ssl/sslt.h
+@@ -191,10 +191,11 @@ typedef enum {
+     ssl_padding_xtn                  = 21,
      ssl_session_ticket_xtn           = 35,
      ssl_next_proto_nego_xtn          = 13172,
 +    ssl_channel_id_xtn               = 30032,
-     ssl_padding_xtn                  = 35655,
-     ssl_renegotiation_info_xtn       = 0xff01	/* experimental number */
+     ssl_renegotiation_info_xtn       = 0xff01,
+     ssl_tls13_draft_version_xtn      = 0xff02   /* experimental number */
  } SSLExtensionType;
  
--#define SSL_MAX_EXTENSIONS             10 /* doesn't include ssl_padding_xtn. */
-+#define SSL_MAX_EXTENSIONS             11 /* doesn't include ssl_padding_xtn. */
+-#define SSL_MAX_EXTENSIONS             11 /* doesn't include ssl_padding_xtn. */
++#define SSL_MAX_EXTENSIONS             12 /* doesn't include ssl_padding_xtn. */
  
  #endif /* __sslt_h_ */
diff --git a/net/third_party/nss/patches/cipherorder.patch b/net/third_party/nss/patches/cipherorder.patch
index 36f0191..8943990 100644
--- a/net/third_party/nss/patches/cipherorder.patch
+++ b/net/third_party/nss/patches/cipherorder.patch
@@ -1,7 +1,26 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 18:45:24.378132013 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 18:46:29.929216162 -0800
-@@ -12540,6 +12540,46 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3Ci
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index e9f5fb0..be6d88e 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -295,6 +295,13 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
+ SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
+ SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
+ 
++/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
++ * which must be an array of cipher suite ids of length |len|. All the given
++ * cipher suite ids must appear in the array that is returned by
++ * |SSL_GetImplementedCiphers| and may only appear once, at most. */
++SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers,
++                                        unsigned int len);
++
+ /* SSLChannelBindingType enumerates the types of supported channel binding
+  * values. See RFC 5929. */
+ typedef enum SSLChannelBindingType {
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 3421e0b..c1f30a3 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -12623,6 +12623,46 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled)
      return rv;
  }
  
@@ -48,27 +67,11 @@
  /* copy global default policy into socket. */
  void
  ssl3_InitSocketPolicy(sslSocket *ss)
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h	2014-01-17 18:45:24.378132013 -0800
-+++ b/nss/lib/ssl/ssl.h	2014-01-17 18:46:29.929216162 -0800
-@@ -285,6 +285,13 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDe
- SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
- SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
- 
-+/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
-+ * which must be an array of cipher suite ids of length |len|. All the given
-+ * cipher suite ids must appear in the array that is returned by
-+ * |SSL_GetImplementedCiphers| and may only appear once, at most. */
-+SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers,
-+                                        unsigned int len);
-+
- /* SSLChannelBindingType enumerates the types of supported channel binding
-  * values. See RFC 5929. */
- typedef enum SSLChannelBindingType {
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 18:45:24.378132013 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 18:46:29.929216162 -0800
-@@ -1743,6 +1743,8 @@ extern SECStatus ssl3_CipherPrefSet(sslS
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 2f61a46..f796a14 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1747,6 +1747,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
  extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
  extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
  extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
@@ -77,14 +80,14 @@
  
  extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
  extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c	2014-01-17 18:45:24.378132013 -0800
-+++ b/nss/lib/ssl/sslsock.c	2014-01-17 18:46:29.929216162 -0800
-@@ -1278,6 +1278,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt3
-     return rv;
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index 80f4e67..13634c6 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -1316,6 +1316,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
  }
  
-+SECStatus
+ SECStatus
 +SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len)
 +{
 +    sslSocket *ss = ssl_FindSocket(fd);
@@ -97,6 +100,7 @@
 +    return ssl3_CipherOrderSet(ss, ciphers, len);
 +}
 +
- SECStatus 
++SECStatus
  SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
  {
+     SECStatus  rv;
diff --git a/net/third_party/nss/patches/clientauth.patch b/net/third_party/nss/patches/clientauth.patch
index 9283676..18e3b88 100644
--- a/net/third_party/nss/patches/clientauth.patch
+++ b/net/third_party/nss/patches/clientauth.patch
@@ -1,7 +1,61 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 17:52:00.295082288 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 17:52:19.745405758 -0800
-@@ -2471,6 +2471,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 91a47a6..4e7d52e 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -543,6 +543,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetClientAuthData)(void *arg,
+ SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd, 
+ 			                       SSLGetClientAuthData f, void *a);
+ 
++/*
++ * Prototype for SSL callback to get client auth data from the application,
++ * optionally using the underlying platform's cryptographic primitives.
++ * To use the platform cryptographic primitives, caNames and pRetCerts
++ * should be set.  To use NSS, pRetNSSCert and pRetNSSKey should be set.
++ * Returning SECFailure will cause the socket to send no client certificate.
++ *	arg - application passed argument
++ *	caNames - pointer to distinguished names of CAs that the server likes
++ *	pRetCerts - pointer to pointer to list of certs, with the first being
++ *		    the client cert, and any following being used for chain
++ *		    building
++ *	pRetKey - pointer to native key pointer, for return of key
++ *          - Windows: A pointer to a PCERT_KEY_CONTEXT that was allocated
++ *                     via PORT_Alloc(). Ownership of the PCERT_KEY_CONTEXT
++ *                     is transferred to NSS, which will free via
++ *                     PORT_Free().
++ *          - Mac OS X: A pointer to a SecKeyRef. Ownership is
++ *                      transferred to NSS, which will free via CFRelease().
++ *	pRetNSSCert - pointer to pointer to NSS cert, for return of cert.
++ *	pRetNSSKey - pointer to NSS key pointer, for return of key.
++ */
++typedef SECStatus (PR_CALLBACK *SSLGetPlatformClientAuthData)(void *arg,
++                                PRFileDesc *fd,
++                                CERTDistNames *caNames,
++                                CERTCertList **pRetCerts,/*return */
++                                void **pRetKey,/* return */
++                                CERTCertificate **pRetNSSCert,/*return */
++                                SECKEYPrivateKey **pRetNSSKey);/* return */
++
++/*
++ * Set the client side callback for SSL to retrieve user's private key
++ * and certificate.
++ * Note: If a platform client auth callback is set, the callback configured by
++ * SSL_GetClientAuthDataHook, if any, will not be called.
++ *
++ *	fd - the file descriptor for the connection in question
++ *	f - the application's callback that delivers the key and cert
++ *	a - application specific data
++ */
++SSL_IMPORT SECStatus
++SSL_GetPlatformClientAuthDataHook(PRFileDesc *fd,
++                                  SSLGetPlatformClientAuthData f, void *a);
+ 
+ /*
+ ** SNI extension processing callback function.
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index ebaee61..40ae885 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -2503,6 +2503,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
      PRBool isPresent = PR_TRUE;
  
      /* we only care if we are doing client auth */
@@ -11,7 +65,7 @@
      if (!sid || !sid->u.ssl3.clAuthValid) {
  	return PR_TRUE;
      }
-@@ -6103,25 +6106,36 @@ ssl3_SendCertificateVerify(sslSocket *ss
+@@ -6163,25 +6166,36 @@ ssl3_SendCertificateVerify(sslSocket *ss)
  
      isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
      isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
@@ -65,7 +119,7 @@
      if (rv != SECSuccess) {
  	goto done;	/* err code was set by ssl3_SignHashes */
      }
-@@ -6200,6 +6214,12 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6260,6 +6274,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
         SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
         ss->ssl3.clientPrivateKey = NULL;
      }
@@ -78,7 +132,7 @@
  
      temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
      if (temp < 0) {
-@@ -6827,6 +6847,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss,
+@@ -6887,6 +6907,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss,
  	goto done;
      }
  
@@ -97,7 +151,7 @@
      /* If the key is a 1024-bit RSA or DSA key, assume conservatively that
       * it may be unable to sign SHA-256 hashes. This is the case for older
       * Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and
-@@ -6925,6 +6957,10 @@ ssl3_HandleCertificateRequest(sslSocket
+@@ -6985,6 +7017,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
      SECItem              cert_types  = {siBuffer, NULL, 0};
      SECItem              algorithms  = {siBuffer, NULL, 0};
      CERTDistNames        ca_list;
@@ -108,7 +162,7 @@
  
      SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake",
  		SSL_GETPID(), ss->fd));
-@@ -6941,6 +6977,7 @@ ssl3_HandleCertificateRequest(sslSocket
+@@ -7001,6 +7037,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
      PORT_Assert(ss->ssl3.clientCertChain == NULL);
      PORT_Assert(ss->ssl3.clientCertificate == NULL);
      PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
@@ -116,7 +170,7 @@
  
      isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
      isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-@@ -7020,6 +7057,18 @@ ssl3_HandleCertificateRequest(sslSocket
+@@ -7080,6 +7117,18 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
      desc = no_certificate;
      ss->ssl3.hs.ws = wait_hello_done;
  
@@ -135,7 +189,7 @@
      if (ss->getClientAuthData != NULL) {
  	/* XXX Should pass cert_types and algorithms in this call!! */
  	rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
-@@ -7029,12 +7078,55 @@ ssl3_HandleCertificateRequest(sslSocket
+@@ -7089,12 +7138,55 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
      } else {
  	rv = SECFailure; /* force it to send a no_certificate alert */
      }
@@ -191,7 +245,7 @@
          /* check what the callback function returned */
          if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) {
              /* we are missing either the key or cert */
-@@ -7096,6 +7188,10 @@ loser:
+@@ -7156,6 +7248,10 @@ loser:
  done:
      if (arena != NULL)
      	PORT_FreeArena(arena, PR_FALSE);
@@ -202,7 +256,7 @@
      return rv;
  }
  
-@@ -7213,7 +7309,8 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -7273,7 +7369,8 @@ ssl3_SendClientSecondRound(sslSocket *ss)
  
      sendClientCert = !ss->ssl3.sendEmptyCert &&
  		     ss->ssl3.clientCertChain  != NULL &&
@@ -212,7 +266,7 @@
  
      if (!sendClientCert &&
  	ss->ssl3.hs.hashType == handshake_hash_single &&
-@@ -12052,6 +12149,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -12140,6 +12237,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
  
      if (ss->ssl3.clientPrivateKey != NULL)
  	SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
@@ -223,9 +277,10 @@
  
      if (ss->ssl3.peerCertArena != NULL)
  	ssl3_CleanupPeerCerts(ss);
-diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
---- a/nss/lib/ssl/ssl3ext.c	2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/ssl3ext.c	2014-01-17 17:52:19.745405758 -0800
+diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
+index 3660866..9345be8 100644
+--- a/ssl/ssl3ext.c
++++ b/ssl/ssl3ext.c
 @@ -10,8 +10,8 @@
  #include "nssrenam.h"
  #include "nss.h"
@@ -236,10 +291,11 @@
  #include "pk11pub.h"
  #ifdef NO_PKCS11_BYPASS
  #include "blapit.h"
-diff -pu a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c
---- a/nss/lib/ssl/sslauth.c	2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslauth.c	2014-01-17 17:52:19.755405924 -0800
-@@ -216,6 +216,28 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
+diff --git a/ssl/sslauth.c b/ssl/sslauth.c
+index ed74d94..7f9c43b 100644
+--- a/ssl/sslauth.c
++++ b/ssl/sslauth.c
+@@ -216,6 +216,28 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
      return SECSuccess;
  }
  
@@ -268,61 +324,10 @@
  /* NEED LOCKS IN HERE.  */
  SECStatus 
  SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg)
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h	2014-01-17 17:49:26.062517203 -0800
-+++ b/nss/lib/ssl/ssl.h	2014-01-17 17:52:19.755405924 -0800
-@@ -533,6 +533,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetCl
- SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd, 
- 			                       SSLGetClientAuthData f, void *a);
- 
-+/*
-+ * Prototype for SSL callback to get client auth data from the application,
-+ * optionally using the underlying platform's cryptographic primitives.
-+ * To use the platform cryptographic primitives, caNames and pRetCerts
-+ * should be set.  To use NSS, pRetNSSCert and pRetNSSKey should be set.
-+ * Returning SECFailure will cause the socket to send no client certificate.
-+ *	arg - application passed argument
-+ *	caNames - pointer to distinguished names of CAs that the server likes
-+ *	pRetCerts - pointer to pointer to list of certs, with the first being
-+ *		    the client cert, and any following being used for chain
-+ *		    building
-+ *	pRetKey - pointer to native key pointer, for return of key
-+ *          - Windows: A pointer to a PCERT_KEY_CONTEXT that was allocated
-+ *                     via PORT_Alloc(). Ownership of the PCERT_KEY_CONTEXT
-+ *                     is transferred to NSS, which will free via
-+ *                     PORT_Free().
-+ *          - Mac OS X: A pointer to a SecKeyRef. Ownership is
-+ *                      transferred to NSS, which will free via CFRelease().
-+ *	pRetNSSCert - pointer to pointer to NSS cert, for return of cert.
-+ *	pRetNSSKey - pointer to NSS key pointer, for return of key.
-+ */
-+typedef SECStatus (PR_CALLBACK *SSLGetPlatformClientAuthData)(void *arg,
-+                                PRFileDesc *fd,
-+                                CERTDistNames *caNames,
-+                                CERTCertList **pRetCerts,/*return */
-+                                void **pRetKey,/* return */
-+                                CERTCertificate **pRetNSSCert,/*return */
-+                                SECKEYPrivateKey **pRetNSSKey);/* return */
-+
-+/*
-+ * Set the client side callback for SSL to retrieve user's private key
-+ * and certificate.
-+ * Note: If a platform client auth callback is set, the callback configured by
-+ * SSL_GetClientAuthDataHook, if any, will not be called.
-+ *
-+ *	fd - the file descriptor for the connection in question
-+ *	f - the application's callback that delivers the key and cert
-+ *	a - application specific data
-+ */
-+SSL_IMPORT SECStatus
-+SSL_GetPlatformClientAuthDataHook(PRFileDesc *fd,
-+                                  SSLGetPlatformClientAuthData f, void *a);
- 
- /*
- ** SNI extension processing callback function.
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 17:52:00.295082288 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 17:52:19.755405924 -0800
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 88a7039..cda1869 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
 @@ -20,6 +20,7 @@
  #include "sslerr.h"
  #include "ssl3prot.h"
@@ -347,7 +352,7 @@
  /* to make some of these old enums public without namespace pollution,
  ** it was necessary to prepend ssl_ to the names.
  ** These #defines preserve compatibility with the old code here in libssl.
-@@ -441,6 +451,14 @@ struct sslGatherStr {
+@@ -443,6 +453,14 @@ struct sslGatherStr {
  #define GS_DATA		3
  #define GS_PAD		4
  
@@ -362,7 +367,7 @@
  
  
  /*
-@@ -953,6 +971,10 @@ struct ssl3StateStr {
+@@ -955,6 +973,10 @@ struct ssl3StateStr {
  
      CERTCertificate *    clientCertificate;  /* used by client */
      SECKEYPrivateKey *   clientPrivateKey;   /* used by client */
@@ -373,7 +378,7 @@
      CERTCertificateList *clientCertChain;    /* used by client */
      PRBool               sendEmptyCert;      /* used by client */
  
-@@ -1214,6 +1236,10 @@ const unsigned char *  preferredCipher;
+@@ -1216,6 +1238,10 @@ const unsigned char *  preferredCipher;
      void                     *authCertificateArg;
      SSLGetClientAuthData      getClientAuthData;
      void                     *getClientAuthDataArg;
@@ -384,7 +389,7 @@
      SSLSNISocketConfig        sniSocketConfig;
      void                     *sniSocketConfigArg;
      SSLBadCertHandler         handleBadCert;
-@@ -1852,6 +1878,26 @@ extern SECStatus ssl_InitSessionCacheLoc
+@@ -1856,6 +1882,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
  
  extern SECStatus ssl_FreeSessionCacheLocks(void);
  
@@ -411,21 +416,22 @@
  
  /**************** DTLS-specific functions **************/
  extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg);
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c	2014-01-17 17:49:40.942764689 -0800
-+++ b/nss/lib/ssl/sslsock.c	2014-01-17 17:52:19.755405924 -0800
-@@ -263,6 +263,10 @@ ssl_DupSocket(sslSocket *os)
- 	    ss->authCertificateArg    = os->authCertificateArg;
- 	    ss->getClientAuthData     = os->getClientAuthData;
- 	    ss->getClientAuthDataArg  = os->getClientAuthDataArg;
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index 90bc457..fccc664 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -275,6 +275,10 @@ ssl_DupSocket(sslSocket *os)
+             ss->authCertificateArg    = os->authCertificateArg;
+             ss->getClientAuthData     = os->getClientAuthData;
+             ss->getClientAuthDataArg  = os->getClientAuthDataArg;
 +#ifdef NSS_PLATFORM_CLIENT_AUTH
-+	    ss->getPlatformClientAuthData    = os->getPlatformClientAuthData;
-+	    ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
++            ss->getPlatformClientAuthData    = os->getPlatformClientAuthData;
++            ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
 +#endif
              ss->sniSocketConfig       = os->sniSocketConfig;
              ss->sniSocketConfigArg    = os->sniSocketConfigArg;
- 	    ss->handleBadCert         = os->handleBadCert;
-@@ -1667,6 +1671,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
+             ss->handleBadCert         = os->handleBadCert;
+@@ -1709,6 +1713,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
          ss->getClientAuthData     = sm->getClientAuthData;
      if (sm->getClientAuthDataArg)
          ss->getClientAuthDataArg  = sm->getClientAuthDataArg;
@@ -438,14 +444,14 @@
      if (sm->sniSocketConfig)
          ss->sniSocketConfig       = sm->sniSocketConfig;
      if (sm->sniSocketConfigArg)
-@@ -2921,6 +2931,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
+@@ -2974,6 +2984,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
          ss->sniSocketConfig    = NULL;
          ss->sniSocketConfigArg = NULL;
- 	ss->getClientAuthData  = NULL;
+         ss->getClientAuthData  = NULL;
 +#ifdef NSS_PLATFORM_CLIENT_AUTH
-+	ss->getPlatformClientAuthData = NULL;
-+	ss->getPlatformClientAuthDataArg = NULL;
++        ss->getPlatformClientAuthData = NULL;
++        ss->getPlatformClientAuthDataArg = NULL;
 +#endif   /* NSS_PLATFORM_CLIENT_AUTH */
- 	ss->handleBadCert      = NULL;
- 	ss->badCertArg         = NULL;
- 	ss->pkcs11PinArg       = NULL;
+         ss->handleBadCert      = NULL;
+         ss->badCertArg         = NULL;
+         ss->pkcs11PinArg       = NULL;
diff --git a/net/third_party/nss/patches/didhandshakeresume.patch b/net/third_party/nss/patches/didhandshakeresume.patch
index 70f878d..f4b04be 100644
--- a/net/third_party/nss/patches/didhandshakeresume.patch
+++ b/net/third_party/nss/patches/didhandshakeresume.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h	2014-01-17 17:52:46.715854283 -0800
-+++ b/nss/lib/ssl/ssl.h	2014-01-17 17:53:20.876422375 -0800
-@@ -997,6 +997,9 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 4e7d52e..34142fc 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -1007,6 +1007,9 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
                                                        SSLExtensionType extId,
                                                        PRBool *yes);
  
@@ -11,10 +12,11 @@
  /*
  ** How long should we wait before retransmitting the next flight of
  ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c	2014-01-17 17:52:46.715854283 -0800
-+++ b/nss/lib/ssl/sslsock.c	2014-01-17 17:53:20.876422375 -0800
-@@ -1855,6 +1855,20 @@ SSL_PeerStapledOCSPResponses(PRFileDesc
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index fccc664..688f399 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -1897,6 +1897,20 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
      return &ss->sec.ci.sid->peerCertStatus;
  }
  
diff --git a/net/third_party/nss/patches/fallbackscsv.patch b/net/third_party/nss/patches/fallbackscsv.patch
deleted file mode 100644
index 13f5b473..0000000
--- a/net/third_party/nss/patches/fallbackscsv.patch
+++ /dev/null
@@ -1,213 +0,0 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 18:46:51.999581198 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 18:47:05.509804656 -0800
-@@ -3473,6 +3473,9 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffe
-     case certificate_unknown: 	error = SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT;
- 			        					  break;
-     case illegal_parameter: 	error = SSL_ERROR_ILLEGAL_PARAMETER_ALERT;break;
-+    case inappropriate_fallback:
-+        error = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
-+        break;
- 
-     /* All alerts below are TLS only. */
-     case unknown_ca: 		error = SSL_ERROR_UNKNOWN_CA_ALERT;       break;
-@@ -4986,6 +4989,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
-     int              num_suites;
-     int              actual_count = 0;
-     PRBool           isTLS = PR_FALSE;
-+    PRBool           requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE;
-     PRInt32          total_exten_len = 0;
-     unsigned         paddingExtensionLen;
-     unsigned         numCompressionMethods;
-@@ -5128,6 +5132,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
-     }
- 
-     if (sid) {
-+	requestingResume = PR_TRUE;
- 	SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits );
- 
- 	PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
-@@ -5246,8 +5251,15 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
-     	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
-     	return SECFailure;	/* count_cipher_suites has set error code. */
-     }
-+
-+    fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume ||
-+						  ss->version < sid->version);
-+    /* make room for SCSV */
-     if (ss->ssl3.hs.sendingSCSV) {
--	++num_suites;   /* make room for SCSV */
-+	++num_suites;
-+    }
-+    if (fallbackSCSV) {
-+	++num_suites;
-     }
- 
-     /* count compression methods */
-@@ -5389,11 +5389,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
-	    if (rv != SECSuccess) {
-		if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
-		return rv;	/* err set by ssl3_AppendHandshake* */
-	    }
-	}
-    }
-
-+    if (fallbackSCSV) {
-+	rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
-+					sizeof(ssl3CipherSuite));
-+	if (rv != SECSuccess) {
-+	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
-+	    return rv;	/* err set by ssl3_AppendHandshake* */
-+	}
-+	actual_count++;
-+    }
-+
-    /* if cards were removed or inserted between count_cipher_suites and
-     * generating our list, detect the error here rather than send it off to
-     * the server.. */
-    if (actual_count != num_suites) {
-@@ -8084,6 +8105,19 @@ ssl3_HandleClientHello(sslSocket *ss, SS
- 	goto loser;		/* malformed */
-     }
- 
-+    /* If the ClientHello version is less than our maximum version, check for a
-+     * TLS_FALLBACK_SCSV and reject the connection if found. */
-+    if (ss->vrange.max > ss->clientHelloVersion) {
-+	for (i = 0; i + 1 < suites.len; i += 2) {
-+	    PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
-+	    if (suite_i != TLS_FALLBACK_SCSV)
-+		continue;
-+	    desc = inappropriate_fallback;
-+	    errCode = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
-+	    goto alert_loser;
-+	}
-+    }
-+
-     /* grab the list of compression methods. */
-     rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length);
-     if (rv != SECSuccess) {
-diff -pu a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h
---- a/nss/lib/ssl/ssl3prot.h	2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/ssl3prot.h	2014-01-17 18:47:05.509804656 -0800
-@@ -98,6 +98,7 @@ typedef enum {
-     protocol_version        = 70,
-     insufficient_security   = 71,
-     internal_error          = 80,
-+    inappropriate_fallback  = 86,	/* could also be sent for SSLv3 */
-     user_canceled           = 90,
-     no_renegotiation        = 100,
- 
-diff -pu a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h
---- a/nss/lib/ssl/sslerr.h	2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/sslerr.h	2014-01-17 18:47:05.509804656 -0800
-@@ -196,6 +196,7 @@ SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM
- SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 129),
- SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 130),
- SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 131),
-+SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 132),
- 
- SSL_ERROR_END_OF_LIST	/* let the c compiler determine the value of this. */
- } SSLErrorCodes;
-diff -pu a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h
---- a/nss/lib/ssl/SSLerrs.h	2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/SSLerrs.h	2014-01-17 18:47:05.509804656 -0800
-@@ -421,3 +421,8 @@ ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (S
- 
- ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131),
- "The application could not get a TLS Channel ID.")
-+
-+ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 132),
-+"The connection was using a lesser TLS version as a result of a previous"
-+" handshake failure, but the server indicated that it should not have been"
-+" needed.")
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h	2014-01-17 18:46:51.999581198 -0800
-+++ b/nss/lib/ssl/ssl.h	2014-01-17 18:48:54.971613341 -0800
-@@ -183,6 +183,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
- 
- /* Request Signed Certificate Timestamps via TLS extension (client) */
- #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 27
-+#define SSL_ENABLE_FALLBACK_SCSV       28 /* Send fallback SCSV in
-+                                           * handshakes. */
- 
- #ifdef SSL_DEPRECATED_FUNCTION 
- /* Old deprecated function names */
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 18:46:51.999581198 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 18:51:17.963962287 -0800
-@@ -338,6 +338,7 @@ typedef struct sslOptionsStr {
-     unsigned int enableNPN              : 1;  /* 26 */
-     unsigned int enableALPN             : 1;  /* 27 */
-     unsigned int enableSignedCertTimestamps : 1;  /* 28 */
-+    unsigned int enableFallbackSCSV     : 1;  /* 29 */
- } sslOptions;
- 
- typedef enum { sslHandshakingUndetermined = 0,
-diff -pu a/nss/lib/ssl/sslproto.h b/nss/lib/ssl/sslproto.h
---- a/nss/lib/ssl/sslproto.h	2014-01-17 18:10:16.793281867 -0800
-+++ b/nss/lib/ssl/sslproto.h	2014-01-17 18:47:05.509804656 -0800
-@@ -172,6 +172,11 @@
-  */
- #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV	0x00FF
- 
-+/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
-+ * handshake is the result of TLS version fallback. This value is not IANA
-+ * assigned. */
-+#define TLS_FALLBACK_SCSV			0x5600
-+
- /* Cipher Suite Values starting with 0xC000 are defined in informational
-  * RFCs.
-  */
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c	2014-01-17 18:46:52.009581364 -0800
-+++ b/nss/lib/ssl/sslsock.c	2014-01-17 18:59:17.931852364 -0800
-@@ -88,7 +88,8 @@ static sslOptions ssl_defaults = {
-     PR_FALSE,   /* enableOCSPStapling */
-     PR_TRUE,    /* enableNPN          */
-     PR_FALSE,   /* enableALPN         */
--    PR_FALSE    /* enableSignedCertTimestamps */
-+    PR_FALSE,   /* enableSignedCertTimestamps */
-+    PR_FALSE    /* enableFallbackSCSV */
- };
- 
- /*
-@@ -792,6 +793,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
- 	ss->opt.enableSignedCertTimestamps = on;
- 	break;
- 
-+      case SSL_ENABLE_FALLBACK_SCSV:
-+       ss->opt.enableFallbackSCSV = on;
-+       break;
-+
-       default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
- 	rv = SECFailure;
-@@ -867,6 +872,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
-     case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
- 	on = ss->opt.enableSignedCertTimestamps;
- 	break;
-+    case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
- 
-     default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -933,6 +939,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
-     case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
- 	on = ssl_defaults.enableSignedCertTimestamps;
- 	break;
-+    case SSL_ENABLE_FALLBACK_SCSV:
-+	on = ssl_defaults.enableFallbackSCSV;
-+	break;
- 
-     default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1112,6 +1121,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
- 	ssl_defaults.enableSignedCertTimestamps = on;
- 	break;
- 
-+      case SSL_ENABLE_FALLBACK_SCSV:
-+       ssl_defaults.enableFallbackSCSV = on;
-+       break;
-+
-       default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
- 	return SECFailure;
diff --git a/net/third_party/nss/patches/getrequestedclientcerttypes.patch b/net/third_party/nss/patches/getrequestedclientcerttypes.patch
index 9ca8abd..db1464c 100644
--- a/net/third_party/nss/patches/getrequestedclientcerttypes.patch
+++ b/net/third_party/nss/patches/getrequestedclientcerttypes.patch
@@ -1,28 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 17:52:46.705854118 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 17:54:27.087523439 -0800
-@@ -6985,6 +6985,9 @@ ssl3_HandleCertificateRequest(sslSocket
-     if (rv != SECSuccess)
-     	goto loser;		/* malformed, alert has been sent */
- 
-+    PORT_Assert(!ss->requestedCertTypes);
-+    ss->requestedCertTypes = &cert_types;
-+
-     if (isTLS12) {
- 	rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
- 	if (rv != SECSuccess)
-@@ -7186,6 +7189,7 @@ loser:
-     PORT_SetError(errCode);
-     rv = SECFailure;
- done:
-+    ss->requestedCertTypes = NULL;
-     if (arena != NULL)
-     	PORT_FreeArena(arena, PR_FALSE);
- #ifdef NSS_PLATFORM_CLIENT_AUTH
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h	2014-01-17 17:53:39.726735852 -0800
-+++ b/nss/lib/ssl/ssl.h	2014-01-17 17:54:27.087523439 -0800
-@@ -793,6 +793,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWith
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 34142fc..e2d1b09 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -803,6 +803,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
                                                  PRBool flushCache,
                                                  PRIntervalTime timeout);
  
@@ -39,10 +19,33 @@
  
  #ifdef SSL_DEPRECATED_FUNCTION 
  /* deprecated!
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 17:52:46.715854283 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 17:54:27.087523439 -0800
-@@ -1229,6 +1229,10 @@ struct sslSocketStr {
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 40ae885..cb59cc1 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -7045,6 +7045,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+     if (rv != SECSuccess)
+     	goto loser;		/* malformed, alert has been sent */
+ 
++    PORT_Assert(!ss->requestedCertTypes);
++    ss->requestedCertTypes = &cert_types;
++
+     if (isTLS12) {
+ 	rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
+ 	if (rv != SECSuccess)
+@@ -7246,6 +7249,7 @@ loser:
+     PORT_SetError(errCode);
+     rv = SECFailure;
+ done:
++    ss->requestedCertTypes = NULL;
+     if (arena != NULL)
+     	PORT_FreeArena(arena, PR_FALSE);
+ #ifdef NSS_PLATFORM_CLIENT_AUTH
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index cda1869..9f59f5a 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1231,6 +1231,10 @@ struct sslSocketStr {
      unsigned int     sizeCipherSpecs;
  const unsigned char *  preferredCipher;
  
@@ -53,10 +56,11 @@
      ssl3KeyPair *         stepDownKeyPair;	/* RSA step down keys */
  
      /* Callbacks */
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c	2014-01-17 17:53:39.726735852 -0800
-+++ b/nss/lib/ssl/sslsock.c	2014-01-17 17:54:27.097523605 -0800
-@@ -1869,6 +1869,20 @@ SSL_HandshakeResumedSession(PRFileDesc *
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index 688f399..a939781 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -1911,6 +1911,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
      return SECSuccess;
  }
  
@@ -77,11 +81,11 @@
  /************************************************************************/
  /* The following functions are the TOP LEVEL SSL functions.
  ** They all get called through the NSPRIOMethods table below.
-@@ -2936,6 +2950,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
- 	    sc->serverKeyBits   = 0;
- 	    ss->certStatusArray[i] = NULL;
- 	}
-+	ss->requestedCertTypes = NULL;
- 	ss->stepDownKeyPair    = NULL;
- 	ss->dbHandle           = CERT_GetDefaultCertDB();
+@@ -2989,6 +3003,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
+             sc->serverKeyBits   = 0;
+             ss->certStatusArray[i] = NULL;
+         }
++        ss->requestedCertTypes = NULL;
+         ss->stepDownKeyPair    = NULL;
+         ss->dbHandle           = CERT_GetDefaultCertDB();
  
diff --git a/net/third_party/nss/patches/nssrwlock.patch b/net/third_party/nss/patches/nssrwlock.patch
index 2f10a4fb..c5e2b57c 100644
--- a/net/third_party/nss/patches/nssrwlock.patch
+++ b/net/third_party/nss/patches/nssrwlock.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 19:01:58.104487211 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 19:02:38.965159506 -0800
-@@ -5211,7 +5211,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 17c368e..424c1fb 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -5246,7 +5246,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
       * the lock across the calls to ssl3_CallHelloExtensionSenders.
       */
      if (sid->u.ssl3.lock) {
@@ -10,7 +11,7 @@
      }
  
      if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) {
-@@ -5220,7 +5220,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5255,7 +5255,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  
  	extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL);
  	if (extLen < 0) {
@@ -18,8 +19,8 @@
 +	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
  	    return SECFailure;
  	}
- 	maxBytes        -= extLen;
-@@ -5248,7 +5248,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ 	total_exten_len += extLen;
+@@ -5282,7 +5282,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
      /* how many suites are permitted by policy and user preference? */
      num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
      if (!num_suites) {
@@ -28,7 +29,7 @@
      	return SECFailure;	/* count_cipher_suites has set error code. */
      }
  
-@@ -5293,7 +5293,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5327,7 +5327,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  
      rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
      if (rv != SECSuccess) {
@@ -37,7 +38,7 @@
  	return rv;	/* err set by ssl3_AppendHandshake* */
      }
  
-@@ -5312,21 +5312,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5346,21 +5346,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  	rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
      }
      if (rv != SECSuccess) {
@@ -62,16 +63,16 @@
  	return rv;	/* err set by ssl3_AppendHandshake* */
      }
  
-@@ -5336,7 +5336,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5370,7 +5370,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
      else
- 	rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+ 	rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
      if (rv != SECSuccess) {
 -	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
 +	if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
  	return rv;	/* err set by ssl3_AppendHandshake* */
      }
  
-@@ -5344,14 +5344,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5378,14 +5378,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  	rv = ssl3_AppendHandshakeVariable(
  	    ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1);
  	if (rv != SECSuccess) {
@@ -88,7 +89,7 @@
  	return rv;	/* err set by ssl3_AppendHandshake* */
      }
  
-@@ -5360,7 +5360,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5394,7 +5394,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  	rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
  					sizeof(ssl3CipherSuite));
  	if (rv != SECSuccess) {
@@ -97,7 +98,7 @@
  	    return rv;	/* err set by ssl3_AppendHandshake* */
  	}
  	actual_count++;
-@@ -5369,7 +5369,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5403,7 +5403,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  	rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
  					sizeof(ssl3CipherSuite));
  	if (rv != SECSuccess) {
@@ -106,7 +107,7 @@
  	    return rv;	/* err set by ssl3_AppendHandshake* */
  	}
  	actual_count++;
-@@ -5379,7 +5379,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5413,7 +5413,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  	if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
  	    actual_count++;
  	    if (actual_count > num_suites) {
@@ -115,7 +116,7 @@
  		/* set error card removal/insertion error */
  		PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
  		return SECFailure;
-@@ -5387,7 +5387,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5421,7 +5421,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  	    rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite,
  					    sizeof(ssl3CipherSuite));
  	    if (rv != SECSuccess) {
@@ -124,7 +125,7 @@
  		return rv;	/* err set by ssl3_AppendHandshake* */
  	    }
  	}
-@@ -5398,14 +5398,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5432,14 +5432,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
       * the server.. */
      if (actual_count != num_suites) {
  	/* Card removal/insertion error */
@@ -141,7 +142,7 @@
  	return rv;	/* err set by ssl3_AppendHandshake* */
      }
      for (i = 0; i < compressionMethodsCount; i++) {
-@@ -5413,7 +5413,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5447,7 +5447,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  	    continue;
  	rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1);
  	if (rv != SECSuccess) {
@@ -150,7 +151,7 @@
  	    return rv;	/* err set by ssl3_AppendHandshake* */
  	}
      }
-@@ -5424,20 +5424,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5458,20 +5458,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  
  	rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2);
  	if (rv != SECSuccess) {
@@ -174,7 +175,7 @@
  	    return SECFailure;
  	}
  	maxBytes -= extLen;
-@@ -5446,7 +5446,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5480,7 +5480,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
      } 
  
      if (sid->u.ssl3.lock) {
@@ -183,10 +184,11 @@
      }
  
      if (ss->xtnData.sentSessionTicketInClientHello) {
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 19:00:52.843413560 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 19:02:38.965159506 -0800
-@@ -730,7 +730,7 @@ struct sslSessionIDStr {
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index f796a14..a809616 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -731,7 +731,7 @@ struct sslSessionIDStr {
  	     * cached. Before then, there is no need to lock anything because
  	     * the sid isn't being shared by anything.
  	     */
@@ -195,9 +197,10 @@
  
  	    /* The lock must be held while reading or writing these members
  	     * because they change while the sid is cached.
-diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
---- a/nss/lib/ssl/sslnonce.c	2014-01-17 19:02:25.844943628 -0800
-+++ b/nss/lib/ssl/sslnonce.c	2014-01-17 19:02:38.965159506 -0800
+diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+index cefdda6..28ad364 100644
+--- a/ssl/sslnonce.c
++++ b/ssl/sslnonce.c
 @@ -136,7 +136,7 @@ ssl_DestroySID(sslSessionID *sid)
          }
  
@@ -216,16 +219,16 @@
  	if (!sid->u.ssl3.lock) {
  	    return;
  	}
-@@ -448,7 +448,7 @@ ssl3_SetSIDSessionTicket(sslSessionID *s
+@@ -450,7 +450,7 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid,
       * yet, so no locking is needed.
       */
      if (sid->u.ssl3.lock) {
 -	PR_RWLock_Wlock(sid->u.ssl3.lock);
 +	NSSRWLock_LockWrite(sid->u.ssl3.lock);
- 
- 	/* A server might have sent us an empty ticket, which has the
- 	 * effect of clearing the previously known ticket.
-@@ -467,6 +467,6 @@ ssl3_SetSIDSessionTicket(sslSessionID *s
+ 	if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
+ 	    SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
+ 			     PR_FALSE);
+@@ -465,6 +465,6 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid,
      newSessionTicket->ticket.len = 0;
  
      if (sid->u.ssl3.lock) {
diff --git a/net/third_party/nss/patches/paddingextvalue.patch b/net/third_party/nss/patches/paddingextvalue.patch
deleted file mode 100644
index 5998054..0000000
--- a/net/third_party/nss/patches/paddingextvalue.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Index: net/third_party/nss/ssl/sslt.h
-===================================================================
---- net/third_party/nss/ssl/sslt.h	(revision 262719)
-+++ net/third_party/nss/ssl/sslt.h	(working copy)
-@@ -203,10 +203,10 @@
-     ssl_use_srtp_xtn                 = 14,
-     ssl_app_layer_protocol_xtn       = 16,
-     ssl_signed_certificate_timestamp_xtn = 18,   /* RFC 6962 */
-+    ssl_padding_xtn                  = 21,
-     ssl_session_ticket_xtn           = 35,
-     ssl_next_proto_nego_xtn          = 13172,
-     ssl_channel_id_xtn               = 30032,
--    ssl_padding_xtn                  = 35655,
-     ssl_renegotiation_info_xtn       = 0xff01	/* experimental number */
- } SSLExtensionType;
- 
diff --git a/net/third_party/nss/patches/removebuildmetadata.patch b/net/third_party/nss/patches/removebuildmetadata.patch
index 018fcbb..cd25f09 100644
--- a/net/third_party/nss/patches/removebuildmetadata.patch
+++ b/net/third_party/nss/patches/removebuildmetadata.patch
@@ -1,7 +1,7 @@
-diff --git a/net/third_party/nss/ssl/sslver.c b/net/third_party/nss/ssl/sslver.c
+diff --git a/ssl/sslver.c b/ssl/sslver.c
 index 35e0317..ea60888 100644
---- a/net/third_party/nss/ssl/sslver.c
-+++ b/net/third_party/nss/ssl/sslver.c
+--- a/ssl/sslver.c
++++ b/ssl/sslver.c
 @@ -12,6 +12,13 @@
  #define _DEBUG_STRING ""
  #endif
diff --git a/net/third_party/nss/patches/reorderextensions.patch b/net/third_party/nss/patches/reorderextensions.patch
index 3572fb1..7bbf559e 100644
--- a/net/third_party/nss/patches/reorderextensions.patch
+++ b/net/third_party/nss/patches/reorderextensions.patch
@@ -1,34 +1,30 @@
-diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
-index 6f3fe2f..523e49a 100644
---- a/nss/lib/ssl/ssl3ext.c
-+++ b/nss/lib/ssl/ssl3ext.c
-@@ -295,9 +295,12 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
-     { ssl_use_srtp_xtn,           &ssl3_SendUseSRTPXtn },
-     { ssl_channel_id_xtn,         &ssl3_ClientSendChannelIDXtn },
+diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
+index 6c120ff..697a313 100644
+--- a/ssl/ssl3ext.c
++++ b/ssl/ssl3ext.c
+@@ -308,6 +308,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
      { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
--    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
      { ssl_signed_certificate_timestamp_xtn,
--      &ssl3_ClientSendSignedCertTimestampXtn }
-+      &ssl3_ClientSendSignedCertTimestampXtn },
+       &ssl3_ClientSendSignedCertTimestampXtn },
 +    /* WebSphere Application Server 7.0 is intolerant to the last extension
-+     * being zero-length. It is not intolerant of TLS 1.2, so move
-+     * signature_algorithms to the end. */
-+    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
++     * being zero-length. It is not intolerant of TLS 1.2, so ensure that
++     * signature_algorithms is at the end to guarantee a non-empty
++     * extension. */
+     { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+     { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
      /* any extra entries will appear as { 0, NULL }    */
- };
- 
-@@ -2347,9 +2350,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
+@@ -2464,9 +2468,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
      }
  
      extensionLength = 512 - recordLength;
 -    /* Extensions take at least four bytes to encode. */
 -    if (extensionLength < 4) {
--	extensionLength = 4;
+-        extensionLength = 4;
 +    /* Extensions take at least four bytes to encode. Always include at least
-+     * one byte of data if including the extension. WebSphere Application Server
-+     * 7.0 is intolerant to the last extension being zero-length. */
++     * one byte of data if including the extension. WebSphere Application
++     * Server 7.0 is intolerant to the last extension being zero-length. */
 +    if (extensionLength < 4 + 1) {
-+	extensionLength = 4 + 1;
++        extensionLength = 4 + 1;
      }
  
      return extensionLength;
diff --git a/net/third_party/nss/patches/restartclientauth.patch b/net/third_party/nss/patches/restartclientauth.patch
index 5056cad..c977ad6 100644
--- a/net/third_party/nss/patches/restartclientauth.patch
+++ b/net/third_party/nss/patches/restartclientauth.patch
@@ -1,7 +1,24 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 17:55:01.518095989 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 17:55:19.158389328 -0800
-@@ -7199,6 +7199,85 @@ done:
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index e2d1b09..593dd00 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -409,6 +409,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
+ SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
+                                                    PRIntervalTime timeout);
+ 
++SSL_IMPORT SECStatus SSL_RestartHandshakeAfterCertReq(PRFileDesc *fd,
++					    CERTCertificate *cert,
++					    SECKEYPrivateKey *key,
++					    CERTCertificateList *certChain);
++
+ /*
+ ** Query security status of socket. *on is set to one if security is
+ ** enabled. *keySize will contain the stream key size used. *issuer will
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index cb59cc1..1852806 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -7259,6 +7259,85 @@ done:
      return rv;
  }
  
@@ -87,25 +104,11 @@
  static SECStatus
  ssl3_CheckFalseStart(sslSocket *ss)
  {
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h	2014-01-17 17:55:01.538096321 -0800
-+++ b/nss/lib/ssl/ssl.h	2014-01-17 17:55:19.158389328 -0800
-@@ -399,6 +399,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(
- SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
-                                                    PRIntervalTime timeout);
- 
-+SSL_IMPORT SECStatus SSL_RestartHandshakeAfterCertReq(PRFileDesc *fd,
-+					    CERTCertificate *cert,
-+					    SECKEYPrivateKey *key,
-+					    CERTCertificateList *certChain);
-+
- /*
- ** Query security status of socket. *on is set to one if security is
- ** enabled. *keySize will contain the stream key size used. *issuer will
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 17:55:01.538096321 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 17:55:19.158389328 -0800
-@@ -1588,16 +1588,17 @@ extern  SECStatus ssl3_MasterKeyDeriveBy
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 9f59f5a..c6ac398 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1592,16 +1592,17 @@ extern  SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
  /* These functions are called from secnav, even though they're "private". */
  
  extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
@@ -127,10 +130,11 @@
  extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
  
  /*
-diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
---- a/nss/lib/ssl/sslsecur.c	2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslsecur.c	2014-01-17 17:55:19.158389328 -0800
-@@ -1518,17 +1518,70 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERT
+diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
+index ea2d408..d44336e 100644
+--- a/ssl/sslsecur.c
++++ b/ssl/sslsecur.c
+@@ -1516,17 +1516,70 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
      return SECSuccess;
  }
  
diff --git a/net/third_party/nss/patches/secitemarray.patch b/net/third_party/nss/patches/secitemarray.patch
index 5c48f5b..159d32bf 100644
--- a/net/third_party/nss/patches/secitemarray.patch
+++ b/net/third_party/nss/patches/secitemarray.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 18:00:11.213237373 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 18:03:29.176520864 -0800
-@@ -1364,6 +1364,15 @@ extern sslSessionIDUncacheFunc ssl_sid_u
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 2d21e90..88f559a 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1366,6 +1366,15 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache;
  
  SEC_BEGIN_PROTOS
  
@@ -17,9 +18,10 @@
  /* Internal initialization and installation of the SSL error tables */
  extern SECStatus ssl_Init(void);
  extern SECStatus ssl_InitializePRErrorTable(void);
-diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
---- a/nss/lib/ssl/sslt.h	2014-01-17 17:59:03.252110162 -0800
-+++ b/nss/lib/ssl/sslt.h	2014-01-17 18:03:29.186521030 -0800
+diff --git a/ssl/sslt.h b/ssl/sslt.h
+index 0900f28..430d216 100644
+--- a/ssl/sslt.h
++++ b/ssl/sslt.h
 @@ -10,6 +10,19 @@
  
  #include "prtypes.h"
diff --git a/net/third_party/nss/patches/secretexporterlocks.patch b/net/third_party/nss/patches/secretexporterlocks.patch
index 85d98df..7716f93 100644
--- a/net/third_party/nss/patches/secretexporterlocks.patch
+++ b/net/third_party/nss/patches/secretexporterlocks.patch
@@ -1,6 +1,7 @@
-diff -pu a/nss/lib/ssl/sslinfo.c b/nss/lib/ssl/sslinfo.c
---- a/nss/lib/ssl/sslinfo.c	2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslinfo.c	2014-01-17 18:00:29.773545219 -0800
+diff --git a/ssl/sslinfo.c b/ssl/sslinfo.c
+index 00f2f38..ba230d2 100644
+--- a/ssl/sslinfo.c
++++ b/ssl/sslinfo.c
 @@ -350,8 +350,13 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
  	return SECFailure;
      }
diff --git a/net/third_party/nss/patches/sessioncache.patch b/net/third_party/nss/patches/sessioncache.patch
index 1564648..98a1e10 100644
--- a/net/third_party/nss/patches/sessioncache.patch
+++ b/net/third_party/nss/patches/sessioncache.patch
@@ -1,19 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 19:00:52.843413560 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 19:01:36.374129696 -0800
-@@ -11318,7 +11318,7 @@ ssl3_FinishHandshake(sslSocket * ss)
-         ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
-     }
- 
--    if (ss->ssl3.hs.cacheSID) {
-+    if (ss->ssl3.hs.cacheSID && ss->sec.isServer) {
- 	PORT_Assert(ss->sec.ci.sid->cached == never_cached);
- 	(*ss->sec.cache)(ss->sec.ci.sid);
- 	ss->ssl3.hs.cacheSID = PR_FALSE;
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h	2014-01-17 19:00:52.843413560 -0800
-+++ b/nss/lib/ssl/ssl.h	2014-01-17 19:01:36.374129696 -0800
-@@ -892,6 +892,18 @@ SSL_IMPORT int SSL_DataPending(PRFileDes
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index be6d88e..57771cd 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -900,6 +900,18 @@ SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
  SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd);
  
  /*
@@ -32,10 +21,24 @@
  ** Return a SECItem containing the SSL session ID associated with the fd.
  */
  SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
-diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
---- a/nss/lib/ssl/sslsecur.c	2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/sslsecur.c	2014-01-17 19:01:36.374129696 -0800
-@@ -1469,6 +1469,49 @@ SSL_InvalidateSession(PRFileDesc *fd)
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index c1f30a3..17c368e 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -11367,7 +11367,7 @@ ssl3_FinishHandshake(sslSocket * ss)
+         ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
+     }
+ 
+-    if (ss->ssl3.hs.cacheSID) {
++    if (ss->ssl3.hs.cacheSID && ss->sec.isServer) {
+ 	PORT_Assert(ss->sec.ci.sid->cached == never_cached);
+ 	(*ss->sec.cache)(ss->sec.ci.sid);
+ 	ss->ssl3.hs.cacheSID = PR_FALSE;
+diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
+index 5c6751a..00ab455 100644
+--- a/ssl/sslsecur.c
++++ b/ssl/sslsecur.c
+@@ -1467,6 +1467,49 @@ SSL_InvalidateSession(PRFileDesc *fd)
      return rv;
  }
  
diff --git a/net/third_party/nss/patches/signedcertificatetimestamps.patch b/net/third_party/nss/patches/signedcertificatetimestamps.patch
index 9864372..ce9efee 100644
--- a/net/third_party/nss/patches/signedcertificatetimestamps.patch
+++ b/net/third_party/nss/patches/signedcertificatetimestamps.patch
@@ -1,155 +1,18 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 18:11:28.314468184 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 18:23:17.946207727 -0800
-@@ -6682,10 +6682,22 @@ ssl3_HandleServerHello(sslSocket *ss, SS
-     sid->u.ssl3.sessionIDLength = sidBytes.len;
-     PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
- 
-+    /* Copy Signed Certificate Timestamps, if any. */
-+    if (ss->xtnData.signedCertTimestamps.data) {
-+	rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps,
-+			      &ss->xtnData.signedCertTimestamps);
-+	if (rv != SECSuccess)
-+	    goto loser;
-+    }
-+
-     ss->ssl3.hs.isResuming = PR_FALSE;
-     ss->ssl3.hs.ws         = wait_server_cert;
- 
- winner:
-+    /* Clean up the temporary pointer to the handshake buffer. */
-+    ss->xtnData.signedCertTimestamps.data = NULL;
-+    ss->xtnData.signedCertTimestamps.len = 0;
-+
-     /* If we will need a ChannelID key then we make the callback now. This
-      * allows the handshake to be restarted cleanly if the callback returns
-      * SECWouldBlock. */
-@@ -6711,6 +6723,9 @@ alert_loser:
-     (void)SSL3_SendAlert(ss, alert_fatal, desc);
- 
- loser:
-+    /* Clean up the temporary pointer to the handshake buffer. */
-+    ss->xtnData.signedCertTimestamps.data = NULL;
-+    ss->xtnData.signedCertTimestamps.len = 0;
-     errCode = ssl_MapLowLevelError(errCode);
-     return SECFailure;
- }
-diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
---- a/nss/lib/ssl/ssl3ext.c	2014-01-17 18:22:54.945827814 -0800
-+++ b/nss/lib/ssl/ssl3ext.c	2014-01-17 18:35:21.798168722 -0800
-@@ -81,6 +81,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn
-                                          PRUint32 maxBytes);
- static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
-                                              SECItem *data);
-+static PRInt32 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss,
-+						     PRBool append,
-+						     PRUint32 maxBytes);
-+static SECStatus ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss,
-+							 PRUint16 ex_type,
-+							 SECItem *data);
- 
- /*
-  * Write bytes.  Using this function means the SECItem structure
-@@ -259,6 +265,8 @@ static const ssl3HelloExtensionHandler s
-     { ssl_use_srtp_xtn,           &ssl3_HandleUseSRTPXtn },
-     { ssl_channel_id_xtn,         &ssl3_ClientHandleChannelIDXtn },
-     { ssl_cert_status_xtn,        &ssl3_ClientHandleStatusRequestXtn },
-+    { ssl_signed_certificate_timestamp_xtn,
-+      &ssl3_ClientHandleSignedCertTimestampXtn },
-     { -1, NULL }
- };
- 
-@@ -287,7 +295,9 @@ ssl3HelloExtensionSender clientHelloSend
-     { ssl_use_srtp_xtn,           &ssl3_SendUseSRTPXtn },
-     { ssl_channel_id_xtn,         &ssl3_ClientSendChannelIDXtn },
-     { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
--    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
-+    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
-+    { ssl_signed_certificate_timestamp_xtn,
-+      &ssl3_ClientSendSignedCertTimestampXtn }
-     /* any extra entries will appear as { 0, NULL }    */
- };
- 
-@@ -2379,3 +2389,65 @@ ssl3_AppendPaddingExtension(sslSocket *s
- 
-     return extensionLen;
- }
-+
-+/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
-+ * extension for TLS ClientHellos. */
-+static PRInt32
-+ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
-+				      PRUint32 maxBytes)
-+{
-+    PRInt32 extension_length = 2 /* extension_type */ +
-+	    2 /* length(extension_data) */;
-+
-+    /* Only send the extension if processing is enabled. */
-+    if (!ss->opt.enableSignedCertTimestamps)
-+	return 0;
-+
-+    if (append && maxBytes >= extension_length) {
-+	SECStatus rv;
-+	/* extension_type */
-+	rv = ssl3_AppendHandshakeNumber(ss,
-+					ssl_signed_certificate_timestamp_xtn,
-+					2);
-+	if (rv != SECSuccess)
-+	    goto loser;
-+	/* zero length */
-+	rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-+	if (rv != SECSuccess)
-+	    goto loser;
-+	ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-+		ssl_signed_certificate_timestamp_xtn;
-+    } else if (maxBytes < extension_length) {
-+	PORT_Assert(0);
-+	return 0;
-+    }
-+
-+    return extension_length;
-+loser:
-+    return -1;
-+}
-+
-+static SECStatus
-+ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
-+					SECItem *data)
-+{
-+    /* We do not yet know whether we'll be resuming a session or creating
-+     * a new one, so we keep a pointer to the data in the TLSExtensionData
-+     * structure. This pointer is only valid in the scope of
-+     * ssl3_HandleServerHello, and, if not resuming a session, the data is
-+     * copied once a new session structure has been set up.
-+     * All parsing is currently left to the application and we accept
-+     * everything, including empty data.
-+     */
-+    SECItem *scts = &ss->xtnData.signedCertTimestamps;
-+    PORT_Assert(!scts->data && !scts->len);
-+
-+    if (!data->len) {
-+	/* Empty extension data: RFC 6962 mandates non-empty contents. */
-+	return SECFailure;
-+    }
-+    *scts = *data;
-+    /* Keep track of negotiated extensions. */
-+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-+    return SECSuccess;
-+}
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h	2014-01-17 18:00:11.213237373 -0800
-+++ b/nss/lib/ssl/ssl.h	2014-01-17 18:38:15.791045050 -0800
-@@ -181,6 +181,9 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
-  */
- #define SSL_ENABLE_ALPN 26
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 80717db..e9f5fb0 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -191,6 +191,9 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
+ #define SSL_ENABLE_FALLBACK_SCSV       28 /* Send fallback SCSV in
+                                            * handshakes. */
  
 +/* Request Signed Certificate Timestamps via TLS extension (client) */
-+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 27
++#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 29
 +
  #ifdef SSL_DEPRECATED_FUNCTION 
  /* Old deprecated function names */
  SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
-@@ -483,6 +486,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertifi
+@@ -493,6 +496,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
   */
  SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
  
@@ -173,18 +36,156 @@
  /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
   * in the fd's data, which may be sent as part of a server side cert_status
   * handshake message. Parameter |responses| is for the server certificate of
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 18:11:28.314468184 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 18:27:22.540248428 -0800
-@@ -337,6 +337,7 @@ typedef struct sslOptionsStr {
-     unsigned int enableOCSPStapling     : 1;  /* 25 */
-     unsigned int enableNPN              : 1;  /* 26 */
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 708a4c7..3421e0b 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -6737,10 +6737,22 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+     sid->u.ssl3.sessionIDLength = sidBytes.len;
+     PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
+ 
++    /* Copy Signed Certificate Timestamps, if any. */
++    if (ss->xtnData.signedCertTimestamps.data) {
++	rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps,
++			      &ss->xtnData.signedCertTimestamps);
++	if (rv != SECSuccess)
++	    goto loser;
++    }
++
+     ss->ssl3.hs.isResuming = PR_FALSE;
+     ss->ssl3.hs.ws         = wait_server_cert;
+ 
+ winner:
++    /* Clean up the temporary pointer to the handshake buffer. */
++    ss->xtnData.signedCertTimestamps.data = NULL;
++    ss->xtnData.signedCertTimestamps.len = 0;
++
+     /* If we will need a ChannelID key then we make the callback now. This
+      * allows the handshake to be restarted cleanly if the callback returns
+      * SECWouldBlock. */
+@@ -6766,6 +6778,9 @@ alert_loser:
+     (void)SSL3_SendAlert(ss, alert_fatal, desc);
+ 
+ loser:
++    /* Clean up the temporary pointer to the handshake buffer. */
++    ss->xtnData.signedCertTimestamps.data = NULL;
++    ss->xtnData.signedCertTimestamps.len = 0;
+     errCode = ssl_MapLowLevelError(errCode);
+     return SECFailure;
+ }
+diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
+index b6ed17d..6c120ff 100644
+--- a/ssl/ssl3ext.c
++++ b/ssl/ssl3ext.c
+@@ -85,6 +85,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
+                                          PRUint32 maxBytes);
+ static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
+                                              SECItem *data);
++static PRInt32 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss,
++                                                     PRBool append,
++                                                     PRUint32 maxBytes);
++static SECStatus ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss,
++                                                         PRUint16 ex_type,
++                                                         SECItem *data);
+ 
+ static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append,
+                                               PRUint32 maxBytes);
+@@ -270,6 +276,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
+     { ssl_use_srtp_xtn,           &ssl3_HandleUseSRTPXtn },
+     { ssl_channel_id_xtn,         &ssl3_ClientHandleChannelIDXtn },
+     { ssl_cert_status_xtn,        &ssl3_ClientHandleStatusRequestXtn },
++    { ssl_signed_certificate_timestamp_xtn,
++      &ssl3_ClientHandleSignedCertTimestampXtn },
+     { -1, NULL }
+ };
+ 
+@@ -298,6 +306,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
+     { ssl_use_srtp_xtn,           &ssl3_SendUseSRTPXtn },
+     { ssl_channel_id_xtn,         &ssl3_ClientSendChannelIDXtn },
+     { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
++    { ssl_signed_certificate_timestamp_xtn,
++      &ssl3_ClientSendSignedCertTimestampXtn },
+     { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+     { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
+     /* any extra entries will appear as { 0, NULL }    */
+@@ -2582,3 +2592,64 @@ loser:
+     return SECSuccess;
+ }
+ 
++/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
++ * extension for TLS ClientHellos. */
++static PRInt32
++ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
++                                      PRUint32 maxBytes)
++{
++    PRInt32 extension_length = 2 /* extension_type */ +
++                               2 /* length(extension_data) */;
++
++    /* Only send the extension if processing is enabled. */
++    if (!ss->opt.enableSignedCertTimestamps)
++        return 0;
++
++    if (append && maxBytes >= extension_length) {
++        SECStatus rv;
++        /* extension_type */
++        rv = ssl3_AppendHandshakeNumber(ss,
++                                        ssl_signed_certificate_timestamp_xtn,
++                                        2);
++        if (rv != SECSuccess)
++            goto loser;
++        /* zero length */
++        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
++        if (rv != SECSuccess)
++            goto loser;
++        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
++            ssl_signed_certificate_timestamp_xtn;
++    } else if (maxBytes < extension_length) {
++        PORT_Assert(0);
++        return 0;
++    }
++
++    return extension_length;
++loser:
++    return -1;
++}
++
++static SECStatus
++ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
++                                        SECItem *data)
++{
++    /* We do not yet know whether we'll be resuming a session or creating
++     * a new one, so we keep a pointer to the data in the TLSExtensionData
++     * structure. This pointer is only valid in the scope of
++     * ssl3_HandleServerHello, and, if not resuming a session, the data is
++     * copied once a new session structure has been set up.
++     * All parsing is currently left to the application and we accept
++     * everything, including empty data.
++     */
++    SECItem *scts = &ss->xtnData.signedCertTimestamps;
++    PORT_Assert(!scts->data && !scts->len);
++
++    if (!data->len) {
++        /* Empty extension data: RFC 6962 mandates non-empty contents. */
++        return SECFailure;
++    }
++    *scts = *data;
++    /* Keep track of negotiated extensions. */
++    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
++    return SECSuccess;
++}
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 62f822a..2f61a46 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -339,6 +339,7 @@ typedef struct sslOptionsStr {
      unsigned int enableALPN             : 1;  /* 27 */
-+    unsigned int enableSignedCertTimestamps : 1;  /* 28 */
+     unsigned int reuseServerECDHEKey    : 1;  /* 28 */
+     unsigned int enableFallbackSCSV     : 1;  /* 29 */
++    unsigned int enableSignedCertTimestamps : 1;  /* 30 */
  } sslOptions;
  
  typedef enum { sslHandshakingUndetermined = 0,
-@@ -719,6 +720,11 @@ struct sslSessionIDStr {
+@@ -721,6 +722,11 @@ struct sslSessionIDStr {
               * resumption handshake to the original handshake. */
  	    SECItem           originalHandshakeHash;
  
@@ -196,7 +197,7 @@
  	    /* This lock is lazily initialized by CacheSID when a sid is first
  	     * cached. Before then, there is no need to lock anything because
  	     * the sid isn't being shared by anything.
-@@ -827,6 +833,18 @@ struct TLSExtensionDataStr {
+@@ -829,6 +835,18 @@ struct TLSExtensionDataStr {
       * is beyond ssl3_HandleClientHello function. */
      SECItem *sniNameArr;
      PRUint32 sniNameArrSize;
@@ -215,9 +216,10 @@
  };
  
  typedef SECStatus (*sslRestartTarget)(sslSocket *);
-diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
---- a/nss/lib/ssl/sslnonce.c	2014-01-17 18:11:28.314468184 -0800
-+++ b/nss/lib/ssl/sslnonce.c	2014-01-17 18:23:17.956207890 -0800
+diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+index c45849d..cefdda6 100644
+--- a/ssl/sslnonce.c
++++ b/ssl/sslnonce.c
 @@ -131,6 +131,9 @@ ssl_DestroySID(sslSessionID *sid)
          if (sid->u.ssl3.originalHandshakeHash.data) {
              SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
@@ -228,62 +230,63 @@
  
          if (sid->u.ssl3.lock) {
              PR_DestroyRWLock(sid->u.ssl3.lock);
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c	2014-01-17 18:04:43.127747463 -0800
-+++ b/nss/lib/ssl/sslsock.c	2014-01-17 18:44:09.246889487 -0800
-@@ -87,7 +87,8 @@ static sslOptions ssl_defaults = {
-     PR_TRUE,    /* cbcRandomIV        */
-     PR_FALSE,   /* enableOCSPStapling */
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index 0d12273..80f4e67 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -89,7 +89,8 @@ static sslOptions ssl_defaults = {
      PR_TRUE,    /* enableNPN          */
--    PR_FALSE    /* enableALPN         */
-+    PR_FALSE,   /* enableALPN         */
-+    PR_FALSE    /* enableSignedCertTimestamps */
+     PR_FALSE,   /* enableALPN         */
+     PR_TRUE,    /* reuseServerECDHEKey */
+-    PR_FALSE    /* enableFallbackSCSV */
++    PR_FALSE,   /* enableFallbackSCSV */
++    PR_FALSE,   /* enableSignedCertTimestamps */
  };
  
  /*
-@@ -787,6 +788,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
- 	ss->opt.enableALPN = on;
- 	break;
+@@ -807,6 +808,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
+         ss->opt.enableFallbackSCSV = on;
+         break;
  
 +      case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-+	ss->opt.enableSignedCertTimestamps = on;
-+	break;
++        ss->opt.enableSignedCertTimestamps = on;
++        break;
 +
        default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
- 	rv = SECFailure;
-@@ -859,6 +864,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
-     case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
-     case SSL_ENABLE_NPN:          on = ss->opt.enableNPN;          break;
-     case SSL_ENABLE_ALPN:         on = ss->opt.enableALPN;         break;
+         PORT_SetError(SEC_ERROR_INVALID_ARGS);
+         rv = SECFailure;
+@@ -882,6 +887,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
+     case SSL_REUSE_SERVER_ECDHE_KEY:
+                                   on = ss->opt.reuseServerECDHEKey; break;
+     case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
 +    case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-+	on = ss->opt.enableSignedCertTimestamps;
-+	break;
++        on = ss->opt.enableSignedCertTimestamps;
++        break;
  
      default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -922,6 +930,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
+         PORT_SetError(SEC_ERROR_INVALID_ARGS);
+@@ -951,6 +959,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
+     case SSL_ENABLE_FALLBACK_SCSV:
+        on = ssl_defaults.enableFallbackSCSV;
         break;
-     case SSL_ENABLE_NPN:          on = ssl_defaults.enableNPN;          break;
-     case SSL_ENABLE_ALPN:         on = ssl_defaults.enableALPN;         break;
 +    case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-+	on = ssl_defaults.enableSignedCertTimestamps;
-+	break;
++       on = ssl_defaults.enableSignedCertTimestamps;
++       break;
  
      default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1097,6 +1108,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
- 	ssl_defaults.enableALPN = on;
- 	break;
+         PORT_SetError(SEC_ERROR_INVALID_ARGS);
+@@ -1134,6 +1145,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
+         ssl_defaults.enableFallbackSCSV = on;
+         break;
  
 +      case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-+	ssl_defaults.enableSignedCertTimestamps = on;
-+	break;
++        ssl_defaults.enableSignedCertTimestamps = on;
++        break;
 +
        default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
- 	return SECFailure;
-@@ -1921,6 +1936,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc
+         PORT_SetError(SEC_ERROR_INVALID_ARGS);
+         return SECFailure;
+@@ -1963,6 +1978,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
      return &ss->sec.ci.sid->peerCertStatus;
  }
  
@@ -313,22 +316,23 @@
  SECStatus
  SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
      sslSocket *ss = ssl_FindSocket(fd);
-diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
---- a/nss/lib/ssl/sslt.h	2014-01-17 18:10:16.793281867 -0800
-+++ b/nss/lib/ssl/sslt.h	2014-01-17 18:23:17.956207890 -0800
+diff --git a/ssl/sslt.h b/ssl/sslt.h
+index fe0ad07..c36b8c7 100644
+--- a/ssl/sslt.h
++++ b/ssl/sslt.h
 @@ -202,6 +202,7 @@ typedef enum {
      ssl_signature_algorithms_xtn     = 13,
      ssl_use_srtp_xtn                 = 14,
      ssl_app_layer_protocol_xtn       = 16,
 +    ssl_signed_certificate_timestamp_xtn = 18,   /* RFC 6962 */
+     ssl_padding_xtn                  = 21,
      ssl_session_ticket_xtn           = 35,
      ssl_next_proto_nego_xtn          = 13172,
-     ssl_channel_id_xtn               = 30032,
-@@ -209,6 +210,6 @@ typedef enum {
-     ssl_renegotiation_info_xtn       = 0xff01	/* experimental number */
+@@ -210,6 +211,6 @@ typedef enum {
+     ssl_tls13_draft_version_xtn      = 0xff02   /* experimental number */
  } SSLExtensionType;
  
--#define SSL_MAX_EXTENSIONS             11 /* doesn't include ssl_padding_xtn. */
-+#define SSL_MAX_EXTENSIONS             12 /* doesn't include ssl_padding_xtn. */
+-#define SSL_MAX_EXTENSIONS             12 /* doesn't include ssl_padding_xtn. */
++#define SSL_MAX_EXTENSIONS             13 /* doesn't include ssl_padding_xtn. */
  
  #endif /* __sslt_h_ */
diff --git a/net/third_party/nss/patches/suitebonly.patch b/net/third_party/nss/patches/suitebonly.patch
index c91314b..9776d7d 100644
--- a/net/third_party/nss/patches/suitebonly.patch
+++ b/net/third_party/nss/patches/suitebonly.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
---- a/nss/lib/ssl/ssl3ecc.c	2014-01-03 19:28:03.550814608 -0800
-+++ b/nss/lib/ssl/ssl3ecc.c	2014-01-03 19:40:46.523288747 -0800
-@@ -1073,6 +1073,7 @@ static const PRUint8 ecPtFmt[6] = {
+diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
+index 555c89d..0f805ec 100644
+--- a/ssl/ssl3ecc.c
++++ b/ssl/ssl3ecc.c
+@@ -1089,6 +1089,7 @@ static const PRUint8 ecPtFmt[6] = {
  static PRBool
  ssl3_SuiteBOnly(sslSocket *ss)
  {
@@ -9,7 +10,7 @@
      /* See if we can support small curves (like 163). If not, assume we can
       * only support Suite-B curves (P-256, P-384, P-521). */
      PK11SlotInfo *slot =
-@@ -1086,6 +1087,9 @@ ssl3_SuiteBOnly(sslSocket *ss)
+@@ -1102,6 +1103,9 @@ ssl3_SuiteBOnly(sslSocket *ss)
      /* we can, presume we can do all curves */
      PK11_FreeSlot(slot);
      return PR_FALSE;
diff --git a/net/third_party/nss/patches/tls12chromium.patch b/net/third_party/nss/patches/tls12chromium.patch
index 0d6d407..81d1c52 100644
--- a/net/third_party/nss/patches/tls12chromium.patch
+++ b/net/third_party/nss/patches/tls12chromium.patch
@@ -1,6 +1,7 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 18:00:11.213237373 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 18:04:22.497405273 -0800
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 67c8f6d..da0abfb 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
 @@ -31,6 +31,15 @@
  #include "blapi.h"
  #endif
@@ -17,9 +18,10 @@
  #include <stdio.h>
  #ifdef NSS_ENABLE_ZLIB
  #include "zlib.h"
-diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
---- a/nss/lib/ssl/ssl3ecc.c	2014-01-17 18:01:31.474568608 -0800
-+++ b/nss/lib/ssl/ssl3ecc.c	2014-01-17 18:04:22.497405273 -0800
+diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
+index 0f805ec..003ed78 100644
+--- a/ssl/ssl3ecc.c
++++ b/ssl/ssl3ecc.c
 @@ -30,6 +30,12 @@
  
  #include <stdio.h>
@@ -30,12 +32,13 @@
 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
 +#endif
 +
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
  
  #ifndef PK11_SETATTRS
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c	2014-01-17 18:00:11.213237373 -0800
-+++ b/nss/lib/ssl/sslsock.c	2014-01-17 18:04:22.497405273 -0800
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index 47906e0..0d12273 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
 @@ -17,8 +17,15 @@
  #ifndef NO_PKCS11_BYPASS
  #include "blapi.h"
@@ -51,8 +54,8 @@
 +
  #define SET_ERROR_CODE   /* reminder */
  
- static const sslSocketOps ssl_default_ops = {	/* No SSL. */
-@@ -1836,6 +1843,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLV
+ static const sslSocketOps ssl_default_ops = {   /* No SSL. */
+@@ -1878,6 +1885,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
      return SECSuccess;
  }
  
@@ -77,7 +80,7 @@
  SECStatus
  SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
  {
-@@ -1856,6 +1881,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons
+@@ -1898,6 +1923,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
      ssl_GetSSL3HandshakeLock(ss);
  
      ss->vrange = *vrange;
diff --git a/net/third_party/nss/patches/tlsunique.patch b/net/third_party/nss/patches/tlsunique.patch
index 5b094a7c..ad4f09f 100644
--- a/net/third_party/nss/patches/tlsunique.patch
+++ b/net/third_party/nss/patches/tlsunique.patch
@@ -1,7 +1,40 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c	2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/ssl3con.c	2014-01-17 17:59:45.862816905 -0800
-@@ -12383,6 +12383,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 716537d..80717db 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -292,6 +292,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
+ SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
+ SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
+ 
++/* SSLChannelBindingType enumerates the types of supported channel binding
++ * values. See RFC 5929. */
++typedef enum SSLChannelBindingType {
++    SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
++} SSLChannelBindingType;
++
++/* SSL_GetChannelBinding copies the requested channel binding value, as defined
++ * in RFC 5929, into |out|. The full length of the binding value is written
++ * into |*outLen|.
++ *
++ * At most |outLenMax| bytes of data are copied. If |outLenMax| is
++ * insufficient then the function returns SECFailure and sets the error to
++ * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set.
++ *
++ * This call will fail if made during a renegotiation. */
++SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd,
++					   SSLChannelBindingType binding_type,
++					   unsigned char *out,
++					   unsigned int *outLen,
++					   unsigned int outLenMax);
++
+ /* SSL Version Range API
+ **
+ ** This API should be used to control SSL 3.0 & TLS support instead of the
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 45c3454..67c8f6d 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -12471,6 +12471,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
      PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
  }
  
@@ -70,41 +103,11 @@
  /* ssl3_config_match_init must have already been called by
   * the caller of this function.
   */
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h	2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/ssl.h	2014-01-17 17:59:45.862816905 -0800
-@@ -282,6 +282,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDe
- SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
- SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
- 
-+/* SSLChannelBindingType enumerates the types of supported channel binding
-+ * values. See RFC 5929. */
-+typedef enum SSLChannelBindingType {
-+    SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
-+} SSLChannelBindingType;
-+
-+/* SSL_GetChannelBinding copies the requested channel binding value, as defined
-+ * in RFC 5929, into |out|. The full length of the binding value is written
-+ * into |*outLen|.
-+ *
-+ * At most |outLenMax| bytes of data are copied. If |outLenMax| is
-+ * insufficient then the function returns SECFailure and sets the error to
-+ * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set.
-+ *
-+ * This call will fail if made during a renegotiation. */
-+SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd,
-+					   SSLChannelBindingType binding_type,
-+					   unsigned char *out,
-+					   unsigned int *outLen,
-+					   unsigned int outLenMax);
-+
- /* SSL Version Range API
- **
- ** This API should be used to control SSL 3.0 & TLS support instead of the
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h	2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/sslimpl.h	2014-01-17 17:59:45.862816905 -0800
-@@ -1853,6 +1853,11 @@ extern PRBool ssl_GetSessionTicketKeysPK
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 57346cb..2d21e90 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1857,6 +1857,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
  extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
  					    unsigned int length);
  
@@ -116,10 +119,11 @@
  /* Construct a new NSPR socket for the app to use */
  extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
  extern void ssl_FreePRSocket(PRFileDesc *fd);
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c	2014-01-17 17:59:03.252110162 -0800
-+++ b/nss/lib/ssl/sslsock.c	2014-01-17 17:59:45.872817074 -0800
-@@ -1308,6 +1308,27 @@ NSS_SetFrancePolicy(void)
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index d3f3bf4..47906e0 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -1345,6 +1345,27 @@ NSS_SetFrancePolicy(void)
      return NSS_SetDomesticPolicy();
  }
  
diff --git a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs.h
index 3f0078c1..81da41c0 100644
--- a/net/third_party/nss/ssl/SSLerrs.h
+++ b/net/third_party/nss/ssl/SSLerrs.h
@@ -420,9 +420,8 @@
 "The server supports no protocols that the client advertises in the ALPN extension.")
 
 ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
-"The connection was using a lesser TLS version as a result of a previous"
-" handshake failure, but the server indicated that it should not have been"
-" needed.")
+"The server rejected the handshake because the client downgraded to a lower "
+"TLS version than the server supports.")
 
 ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 132),
 "SSL received a malformed TLS Channel ID extension.")
diff --git a/net/third_party/nss/ssl/derive.c b/net/third_party/nss/ssl/derive.c
index 35cfe25..b7c38c3 100644
--- a/net/third_party/nss/ssl/derive.c
+++ b/net/third_party/nss/ssl/derive.c
@@ -617,7 +617,7 @@
     PRBool	      testrsa_export = PR_FALSE;
     PRBool	      testecdh = PR_FALSE;
     PRBool	      testecdhe = PR_FALSE;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     SECKEYECParams ecParams = { siBuffer, NULL, 0 };
 #endif
 
@@ -634,7 +634,7 @@
     rv = SECFailure;
     
     /* determine which KEAs to test */
-    /* 0 (SSL_NULL_WITH_NULL_NULL) is used as a list terminator because
+    /* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because
      * SSL3 and TLS specs forbid negotiating that cipher suite number.
      */
     for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
@@ -647,8 +647,8 @@
 	    switch (csdef.cipherSuite) {
 	    case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
 	    case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
-	    case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
-	    case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+	    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+	    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
 		testrsa_export = PR_TRUE;
 	    }
 	    if (!testrsa_export)
@@ -755,7 +755,7 @@
 	if (enc_pms.data != NULL) {
 	    SECITEM_FreeItem(&enc_pms, PR_FALSE);
         }
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	for (; (privKeytype == ecKey && ( testecdh || testecdhe)) ||
 	       (privKeytype == rsaKey && testecdhe); ) {
 	    CK_MECHANISM_TYPE target;
@@ -859,7 +859,7 @@
 	    PORT_Free(ecParams.data);
 	    ecParams.data = NULL;
 	}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	if (pms)
 	    PK11_FreeSymKey(pms);
     }
@@ -877,12 +877,12 @@
     if (enc_pms.data != NULL) {
     	SECITEM_FreeItem(&enc_pms, PR_FALSE);
     }
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     if (ecParams.data != NULL) {
         PORT_Free(ecParams.data);
         ecParams.data = NULL;
     }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     if (srvPubkey) {
     	SECKEY_DestroyPublicKey(srvPubkey);
diff --git a/net/third_party/nss/ssl/dtlscon.c b/net/third_party/nss/ssl/dtlscon.c
index 78371e6..89315ee 100644
--- a/net/third_party/nss/ssl/dtlscon.c
+++ b/net/third_party/nss/ssl/dtlscon.c
@@ -30,19 +30,19 @@
 
 /* List copied from ssl3con.c:cipherSuites */
 static const ssl3CipherSuite nonDTLSSuites[] = {
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-#endif  /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     TLS_DHE_DSS_WITH_RC4_128_SHA,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     TLS_ECDH_RSA_WITH_RC4_128_SHA,
     TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-#endif  /* NSS_ENABLE_ECC */
-    SSL_RSA_WITH_RC4_128_MD5,
-    SSL_RSA_WITH_RC4_128_SHA,
+#endif /* NSS_DISABLE_ECC */
+    TLS_RSA_WITH_RC4_128_MD5,
+    TLS_RSA_WITH_RC4_128_SHA,
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
     0 /* End of list marker */
 };
 
@@ -51,16 +51,25 @@
  *
  * TLS             DTLS
  * 1.1 (0302)      1.0 (feff)
+ * 1.2 (0303)      1.2 (fefd)
+ * 1.3 (0304)      1.3 (fefc)
  */
 SSL3ProtocolVersion
 dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv)
 {
-    /* Anything other than TLS 1.1 is an error, so return
-     * the invalid version ffff. */
-    if (tlsv != SSL_LIBRARY_VERSION_TLS_1_1)
-	return 0xffff;
+    if (tlsv == SSL_LIBRARY_VERSION_TLS_1_1) {
+        return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
+    }
+    if (tlsv == SSL_LIBRARY_VERSION_TLS_1_2) {
+        return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE;
+    }
+    if (tlsv == SSL_LIBRARY_VERSION_TLS_1_3) {
+        return SSL_LIBRARY_VERSION_DTLS_1_3_WIRE;
+    }
 
-    return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
+    /* Anything other than TLS 1.1 or 1.2 is an error, so return
+     * the invalid version 0xffff. */
+    return 0xffff;
 }
 
 /* Map known DTLS versions to known TLS versions.
@@ -71,14 +80,21 @@
 dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv)
 {
     if (MSB(dtlsv) == 0xff) {
-	return 0;
+        return 0;
     }
 
-    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE)
-	return SSL_LIBRARY_VERSION_TLS_1_1;
+    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) {
+        return SSL_LIBRARY_VERSION_TLS_1_1;
+    }
+    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
+        return SSL_LIBRARY_VERSION_TLS_1_2;
+    }
+    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_3_WIRE) {
+        return SSL_LIBRARY_VERSION_TLS_1_3;
+    }
 
     /* Return a fictional higher version than we know of */
-    return SSL_LIBRARY_VERSION_TLS_1_1 + 1;
+    return SSL_LIBRARY_VERSION_TLS_1_2 + 1;
 }
 
 /* On this socket, Disable non-DTLS cipher suites in the argument's list */
@@ -88,9 +104,9 @@
     const ssl3CipherSuite * suite;
 
     for (suite = nonDTLSSuites; *suite; ++suite) {
-	SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
+        SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
 
-	PORT_Assert(rv == SECSuccess); /* else is coding error */
+        PORT_Assert(rv == SECSuccess); /* else is coding error */
     }
     return SECSuccess;
 }
@@ -101,17 +117,17 @@
  */
 static DTLSQueuedMessage *
 dtls_AllocQueuedMessage(PRUint16 epoch, SSL3ContentType type,
-			const unsigned char *data, PRUint32 len)
+                        const unsigned char *data, PRUint32 len)
 {
     DTLSQueuedMessage *msg = NULL;
 
     msg = PORT_ZAlloc(sizeof(DTLSQueuedMessage));
     if (!msg)
-	return NULL;
+        return NULL;
 
     msg->data = PORT_Alloc(len);
     if (!msg->data) {
-	PORT_Free(msg);
+        PORT_Free(msg);
         return NULL;
     }
     PORT_Memcpy(msg->data, data, len);
@@ -132,7 +148,7 @@
 dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg)
 {
     if (!msg)
-	return;
+        return;
 
     PORT_ZFree(msg->data, msg->len);
     PORT_Free(msg);
@@ -151,9 +167,9 @@
     PRCList *cur_p;
 
     while (!PR_CLIST_IS_EMPTY(list)) {
-	cur_p = PR_LIST_TAIL(list);
-	PR_REMOVE_LINK(cur_p);
-	dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p);
+        cur_p = PR_LIST_TAIL(list);
+        PR_REMOVE_LINK(cur_p);
+        dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p);
     }
 }
 
@@ -204,18 +220,18 @@
         }
 
         /* Parse the header */
-	type = buf.buf[0];
+        type = buf.buf[0];
         message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3];
         message_seq = (buf.buf[4] << 8) | buf.buf[5];
         fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8];
         fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11];
-	
-#define MAX_HANDSHAKE_MSG_LEN 0x1ffff	/* 128k - 1 */
-	if (message_length > MAX_HANDSHAKE_MSG_LEN) {
-	    (void)ssl3_DecodeError(ss);
-	    PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
-	    return SECFailure;
-	}
+
+#define MAX_HANDSHAKE_MSG_LEN 0x1ffff   /* 128k - 1 */
+        if (message_length > MAX_HANDSHAKE_MSG_LEN) {
+            (void)ssl3_DecodeError(ss);
+            PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+            return SECFailure;
+        }
 #undef MAX_HANDSHAKE_MSG_LEN
 
         buf.buf += 12;
@@ -229,7 +245,7 @@
         }
 
         /* Sanity check the packet contents */
-	if ((fragment_length + fragment_offset) > message_length) {
+        if ((fragment_length + fragment_offset) > message_length) {
             PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
             rv = SECFailure;
             break;
@@ -245,8 +261,8 @@
          * This is the common case for short messages
          */
         if ((message_seq == ss->ssl3.hs.recvMessageSeq)
-	    && (fragment_offset == 0)
-	    && (fragment_length == message_length)) {
+            && (fragment_offset == 0)
+            && (fragment_length == message_length)) {
             /* Complete next message. Process immediately */
             ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
             ss->ssl3.hs.msg_len = message_length;
@@ -254,14 +270,14 @@
             /* At this point we are advancing our state machine, so
              * we can free our last flight of messages */
             dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
-	    ss->ssl3.hs.recvdHighWater = -1;
-	    dtls_CancelTimer(ss);
+            ss->ssl3.hs.recvdHighWater = -1;
+            dtls_CancelTimer(ss);
 
-	    /* Reset the timer to the initial value if the retry counter
-	     * is 0, per Sec. 4.2.4.1 */
-	    if (ss->ssl3.hs.rtRetries == 0) {
-		ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
-	    }
+            /* Reset the timer to the initial value if the retry counter
+             * is 0, per Sec. 4.2.4.1 */
+            if (ss->ssl3.hs.rtRetries == 0) {
+                ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
+            }
 
             rv = ssl3_HandleHandshakeMessage(ss, buf.buf, ss->ssl3.hs.msg_len);
             if (rv == SECFailure) {
@@ -269,68 +285,68 @@
                 break;
             }
         } else {
-	    if (message_seq < ss->ssl3.hs.recvMessageSeq) {
-		/* Case 3: we do an immediate retransmit if we're
-		 * in a waiting state*/
-		if (ss->ssl3.hs.rtTimerCb == NULL) {
-		    /* Ignore */
-		} else if (ss->ssl3.hs.rtTimerCb ==
-			 dtls_RetransmitTimerExpiredCb) {
-		    SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected",
-				 SSL_GETPID(), ss->fd));
-		    /* Check to see if we retransmitted recently. If so,
-		     * suppress the triggered retransmit. This avoids
-		     * retransmit wars after packet loss.
-		     * This is not in RFC 5346 but should be
-		     */
-		    if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
-			(ss->ssl3.hs.rtTimeoutMs / 4)) {
-			    SSL_TRC(30,
-			    ("%d: SSL3[%d]: Shortcutting retransmit timer",
+            if (message_seq < ss->ssl3.hs.recvMessageSeq) {
+                /* Case 3: we do an immediate retransmit if we're
+                 * in a waiting state*/
+                if (ss->ssl3.hs.rtTimerCb == NULL) {
+                    /* Ignore */
+                } else if (ss->ssl3.hs.rtTimerCb ==
+                         dtls_RetransmitTimerExpiredCb) {
+                    SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected",
+                                 SSL_GETPID(), ss->fd));
+                    /* Check to see if we retransmitted recently. If so,
+                     * suppress the triggered retransmit. This avoids
+                     * retransmit wars after packet loss.
+                     * This is not in RFC 5346 but should be
+                     */
+                    if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
+                        (ss->ssl3.hs.rtTimeoutMs / 4)) {
+                            SSL_TRC(30,
+                            ("%d: SSL3[%d]: Shortcutting retransmit timer",
                             SSL_GETPID(), ss->fd));
 
-			    /* Cancel the timer and call the CB,
-			     * which re-arms the timer */
-			    dtls_CancelTimer(ss);
-			    dtls_RetransmitTimerExpiredCb(ss);
-			    rv = SECSuccess;
-			    break;
-			} else {
-			    SSL_TRC(30,
-			    ("%d: SSL3[%d]: We just retransmitted. Ignoring.",
+                            /* Cancel the timer and call the CB,
+                             * which re-arms the timer */
+                            dtls_CancelTimer(ss);
+                            dtls_RetransmitTimerExpiredCb(ss);
+                            rv = SECSuccess;
+                            break;
+                        } else {
+                            SSL_TRC(30,
+                            ("%d: SSL3[%d]: We just retransmitted. Ignoring.",
                             SSL_GETPID(), ss->fd));
-			    rv = SECSuccess;
-			    break;
-			}
-		} else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
-		    /* Retransmit the messages and re-arm the timer
-		     * Note that we are not backing off the timer here.
-		     * The spec isn't clear and my reasoning is that this
-		     * may be a re-ordered packet rather than slowness,
-		     * so let's be aggressive. */
-		    dtls_CancelTimer(ss);
-		    rv = dtls_TransmitMessageFlight(ss);
-		    if (rv == SECSuccess) {
-			rv = dtls_StartTimer(ss, dtls_FinishedTimerCb);
-		    }
-		    if (rv != SECSuccess)
-			return rv;
-		    break;
-		}
-	    } else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
-		/* Case 2
+                            rv = SECSuccess;
+                            break;
+                        }
+                } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
+                    /* Retransmit the messages and re-arm the timer
+                     * Note that we are not backing off the timer here.
+                     * The spec isn't clear and my reasoning is that this
+                     * may be a re-ordered packet rather than slowness,
+                     * so let's be aggressive. */
+                    dtls_CancelTimer(ss);
+                    rv = dtls_TransmitMessageFlight(ss);
+                    if (rv == SECSuccess) {
+                        rv = dtls_StartTimer(ss, dtls_FinishedTimerCb);
+                    }
+                    if (rv != SECSuccess)
+                        return rv;
+                    break;
+                }
+            } else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
+                /* Case 2
                  *
-		 * Ignore this message. This means we don't handle out of
-		 * order complete messages that well, but we're still
-		 * compliant and this probably does not happen often
+                 * Ignore this message. This means we don't handle out of
+                 * order complete messages that well, but we're still
+                 * compliant and this probably does not happen often
                  *
-		 * XXX OK for now. Maybe do something smarter at some point?
-		 */
-	    } else {
-		/* Case 1
+                 * XXX OK for now. Maybe do something smarter at some point?
+                 */
+            } else {
+                /* Case 1
                  *
-		 * Buffer the fragment for reassembly
-		 */
+                 * Buffer the fragment for reassembly
+                 */
                 /* Make room for the message */
                 if (ss->ssl3.hs.recvdHighWater == -1) {
                     PRUint32 map_length = OFFSET_BYTE(message_length) + 1;
@@ -347,8 +363,8 @@
                     /* Reset the reassembly map */
                     ss->ssl3.hs.recvdHighWater = 0;
                     PORT_Memset(ss->ssl3.hs.recvdFragments.buf, 0,
-				ss->ssl3.hs.recvdFragments.space);
-		    ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
+                                ss->ssl3.hs.recvdFragments.space);
+                    ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
                     ss->ssl3.hs.msg_len = message_length;
                 }
 
@@ -381,7 +397,7 @@
                  * case of adjacent fragments received in sequence
                  */
                 if (fragment_offset <= ss->ssl3.hs.recvdHighWater) {
-		    /* Either this is the adjacent fragment or an overlapping
+                    /* Either this is the adjacent fragment or an overlapping
                      * fragment */
                     ss->ssl3.hs.recvdHighWater = fragment_offset +
                                                  fragment_length;
@@ -397,9 +413,9 @@
                 /* Now figure out the new high water mark if appropriate */
                 for (offset = ss->ssl3.hs.recvdHighWater;
                      offset < ss->ssl3.hs.msg_len; offset++) {
-		    /* Note that this loop is not efficient, since it counts
-		     * bit by bit. If we have a lot of out-of-order packets,
-		     * we should optimize this */
+                    /* Note that this loop is not efficient, since it counts
+                     * bit by bit. If we have a lot of out-of-order packets,
+                     * we should optimize this */
                     if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] &
                         OFFSET_MASK(offset)) {
                         ss->ssl3.hs.recvdHighWater++;
@@ -418,25 +434,25 @@
                     if (rv == SECFailure)
                         break; /* Skip rest of record */
 
-		    /* At this point we are advancing our state machine, so
-		     * we can free our last flight of messages */
-		    dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
-		    dtls_CancelTimer(ss);
+                    /* At this point we are advancing our state machine, so
+                     * we can free our last flight of messages */
+                    dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
+                    dtls_CancelTimer(ss);
 
-		    /* If there have been no retries this time, reset the
-		     * timer value to the default per Section 4.2.4.1 */
-		    if (ss->ssl3.hs.rtRetries == 0) {
-			ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
-		    }
+                    /* If there have been no retries this time, reset the
+                     * timer value to the default per Section 4.2.4.1 */
+                    if (ss->ssl3.hs.rtRetries == 0) {
+                        ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
+                    }
                 }
             }
         }
 
-	buf.buf += fragment_length;
+        buf.buf += fragment_length;
         buf.len -= fragment_length;
     }
 
-    origBuf->len = 0;	/* So ssl3_GatherAppDataRecord will keep looping. */
+    origBuf->len = 0;   /* So ssl3_GatherAppDataRecord will keep looping. */
 
     /* XXX OK for now. In future handle rv == SECWouldBlock safely in order
      * to deal with asynchronous certificate verification */
@@ -461,10 +477,10 @@
     msg = dtls_AllocQueuedMessage(ss->ssl3.cwSpec->epoch, type, pIn, nIn);
 
     if (!msg) {
-	PORT_SetError(SEC_ERROR_NO_MEMORY);
-	rv = SECFailure;
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        rv = SECFailure;
     } else {
-	PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
+        PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
     }
 
     return rv;
@@ -490,7 +506,7 @@
     /* This function is sometimes called when no data is actually to
      * be staged, so just return SECSuccess. */
     if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len)
-	return rv;
+        return rv;
 
     rv = dtls_QueueMessage(ss, content_handshake,
                            ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len);
@@ -522,11 +538,11 @@
         rv = dtls_TransmitMessageFlight(ss);
         if (rv != SECSuccess)
             return rv;
-	
-	if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) {
-	    ss->ssl3.hs.rtRetries = 0;
-	    rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb);
-	}
+
+        if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) {
+            ss->ssl3.hs.rtRetries = 0;
+            rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb);
+        }
     }
 
     return rv;
@@ -546,22 +562,22 @@
     ss->ssl3.hs.rtRetries++;
 
     if (!(ss->ssl3.hs.rtRetries % 3)) {
-	/* If one of the messages was potentially greater than > MTU,
-	 * then downgrade. Do this every time we have retransmitted a
-	 * message twice, per RFC 6347 Sec. 4.1.1 */
-	dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1);
+        /* If one of the messages was potentially greater than > MTU,
+         * then downgrade. Do this every time we have retransmitted a
+         * message twice, per RFC 6347 Sec. 4.1.1 */
+        dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1);
     }
-	
+
     rv = dtls_TransmitMessageFlight(ss);
     if (rv == SECSuccess) {
 
-	/* Re-arm the timer */
-	rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb);
+        /* Re-arm the timer */
+        rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb);
     }
 
     if (rv == SECFailure) {
-	/* XXX OK for now. In future maybe signal the stack that we couldn't
-	 * transmit. For now, let the read handle any real network errors */
+        /* XXX OK for now. In future maybe signal the stack that we couldn't
+         * transmit. For now, let the read handle any real network errors */
     }
 }
 
@@ -591,87 +607,87 @@
      */
     PORT_Assert(!ss->pendingBuf.len);
     for (msg_p = PR_LIST_HEAD(&ss->ssl3.hs.lastMessageFlight);
-	 msg_p != &ss->ssl3.hs.lastMessageFlight;
-	 msg_p = PR_NEXT_LINK(msg_p)) {
+         msg_p != &ss->ssl3.hs.lastMessageFlight;
+         msg_p = PR_NEXT_LINK(msg_p)) {
         DTLSQueuedMessage *msg = (DTLSQueuedMessage *)msg_p;
 
         /* The logic here is:
          *
-	 * 1. If this is a message that will not fit into the remaining
-	 *    space, then flush.
-	 * 2. If the message will now fit into the remaining space,
+         * 1. If this is a message that will not fit into the remaining
+         *    space, then flush.
+         * 2. If the message will now fit into the remaining space,
          *    encrypt, buffer, and loop.
          * 3. If the message will not fit, then fragment.
          *
-	 * At the end of the function, flush.
+         * At the end of the function, flush.
          */
         if ((msg->len + SSL3_BUFFER_FUDGE) > room_left) {
-	    /* The message will not fit into the remaining space, so flush */
-	    rv = dtls_SendSavedWriteData(ss);
-	    if (rv != SECSuccess)
-		break;
+            /* The message will not fit into the remaining space, so flush */
+            rv = dtls_SendSavedWriteData(ss);
+            if (rv != SECSuccess)
+                break;
 
             room_left = ss->ssl3.mtu;
-	}
+        }
 
         if ((msg->len + SSL3_BUFFER_FUDGE) <= room_left) {
             /* The message will fit, so encrypt and then continue with the
-	     * next packet */
+             * next packet */
             sent = ssl3_SendRecord(ss, msg->epoch, msg->type,
-				   msg->data, msg->len,
-				   ssl_SEND_FLAG_FORCE_INTO_BUFFER |
-				   ssl_SEND_FLAG_USE_EPOCH);
+                                   msg->data, msg->len,
+                                   ssl_SEND_FLAG_FORCE_INTO_BUFFER |
+                                   ssl_SEND_FLAG_USE_EPOCH);
             if (sent != msg->len) {
-		rv = SECFailure;
-		if (sent != -1) {
-		    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-		}
+                rv = SECFailure;
+                if (sent != -1) {
+                    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                }
                 break;
-	    }
+            }
 
             room_left = ss->ssl3.mtu - ss->pendingBuf.len;
         } else {
             /* The message will not fit, so fragment.
              *
-	     * XXX OK for now. Arrange to coalesce the last fragment
-	     * of this message with the next message if possible.
-	     * That would be more efficient.
-	     */
+             * XXX OK for now. Arrange to coalesce the last fragment
+             * of this message with the next message if possible.
+             * That would be more efficient.
+             */
             PRUint32 fragment_offset = 0;
             unsigned char fragment[DTLS_MAX_MTU]; /* >= than largest
                                                    * plausible MTU */
 
-	    /* Assert that we have already flushed */
-	    PORT_Assert(room_left == ss->ssl3.mtu);
+            /* Assert that we have already flushed */
+            PORT_Assert(room_left == ss->ssl3.mtu);
 
             /* Case 3: We now need to fragment this message
              * DTLS only supports fragmenting handshaking messages */
             PORT_Assert(msg->type == content_handshake);
 
-	    /* The headers consume 12 bytes so the smalles possible
-	     *  message (i.e., an empty one) is 12 bytes
-	     */
-	    PORT_Assert(msg->len >= 12);
+            /* The headers consume 12 bytes so the smalles possible
+             *  message (i.e., an empty one) is 12 bytes
+             */
+            PORT_Assert(msg->len >= 12);
 
             while ((fragment_offset + 12) < msg->len) {
                 PRUint32 fragment_len;
                 const unsigned char *content = msg->data + 12;
                 PRUint32 content_len = msg->len - 12;
 
-		/* The reason we use 8 here is that that's the length of
-		 * the new DTLS data that we add to the header */
+                /* The reason we use 8 here is that that's the length of
+                 * the new DTLS data that we add to the header */
                 fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8),
                                       content_len - fragment_offset);
-		PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
-		/* Make totally sure that we are within the buffer.
-		 * Note that the only way that fragment len could get
-		 * adjusted here is if
+                PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
+                /* Make totally sure that we are within the buffer.
+                 * Note that the only way that fragment len could get
+                 * adjusted here is if
                  *
-		 * (a) we are in release mode so the PORT_Assert is compiled out
-		 * (b) either the MTU table is inconsistent with DTLS_MAX_MTU
-		 * or ss->ssl3.mtu has become corrupt.
-		 */
-		fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12);
+                 * (a) we are in release mode so the PORT_Assert is compiled out
+                 * (b) either the MTU table is inconsistent with DTLS_MAX_MTU
+                 * or ss->ssl3.mtu has become corrupt.
+                 */
+                fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12);
 
                 /* Construct an appropriate-sized fragment */
                 /* Type, length, sequence */
@@ -691,25 +707,25 @@
                             fragment_len);
 
                 /*
-		 *  Send the record. We do this in two stages
-		 * 1. Encrypt
-		 */
+                 *  Send the record. We do this in two stages
+                 * 1. Encrypt
+                 */
                 sent = ssl3_SendRecord(ss, msg->epoch, msg->type,
                                        fragment, fragment_len + 12,
                                        ssl_SEND_FLAG_FORCE_INTO_BUFFER |
-				       ssl_SEND_FLAG_USE_EPOCH);
+                                       ssl_SEND_FLAG_USE_EPOCH);
                 if (sent != (fragment_len + 12)) {
-		    rv = SECFailure;
-		    if (sent != -1) {
-			PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-		    }
-		    break;
-		}
-		
-		/* 2. Flush */
-		rv = dtls_SendSavedWriteData(ss);
-		if (rv != SECSuccess)
-		    break;
+                    rv = SECFailure;
+                    if (sent != -1) {
+                        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                    }
+                    break;
+                }
+
+                /* 2. Flush */
+                rv = dtls_SendSavedWriteData(ss);
+                if (rv != SECSuccess)
+                    break;
 
                 fragment_offset += fragment_len;
             }
@@ -718,7 +734,7 @@
 
     /* Finally, we need to flush */
     if (rv == SECSuccess)
-	rv = dtls_SendSavedWriteData(ss);
+        rv = dtls_SendSavedWriteData(ss);
 
     /* Give up the locks */
     ssl_ReleaseSpecReadLock(ss);
@@ -740,19 +756,19 @@
 
     sent = ssl_SendSavedWriteData(ss);
     if (sent < 0)
-	return SECFailure;
+        return SECFailure;
 
     /* We should always have complete writes b/c datagram sockets
      * don't really block */
     if (ss->pendingBuf.len > 0) {
-	ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
-    	return SECFailure;
+        ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
+        return SECFailure;
     }
 
     /* Update the largest message sent so we can adjust the MTU
      * estimate if necessary */
     if (sent > ss->ssl3.hs.maxMessageSent)
-	ss->ssl3.hs.maxMessageSent = sent;
+        ss->ssl3.hs.maxMessageSent = sent;
 
     return SECSuccess;
 }
@@ -767,16 +783,16 @@
 SECStatus
 dtls_CompressMACEncryptRecord(sslSocket *        ss,
                               DTLSEpoch          epoch,
-			      PRBool             use_epoch,
+                              PRBool             use_epoch,
                               SSL3ContentType    type,
-		              const SSL3Opaque * pIn,
-		              PRUint32           contentLen,
-			      sslBuffer        * wrBuf)
+                              const SSL3Opaque * pIn,
+                              PRUint32           contentLen,
+                              sslBuffer        * wrBuf)
 {
     SECStatus rv = SECFailure;
     ssl3CipherSpec *          cwSpec;
 
-    ssl_GetSpecReadLock(ss);	/********************************/
+    ssl_GetSpecReadLock(ss);    /********************************/
 
     /* The reason for this switch-hitting code is that we might have
      * a flight of records spanning an epoch boundary, e.g.,
@@ -789,23 +805,23 @@
      * about which epoch to use is carried with the record.
      */
     if (use_epoch) {
-	if (ss->ssl3.cwSpec->epoch == epoch)
-	    cwSpec = ss->ssl3.cwSpec;
-	else if (ss->ssl3.pwSpec->epoch == epoch)
-	    cwSpec = ss->ssl3.pwSpec;
-	else
-	    cwSpec = NULL;
+        if (ss->ssl3.cwSpec->epoch == epoch)
+            cwSpec = ss->ssl3.cwSpec;
+        else if (ss->ssl3.pwSpec->epoch == epoch)
+            cwSpec = ss->ssl3.pwSpec;
+        else
+            cwSpec = NULL;
     } else {
-	cwSpec = ss->ssl3.cwSpec;
+        cwSpec = ss->ssl3.cwSpec;
     }
 
     if (cwSpec) {
         rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE,
-					   PR_FALSE, type, pIn, contentLen,
-					   wrBuf);
+                                           PR_FALSE, type, pIn, contentLen,
+                                           wrBuf);
     } else {
         PR_NOT_REACHED("Couldn't find a cipher spec matching epoch");
-	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
     }
     ssl_ReleaseSpecReadLock(ss); /************************************/
 
@@ -838,9 +854,9 @@
 dtls_RestartTimer(sslSocket *ss, PRBool backoff, DTLSTimerCb cb)
 {
     if (backoff) {
-	ss->ssl3.hs.rtTimeoutMs *= 2;
-	if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS)
-	    ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS;
+        ss->ssl3.hs.rtTimeoutMs *= 2;
+        if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS)
+            ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS;
     }
 
     return dtls_StartTimer(ss, cb);
@@ -868,18 +884,18 @@
 dtls_CheckTimer(sslSocket *ss)
 {
     if (!ss->ssl3.hs.rtTimerCb)
-	return;
+        return;
 
     if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
-	PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) {
-	/* Timer has expired */
-	DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb;
-	
-	/* Cancel the timer so that we can call the CB safely */
-	dtls_CancelTimer(ss);
+        PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) {
+        /* Timer has expired */
+        DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb;
 
-	/* Now call the CB */
-	cb(ss);
+        /* Cancel the timer so that we can call the CB safely */
+        dtls_CancelTimer(ss);
+
+        /* Now call the CB */
+        cb(ss);
     }
 }
 
@@ -928,17 +944,17 @@
     int i;
 
     if (advertised == 0) {
-	ss->ssl3.mtu = COMMON_MTU_VALUES[0];
-	SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
-	return;
+        ss->ssl3.mtu = COMMON_MTU_VALUES[0];
+        SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
+        return;
     }
-	
+
     for (i = 0; i < PR_ARRAY_SIZE(COMMON_MTU_VALUES); i++) {
-	if (COMMON_MTU_VALUES[i] <= advertised) {
-	    ss->ssl3.mtu = COMMON_MTU_VALUES[i];
-	    SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
-	    return;
-	}
+        if (COMMON_MTU_VALUES[i] <= advertised) {
+            ss->ssl3.mtu = COMMON_MTU_VALUES[i];
+            SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
+            return;
+        }
     }
 
     /* Fallback */
@@ -953,57 +969,57 @@
 SECStatus
 dtls_HandleHelloVerifyRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 {
-    int                 errCode	= SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST;
+    int                 errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST;
     SECStatus           rv;
     PRInt32             temp;
     SECItem             cookie = {siBuffer, NULL, 0};
     SSL3AlertDescription desc   = illegal_parameter;
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle hello_verify_request handshake",
-    	SSL_GETPID(), ss->fd));
+        SSL_GETPID(), ss->fd));
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     if (ss->ssl3.hs.ws != wait_server_hello) {
         errCode = SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST;
-	desc    = unexpected_message;
-	goto alert_loser;
+        desc    = unexpected_message;
+        goto alert_loser;
     }
 
     /* The version */
     temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
     if (temp < 0) {
-    	goto loser; 	/* alert has been sent */
+        goto loser;     /* alert has been sent */
     }
 
-    if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) {
-	/* Note: this will need adjustment for DTLS 1.2 per Section 4.2.1 */
-	goto alert_loser;
+    if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE &&
+        temp != SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
+        goto alert_loser;
     }
 
     /* The cookie */
     rv = ssl3_ConsumeHandshakeVariable(ss, &cookie, 1, &b, &length);
     if (rv != SECSuccess) {
-    	goto loser; 	/* alert has been sent */
+        goto loser;     /* alert has been sent */
     }
     if (cookie.len > DTLS_COOKIE_BYTES) {
-	desc = decode_error;
-	goto alert_loser;	/* malformed. */
+        desc = decode_error;
+        goto alert_loser;       /* malformed. */
     }
 
     PORT_Memcpy(ss->ssl3.hs.cookie, cookie.data, cookie.len);
     ss->ssl3.hs.cookieLen = cookie.len;
 
 
-    ssl_GetXmitBufLock(ss);		/*******************************/
+    ssl_GetXmitBufLock(ss);             /*******************************/
 
     /* Now re-send the client hello */
     rv = ssl3_SendClientHello(ss, PR_TRUE);
 
-    ssl_ReleaseXmitBufLock(ss);		/*******************************/
+    ssl_ReleaseXmitBufLock(ss);         /*******************************/
 
     if (rv == SECSuccess)
-	return rv;
+        return rv;
 
 alert_loser:
     (void)SSL3_SendAlert(ss, alert_fatal, desc);
@@ -1042,14 +1058,14 @@
 
     /* Out of range to the left */
     if (seq < records->left) {
-	return -1;
+        return -1;
     }
 
     /* Out of range to the right; since we advance the window on
      * receipt, that means that this packet has not been received
      * yet */
     if (seq > records->right)
-	return 0;
+        return 0;
 
     offset = seq % DTLS_RECVD_RECORDS_WINDOW;
 
@@ -1066,34 +1082,34 @@
     PRUint64 offset;
 
     if (seq < records->left)
-	return;
+        return;
 
     if (seq > records->right) {
-	PRUint64 new_left;
-	PRUint64 new_right;
-	PRUint64 right;
+        PRUint64 new_left;
+        PRUint64 new_right;
+        PRUint64 right;
 
-	/* Slide to the right; this is the tricky part
+        /* Slide to the right; this is the tricky part
          *
-	 * 1. new_top is set to have room for seq, on the
-	 *    next byte boundary by setting the right 8
-	 *    bits of seq
+         * 1. new_top is set to have room for seq, on the
+         *    next byte boundary by setting the right 8
+         *    bits of seq
          * 2. new_left is set to compensate.
          * 3. Zero all bits between top and new_top. Since
          *    this is a ring, this zeroes everything as-yet
-	 *    unseen. Because we always operate on byte
-	 *    boundaries, we can zero one byte at a time
-	 */
-	new_right = seq | 0x07;
-	new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1;
+         *    unseen. Because we always operate on byte
+         *    boundaries, we can zero one byte at a time
+         */
+        new_right = seq | 0x07;
+        new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1;
 
-	for (right = records->right + 8; right <= new_right; right += 8) {
-	    offset = right % DTLS_RECVD_RECORDS_WINDOW;
-	    records->data[offset / 8] = 0;
-	}
+        for (right = records->right + 8; right <= new_right; right += 8) {
+            offset = right % DTLS_RECVD_RECORDS_WINDOW;
+            records->data[offset / 8] = 0;
+        }
 
-	records->right = new_right;
-	records->left = new_left;
+        records->right = new_right;
+        records->left = new_left;
     }
 
     offset = seq % DTLS_RECVD_RECORDS_WINDOW;
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index 51b557a..57771cd 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -163,29 +163,37 @@
 #define SSL_ENABLE_OCSP_STAPLING       24 /* Request OCSP stapling (client) */
 
 /* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial
- * handshake when protocol negotiation is used. SSL_SetNextProtoCallback
- * or SSL_SetNextProtoNego must be used to control the protocol negotiation;
- * otherwise, the NPN extension will not be negotiated. SSL_ENABLE_NPN is
- * currently enabled by default but this may change in future versions.
+ * handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the
+ * application layer protocol negotiation; otherwise, the NPN extension will
+ * not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this
+ * may change in future versions.
  */
 #define SSL_ENABLE_NPN 25
 
 /* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the
- * initial handshake when protocol negotiation is used. SSL_SetNextProtoNego
- * (not SSL_SetNextProtoCallback) must be used to control the protocol
- * negotiation; otherwise, the ALPN extension will not be negotiated. ALPN is
- * not negotiated for renegotiation handshakes, even though the ALPN
- * specification defines a way to use ALPN during renegotiations.
- * SSL_ENABLE_ALPN is currently disabled by default, but this may change in
- * future versions.
+ * initial handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoNego (not SSL_SetNextProtoCallback) must be used to control
+ * the application layer protocol negotiation; otherwise, the ALPN extension
+ * will not be negotiated. ALPN is not negotiated for renegotiation handshakes,
+ * even though the ALPN specification defines a way to use ALPN during
+ * renegotiations. SSL_ENABLE_ALPN is currently disabled by default, but this
+ * may change in future versions.
  */
 #define SSL_ENABLE_ALPN 26
 
-/* Request Signed Certificate Timestamps via TLS extension (client) */
-#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 27
+/* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is
+ * reused for multiple handshakes or generated each time.
+ * SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default.
+ */
+#define SSL_REUSE_SERVER_ECDHE_KEY 27
+
 #define SSL_ENABLE_FALLBACK_SCSV       28 /* Send fallback SCSV in
                                            * handshakes. */
 
+/* Request Signed Certificate Timestamps via TLS extension (client) */
+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 29
+
 #ifdef SSL_DEPRECATED_FUNCTION 
 /* Old deprecated function names */
 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 91a1f1e..424c1fb 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -119,7 +119,7 @@
 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
    /*      cipher_suite                     policy       enabled   isPresent */
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
  { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,  SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -137,7 +137,7 @@
  { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
  { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
@@ -150,11 +150,11 @@
  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_DSS_WITH_RC4_128_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
  { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -163,7 +163,7 @@
  { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_RC4_128_SHA,         SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_RC4_128_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
  /* RSA */
  { TLS_RSA_WITH_AES_128_GCM_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
@@ -175,34 +175,34 @@
  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_WITH_SEED_CBC_SHA,               SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
 
  /* 56-bit DES "domestic" cipher suites */
- { SSL_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_DHE_DSS_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { SSL_RSA_FIPS_WITH_DES_CBC_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_DES_CBC_SHA,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_DES_CBC_SHA,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* export ciphersuites with 1024-bit public key exchange keys */
  { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* export ciphersuites with 512-bit public key exchange keys */
- { SSL_RSA_EXPORT_WITH_RC4_40_MD5,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_EXPORT_WITH_RC4_40_MD5,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* ciphersuites with no encryption */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
  { TLS_ECDHE_ECDSA_WITH_NULL_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDHE_RSA_WITH_NULL_SHA,             SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_NULL_SHA,              SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_NULL_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
- { SSL_RSA_WITH_NULL_SHA,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+#endif /* NSS_DISABLE_ECC */
+ { TLS_RSA_WITH_NULL_SHA,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_WITH_NULL_SHA256,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_NULL_MD5,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_NULL_MD5,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
 };
 
 /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
@@ -247,7 +247,10 @@
 	return PR_TRUE;  /* Always enabled */
 #ifdef NSS_ENABLE_ZLIB
     case ssl_compression_deflate:
-	return ss->opt.enableDeflate;
+        if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+            return ss->opt.enableDeflate;
+        }
+        return PR_FALSE;
 #endif
     default:
 	return PR_FALSE;
@@ -256,9 +259,9 @@
 
 static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = {
     ct_RSA_sign,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     ct_ECDSA_sign,
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     ct_DSS_sign,
 };
 
@@ -270,7 +273,7 @@
  * CertificateVerify messages that use the handshake hash. */
 static const PRUint8 supported_signature_algorithms[] = {
     tls_hash_sha256, tls_sig_rsa,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     tls_hash_sha256, tls_sig_ecdsa,
 #endif
     tls_hash_sha256, tls_sig_dsa,
@@ -332,13 +335,13 @@
     {kea_dh_anon,        kt_dh,       sign_null, PR_FALSE,   0, PR_FALSE},
     {kea_dh_anon_export, kt_dh,       sign_null, PR_TRUE,  512, PR_FALSE},
     {kea_rsa_fips,       kt_rsa,      sign_rsa,  PR_FALSE,   0, PR_TRUE },
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     {kea_ecdh_ecdsa,     kt_ecdh,     sign_ecdsa,  PR_FALSE, 0, PR_FALSE},
     {kea_ecdhe_ecdsa,    kt_ecdh,     sign_ecdsa,  PR_FALSE,   0, PR_FALSE},
     {kea_ecdh_rsa,       kt_ecdh,     sign_rsa,  PR_FALSE,   0, PR_FALSE},
     {kea_ecdhe_rsa,      kt_ecdh,     sign_rsa,  PR_FALSE,   0, PR_FALSE},
     {kea_ecdh_anon,      kt_ecdh,     sign_null,  PR_FALSE,   0, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 };
 
 /* must use ssl_LookupCipherSuiteDef to access */
@@ -346,49 +349,49 @@
 {
 /*  cipher_suite                    bulk_cipher_alg mac_alg key_exchange_alg */
 
-    {SSL_NULL_WITH_NULL_NULL,       cipher_null,   mac_null, kea_null},
-    {SSL_RSA_WITH_NULL_MD5,         cipher_null,   mac_md5, kea_rsa},
-    {SSL_RSA_WITH_NULL_SHA,         cipher_null,   mac_sha, kea_rsa},
+    {TLS_NULL_WITH_NULL_NULL,       cipher_null,   mac_null, kea_null},
+    {TLS_RSA_WITH_NULL_MD5,         cipher_null,   mac_md5, kea_rsa},
+    {TLS_RSA_WITH_NULL_SHA,         cipher_null,   mac_sha, kea_rsa},
     {TLS_RSA_WITH_NULL_SHA256,      cipher_null,   hmac_sha256, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
-    {SSL_RSA_WITH_RC4_128_MD5,      cipher_rc4,    mac_md5, kea_rsa},
-    {SSL_RSA_WITH_RC4_128_SHA,      cipher_rc4,    mac_sha, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+    {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
+    {TLS_RSA_WITH_RC4_128_MD5,      cipher_rc4,    mac_md5, kea_rsa},
+    {TLS_RSA_WITH_RC4_128_SHA,      cipher_rc4,    mac_sha, kea_rsa},
+    {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
                                     cipher_rc2_40, mac_md5, kea_rsa_export},
 #if 0 /* not implemented */
-    {SSL_RSA_WITH_IDEA_CBC_SHA,     cipher_idea,   mac_sha, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_RSA_WITH_IDEA_CBC_SHA,     cipher_idea,   mac_sha, kea_rsa},
+    {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_rsa_export},
 #endif
-    {SSL_RSA_WITH_DES_CBC_SHA,      cipher_des,    mac_sha, kea_rsa},
-    {SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,   mac_sha, kea_rsa},
-    {SSL_DHE_DSS_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_dss},
-    {SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+    {TLS_RSA_WITH_DES_CBC_SHA,      cipher_des,    mac_sha, kea_rsa},
+    {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,   mac_sha, kea_rsa},
+    {TLS_DHE_DSS_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_dss},
+    {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
                                     cipher_3des,   mac_sha, kea_dhe_dss},
     {TLS_DHE_DSS_WITH_RC4_128_SHA,  cipher_rc4,    mac_sha, kea_dhe_dss},
 #if 0 /* not implemented */
-    {SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_dss_export},
-    {SSL_DH_DSS_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_dss},
-    {SSL_DH_DSS_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_dss},
-    {SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_DSS_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_dss},
+    {TLS_DH_DSS_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_dss},
+    {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_rsa_export},
-    {SSL_DH_RSA_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_rsa},
-    {SSL_DH_RSA_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_rsa},
-    {SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_RSA_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_rsa},
+    {TLS_DH_RSA_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_rsa},
+    {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_dss_export},
-    {SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_rsa_export},
 #endif
-    {SSL_DHE_RSA_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_rsa},
-    {SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    {TLS_DHE_RSA_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_rsa},
+    {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
                                     cipher_3des,   mac_sha, kea_dhe_rsa},
 #if 0
     {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export},
-    {SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_anon_export},
-    {SSL_DH_ANON_DES_CBC_SHA,       cipher_des,    mac_sha, kea_dh_anon},
-    {SSL_DH_ANON_3DES_CBC_SHA,      cipher_3des,   mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des,   mac_sha, kea_dh_anon},
 #endif
 
 
@@ -406,10 +409,10 @@
 #if 0
     {TLS_DH_DSS_WITH_AES_128_CBC_SHA,  	cipher_aes_128, mac_sha, kea_dh_dss},
     {TLS_DH_RSA_WITH_AES_128_CBC_SHA,  	cipher_aes_128, mac_sha, kea_dh_rsa},
-    {TLS_DH_ANON_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dh_anon},
     {TLS_DH_DSS_WITH_AES_256_CBC_SHA,  	cipher_aes_256, mac_sha, kea_dh_dss},
     {TLS_DH_RSA_WITH_AES_256_CBC_SHA,  	cipher_aes_256, mac_sha, kea_dh_rsa},
-    {TLS_DH_ANON_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dh_anon},
 #endif
 
     {TLS_RSA_WITH_SEED_CBC_SHA,	    cipher_seed,   mac_sha, kea_rsa},
@@ -440,7 +443,7 @@
     {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_rsa},
     {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa},
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     {TLS_ECDH_ECDSA_WITH_NULL_SHA,        cipher_null, mac_sha, kea_ecdh_ecdsa},
     {TLS_ECDH_ECDSA_WITH_RC4_128_SHA,      cipher_rc4, mac_sha, kea_ecdh_ecdsa},
     {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa},
@@ -474,7 +477,7 @@
     {TLS_ECDH_anon_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_ecdh_anon},
     {TLS_ECDH_anon_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_ecdh_anon},
 #endif
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 };
 
 static const CK_MECHANISM_TYPE kea_alg_defs[] = {
@@ -548,7 +551,7 @@
     "missing"
 };
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 /* The ECCWrappedKeyInfo structure defines how various pieces of 
  * information are laid out within wrappedSymmetricWrappingkey 
  * for ECDH key exchange. Since wrappedSymmetricWrappingkey is 
@@ -570,7 +573,7 @@
     PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */
     /* EC public-key params, the EC public value and the wrapped key  */
 } ECCWrappedKeyInfo;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 #if defined(TRACE)
 
@@ -658,33 +661,62 @@
      * later. This set of cipher suites is similar to, but different from, the
      * set of cipher suites considered exportable by SSL_IsExportCipherSuite.
      */
-    case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
-    case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
-    /*   SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:      never implemented
-     *   SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:   never implemented
-     *   SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:   never implemented
-     *   SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-     *   SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-     *   SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5:     never implemented
-     *   SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+    /*   TLS_RSA_EXPORT_WITH_DES40_CBC_SHA:      never implemented
+     *   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:   never implemented
+     *   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:   never implemented
+     *   TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+     *   TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+     *   TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:     never implemented
+     *   TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:  never implemented
      */
 	return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0;
-    case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305:
-    case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305:
+
     case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
     case TLS_RSA_WITH_AES_256_CBC_SHA256:
     case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
-    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
     case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
-    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
     case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
-    case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
     case TLS_RSA_WITH_AES_128_CBC_SHA256:
     case TLS_RSA_WITH_AES_128_GCM_SHA256:
     case TLS_RSA_WITH_NULL_SHA256:
+        return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
+
+    case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305:
+    case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305:
+    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+    case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
 	return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
+
+    /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
+     * point formats.*/
+    case TLS_ECDH_ECDSA_WITH_NULL_SHA:
+    case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
+    case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
+    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
+    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
+    case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
+    case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
+    case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
+    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+    case TLS_ECDH_RSA_WITH_NULL_SHA:
+    case TLS_ECDH_RSA_WITH_RC4_128_SHA:
+    case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
+    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
+    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
+    case TLS_ECDHE_RSA_WITH_NULL_SHA:
+    case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
+    case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
+    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+        return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0 &&
+               vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
+
     default:
-	return PR_TRUE;
+        return vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
     }
 }
 
@@ -769,7 +801,7 @@
 	    cipher_mech = alg2Mech[cipher_alg].cmech;
 	    exchKeyType =
 	    	    kea_defs[cipher_def->key_exchange_alg].exchKeyType;
-#ifndef NSS_ENABLE_ECC
+#ifdef NSS_DISABLE_ECC
 	    svrAuth = ss->serverCerts + exchKeyType;
 #else
 	    /* XXX SSLKEAType isn't really a good choice for 
@@ -803,7 +835,7 @@
 		svrAuth = ss->serverCerts + exchKeyType;
 		break;
 	    }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 	    /* Mark the suites that are backed by real tokens, certs and keys */
 	    suite->isPresent = (PRBool)
@@ -910,7 +942,7 @@
 
     if (peerVersion < ss->vrange.min ||
 	(peerVersion > ss->vrange.max && !allowLargerPeerVersion)) {
-	PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+	PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
 	return SECFailure;
     }
 
@@ -962,7 +994,7 @@
 	    hashItem.len = hash->len;
 	}
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case ecKey:
 	doDerEncode = PR_TRUE;
 	/* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
@@ -975,7 +1007,7 @@
 	    hashItem.len = hash->len;
 	}
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     default:
 	PORT_SetError(SEC_ERROR_INVALID_KEY);
 	goto done;
@@ -1073,7 +1105,7 @@
 	}
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case ecKey:
 	encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
 	/* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
@@ -1091,7 +1123,7 @@
 	    hashItem.len = hash->len;
 	}
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
     	SECKEY_DestroyPublicKey(key);
@@ -5226,19 +5258,18 @@
 	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
 	    return SECFailure;
 	}
-	maxBytes        -= extLen;
 	total_exten_len += extLen;
 
 	if (total_exten_len > 0)
 	    total_exten_len += 2;
     }
 
-#if defined(NSS_ENABLE_ECC)
+#ifndef NSS_DISABLE_ECC
     if (!total_exten_len || !isTLS) {
 	/* not sending the elliptic_curves and ec_point_formats extensions */
     	ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
     }
-#endif
+#endif /* NSS_DISABLE_ECC */
 
     if (IS_DTLS(ss)) {
 	ssl3_DisableNonDTLSSuites(ss);
@@ -5337,7 +5368,7 @@
 	rv = ssl3_AppendHandshakeVariable(
 	    ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
     else
-	rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+	rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
     if (rv != SECSuccess) {
 	if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
 	return rv;	/* err set by ssl3_AppendHandshake* */
@@ -5368,7 +5399,15 @@
 	}
 	actual_count++;
     }
-
+    if (fallbackSCSV) {
+	rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
+					sizeof(ssl3CipherSuite));
+	if (rv != SECSuccess) {
+	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+	    return rv;	/* err set by ssl3_AppendHandshake* */
+	}
+	actual_count++;
+    }
     for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
 	ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
 	if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
@@ -5388,16 +5427,6 @@
 	}
     }
 
-    if (fallbackSCSV) {
-	rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
-					sizeof(ssl3CipherSuite));
-	if (rv != SECSuccess) {
-	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
-	    return rv;	/* err set by ssl3_AppendHandshake* */
-	}
-	actual_count++;
-    }
-
     /* if cards were removed or inserted between count_cipher_suites and
      * generating our list, detect the error here rather than send it off to
      * the server.. */
@@ -5571,11 +5600,11 @@
 {
     PK11SymKey *             unwrappedWrappingKey  = NULL;
     SECItem                  wrappedKey;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     PK11SymKey *             Ks;
     SECKEYPublicKey          pubWrapKey;
     ECCWrappedKeyInfo        *ecWrapped;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     /* found the wrapping key on disk. */
     PORT_Assert(pWswk->symWrapMechanism == masterWrapMech);
@@ -5597,7 +5626,7 @@
 				 masterWrapMech, CKA_UNWRAP, 0);
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh:
         /* 
          * For kt_ecdh, we first create an EC public key based on
@@ -5735,12 +5764,12 @@
     SECStatus                rv;
     SECItem                  wrappedKey;
     SSLWrappedSymWrappingKey wswk;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     PK11SymKey *      Ks = NULL;
     SECKEYPublicKey   *pubWrapKey = NULL;
     SECKEYPrivateKey  *privWrapKey = NULL;
     ECCWrappedKeyInfo *ecWrapped;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     svrPrivKey  = ss->serverCerts[exchKeyType].SERVERKEY;
     PORT_Assert(svrPrivKey != NULL);
@@ -5823,7 +5852,7 @@
 	                        unwrappedWrappingKey, &wrappedKey);
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh:
 	/*
 	 * We generate an ephemeral EC key pair. Perform an ECDH
@@ -5909,7 +5938,7 @@
 	if (Ks) PK11_FreeSymKey(Ks);
 	asymWrapMechanism = masterWrapMech;
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
 	rv = SECFailure;
@@ -6222,11 +6251,11 @@
 	rv = sendDHClientKeyExchange(ss, serverKey);
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh:
 	rv = ssl3_SendECDHClientKeyExchange(ss, serverKey);
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
 	/* got an unknown or unsupported Key Exchange Algorithm.  */
@@ -6429,7 +6458,7 @@
     if (rv != SECSuccess) {
     	desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version 
 						   : handshake_failure;
-	errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
+	errCode = SSL_ERROR_UNSUPPORTED_VERSION;
 	goto alert_loser;
     }
     isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
@@ -7017,11 +7046,11 @@
     	return SECSuccess;
     }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh:
 	rv = ssl3_HandleECDHServerKeyExchange(ss, b, length);
 	return rv;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
     	desc    = handshake_failure;
@@ -7953,14 +7982,14 @@
 	    return rv;
 #endif
 	}
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     } else if ((kea_def->kea == kea_ecdhe_rsa) ||
 	       (kea_def->kea == kea_ecdhe_ecdsa)) {
 	rv = ssl3_SendServerKeyExchange(ss);
 	if (rv != SECSuccess) {
 	    return rv;	/* err code was set. */
 	}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     }
 
     if (ss->opt.requestCertificate) {
@@ -8072,7 +8101,7 @@
     if (rv != SECSuccess) {
     	desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version 
 	                                           : handshake_failure;
-	errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
+	errCode = SSL_ERROR_UNSUPPORTED_VERSION;
 	goto alert_loser;
     }
 
@@ -8129,6 +8158,12 @@
 	goto loser;		/* malformed */
     }
 
+    /* TLS 1.3 requires that compression be empty */
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        if (comps.len != 1 || comps.data[0] != ssl_compression_null) {
+            goto loser;
+        }
+    }
     desc = handshake_failure;
 
     /* Handle TLS hello extensions for SSL3 & TLS. We do not know if
@@ -8261,7 +8296,7 @@
 	}
     }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     /* Disable any ECC cipher suites for which we have no cert. */
     ssl3_FilterECCipherSuitesByServerCerts(ss);
 #endif
@@ -8844,8 +8879,9 @@
     rv = ssl3_NegotiateVersion(ss, version, PR_TRUE);
     if (rv != SECSuccess) {
 	/* send back which ever alert client will understand. */
-    	desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure;
-	errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
+	desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
+	                                           : handshake_failure;
+	errCode = SSL_ERROR_UNSUPPORTED_VERSION;
 	goto alert_loser;
     }
 
@@ -8883,7 +8919,7 @@
 
     PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0],
 		   SSL3_RANDOM_LENGTH));
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     /* Disable any ECC cipher suites for which we have no cert. */
     ssl3_FilterECCipherSuitesByServerCerts(ss);
 #endif
@@ -9065,7 +9101,7 @@
 	rv = ssl3_AppendHandshakeVariable(
 	    ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
     else
-	rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+	rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
     if (rv != SECSuccess) {
 	return rv;	/* err set by AppendHandshake. */
     }
@@ -9115,11 +9151,11 @@
     unsigned int i, j;
     /* hashPreference expresses our preferences for hash algorithms, most
      * preferable first. */
-    static const PRUint8 hashPreference[] = {
-	tls_hash_sha256,
-	tls_hash_sha384,
-	tls_hash_sha512,
-	tls_hash_sha1,
+    static const SECOidTag hashPreference[] = {
+        SEC_OID_SHA256,
+        SEC_OID_SHA384,
+        SEC_OID_SHA512,
+        SEC_OID_SHA1,
     };
 
     switch (ss->ssl3.hs.kea_def->kea) {
@@ -9272,12 +9308,12 @@
 	PORT_Free(signed_hash.data);
 	return SECSuccess;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh: {
 	rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash);
 	return rv;
     }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     case kt_dh:
     case kt_null:
@@ -9700,9 +9736,9 @@
     SECStatus         rv;
     const ssl3KEADef *kea_def;
     ssl3KeyPair     *serverKeyPair      = NULL;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     SECKEYPublicKey *serverPubKey       = NULL;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
 		SSL_GETPID(), ss->fd));
@@ -9732,7 +9768,7 @@
 	ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
     } else 
 skip:
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     /* XXX Using SSLKEAType to index server certifiates
      * does not work for (EC)DHE ciphers. Until we have
      * an indexing mechanism general enough for all key
@@ -9778,7 +9814,7 @@
 	break;
 
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh:
 	/* XXX We really ought to be able to store multiple
 	 * EC certs (a requirement if we wish to support both
@@ -9796,11 +9832,15 @@
 	}
 	rv = ssl3_HandleECDHClientKeyExchange(ss, b, length, 
 					      serverPubKey, serverKey);
+	if (ss->ephemeralECDHKeyPair) {
+	    ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
+	    ss->ephemeralECDHKeyPair = NULL;
+	}
 	if (rv != SECSuccess) {
 	    return SECFailure;	/* error code set */
 	}
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
 	(void) ssl3_HandshakeFailure(ss);
@@ -9860,17 +9900,21 @@
 	(PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length);
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length);
-    if (length != 0 || rv != SECSuccess) {
+    if (rv != SECSuccess || length != 0) {
 	(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
 	PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
 	return SECFailure;  /* malformed */
     }
-    rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
-			  &ticketData);
-    if (rv != SECSuccess) {
-	return rv;
+    /* If the server sent a zero-length ticket, ignore it and keep the
+     * existing ticket. */
+    if (ticketData.len != 0) {
+	rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
+			      &ticketData);
+	if (rv != SECSuccess) {
+	    return rv;
+	}
+	ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
     }
-    ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
 
     ss->ssl3.hs.ws = wait_change_cipher;
     return SECSuccess;
@@ -10444,7 +10488,7 @@
 	if (pubKey) {
 	    ss->sec.keaKeyBits = ss->sec.authKeyBits =
 		SECKEY_PublicKeyStrengthInBits(pubKey);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	    if (ss->sec.keaType == kt_ecdh) {
 		/* Get authKeyBits from signing key.
 		 * XXX The code below uses a quick approximation of
@@ -10470,7 +10514,7 @@
 		     */
 		}
 	    }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	    SECKEY_DestroyPublicKey(pubKey); 
 	    pubKey = NULL;
     	}
@@ -10478,10 +10522,10 @@
 	ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */
 	if (ss->ssl3.hs.kea_def->is_limited ||
 	    /* XXX OR server cert is signing only. */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	    ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
 	    ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	    ss->ssl3.hs.kea_def->exchKeyType == kt_dh) {
 	    ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */
 	}
@@ -11238,7 +11282,7 @@
 	sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite;
 	sid->u.ssl3.compression = ss->ssl3.hs.compression;
 	sid->u.ssl3.policy      = ss->ssl3.policy;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves;
 #endif
 	sid->u.ssl3.exchKeyType = effectiveExchKeyType;
@@ -12374,7 +12418,7 @@
     ssl3_InitCipherSpec(ss, ss->ssl3.prSpec);
 
     ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss);
 #endif
     ssl_ReleaseSpecWriteLock(ss);
diff --git a/net/third_party/nss/ssl/ssl3ecc.c b/net/third_party/nss/ssl/ssl3ecc.c
index 39f9af1..d5d6c9c 100644
--- a/net/third_party/nss/ssl/ssl3ecc.c
+++ b/net/third_party/nss/ssl/ssl3ecc.c
@@ -10,7 +10,7 @@
 #include "nss.h"
 #include "cert.h"
 #include "ssl.h"
-#include "cryptohi.h"	/* for DSAU_ stuff */
+#include "cryptohi.h"   /* for DSAU_ stuff */
 #include "keyhi.h"
 #include "secder.h"
 #include "secitem.h"
@@ -36,11 +36,11 @@
 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
 #endif
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 
 #ifndef PK11_SETATTRS
 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
-		(x)->pValue=(v); (x)->ulValueLen = (l);
+                (x)->pValue=(v); (x)->ulValueLen = (l);
 #endif
 
 #define SSL_GET_SERVER_PUBLIC_KEY(sock, type) \
@@ -62,61 +62,61 @@
  * ECC-TLS IETF draft.
  */
 static const SECOidTag ecName2OIDTag[] = {
-	0,  
-	SEC_OID_SECG_EC_SECT163K1,  /*  1 */
-	SEC_OID_SECG_EC_SECT163R1,  /*  2 */
-	SEC_OID_SECG_EC_SECT163R2,  /*  3 */
-	SEC_OID_SECG_EC_SECT193R1,  /*  4 */
-	SEC_OID_SECG_EC_SECT193R2,  /*  5 */
-	SEC_OID_SECG_EC_SECT233K1,  /*  6 */
-	SEC_OID_SECG_EC_SECT233R1,  /*  7 */
-	SEC_OID_SECG_EC_SECT239K1,  /*  8 */
-	SEC_OID_SECG_EC_SECT283K1,  /*  9 */
-	SEC_OID_SECG_EC_SECT283R1,  /* 10 */
-	SEC_OID_SECG_EC_SECT409K1,  /* 11 */
-	SEC_OID_SECG_EC_SECT409R1,  /* 12 */
-	SEC_OID_SECG_EC_SECT571K1,  /* 13 */
-	SEC_OID_SECG_EC_SECT571R1,  /* 14 */
-	SEC_OID_SECG_EC_SECP160K1,  /* 15 */
-	SEC_OID_SECG_EC_SECP160R1,  /* 16 */
-	SEC_OID_SECG_EC_SECP160R2,  /* 17 */
-	SEC_OID_SECG_EC_SECP192K1,  /* 18 */
-	SEC_OID_SECG_EC_SECP192R1,  /* 19 */
-	SEC_OID_SECG_EC_SECP224K1,  /* 20 */
-	SEC_OID_SECG_EC_SECP224R1,  /* 21 */
-	SEC_OID_SECG_EC_SECP256K1,  /* 22 */
-	SEC_OID_SECG_EC_SECP256R1,  /* 23 */
-	SEC_OID_SECG_EC_SECP384R1,  /* 24 */
-	SEC_OID_SECG_EC_SECP521R1,  /* 25 */
+        0,
+        SEC_OID_SECG_EC_SECT163K1,  /*  1 */
+        SEC_OID_SECG_EC_SECT163R1,  /*  2 */
+        SEC_OID_SECG_EC_SECT163R2,  /*  3 */
+        SEC_OID_SECG_EC_SECT193R1,  /*  4 */
+        SEC_OID_SECG_EC_SECT193R2,  /*  5 */
+        SEC_OID_SECG_EC_SECT233K1,  /*  6 */
+        SEC_OID_SECG_EC_SECT233R1,  /*  7 */
+        SEC_OID_SECG_EC_SECT239K1,  /*  8 */
+        SEC_OID_SECG_EC_SECT283K1,  /*  9 */
+        SEC_OID_SECG_EC_SECT283R1,  /* 10 */
+        SEC_OID_SECG_EC_SECT409K1,  /* 11 */
+        SEC_OID_SECG_EC_SECT409R1,  /* 12 */
+        SEC_OID_SECG_EC_SECT571K1,  /* 13 */
+        SEC_OID_SECG_EC_SECT571R1,  /* 14 */
+        SEC_OID_SECG_EC_SECP160K1,  /* 15 */
+        SEC_OID_SECG_EC_SECP160R1,  /* 16 */
+        SEC_OID_SECG_EC_SECP160R2,  /* 17 */
+        SEC_OID_SECG_EC_SECP192K1,  /* 18 */
+        SEC_OID_SECG_EC_SECP192R1,  /* 19 */
+        SEC_OID_SECG_EC_SECP224K1,  /* 20 */
+        SEC_OID_SECG_EC_SECP224R1,  /* 21 */
+        SEC_OID_SECG_EC_SECP256K1,  /* 22 */
+        SEC_OID_SECG_EC_SECP256R1,  /* 23 */
+        SEC_OID_SECG_EC_SECP384R1,  /* 24 */
+        SEC_OID_SECG_EC_SECP521R1,  /* 25 */
 };
 
 static const PRUint16 curve2bits[] = {
-	  0, /*  ec_noName     = 0,   */
-	163, /*  ec_sect163k1  = 1,   */
-	163, /*  ec_sect163r1  = 2,   */
-	163, /*  ec_sect163r2  = 3,   */
-	193, /*  ec_sect193r1  = 4,   */
-	193, /*  ec_sect193r2  = 5,   */
-	233, /*  ec_sect233k1  = 6,   */
-	233, /*  ec_sect233r1  = 7,   */
-	239, /*  ec_sect239k1  = 8,   */
-	283, /*  ec_sect283k1  = 9,   */
-	283, /*  ec_sect283r1  = 10,  */
-	409, /*  ec_sect409k1  = 11,  */
-	409, /*  ec_sect409r1  = 12,  */
-	571, /*  ec_sect571k1  = 13,  */
-	571, /*  ec_sect571r1  = 14,  */
-	160, /*  ec_secp160k1  = 15,  */
-	160, /*  ec_secp160r1  = 16,  */
-	160, /*  ec_secp160r2  = 17,  */
-	192, /*  ec_secp192k1  = 18,  */
-	192, /*  ec_secp192r1  = 19,  */
-	224, /*  ec_secp224k1  = 20,  */
-	224, /*  ec_secp224r1  = 21,  */
-	256, /*  ec_secp256k1  = 22,  */
-	256, /*  ec_secp256r1  = 23,  */
-	384, /*  ec_secp384r1  = 24,  */
-	521, /*  ec_secp521r1  = 25,  */
+          0, /*  ec_noName     = 0,   */
+        163, /*  ec_sect163k1  = 1,   */
+        163, /*  ec_sect163r1  = 2,   */
+        163, /*  ec_sect163r2  = 3,   */
+        193, /*  ec_sect193r1  = 4,   */
+        193, /*  ec_sect193r2  = 5,   */
+        233, /*  ec_sect233k1  = 6,   */
+        233, /*  ec_sect233r1  = 7,   */
+        239, /*  ec_sect239k1  = 8,   */
+        283, /*  ec_sect283k1  = 9,   */
+        283, /*  ec_sect283r1  = 10,  */
+        409, /*  ec_sect409k1  = 11,  */
+        409, /*  ec_sect409r1  = 12,  */
+        571, /*  ec_sect571k1  = 13,  */
+        571, /*  ec_sect571r1  = 14,  */
+        160, /*  ec_secp160k1  = 15,  */
+        160, /*  ec_secp160r1  = 16,  */
+        160, /*  ec_secp160r2  = 17,  */
+        192, /*  ec_secp192k1  = 18,  */
+        192, /*  ec_secp192r1  = 19,  */
+        224, /*  ec_secp224k1  = 20,  */
+        224, /*  ec_secp224r1  = 21,  */
+        256, /*  ec_secp256k1  = 22,  */
+        256, /*  ec_secp256r1  = 23,  */
+        384, /*  ec_secp384r1  = 24,  */
+        521, /*  ec_secp521r1  = 25,  */
       65535  /*  ec_pastLastName      */
 };
 
@@ -126,31 +126,31 @@
 } Bits2Curve;
 
 static const Bits2Curve bits2curve [] = {
-   {	192,     ec_secp192r1    /*  = 19,  fast */  },
-   {	160,     ec_secp160r2    /*  = 17,  fast */  },
-   {	160,     ec_secp160k1    /*  = 15,  */       },
-   {	160,     ec_secp160r1    /*  = 16,  */       },
-   {	163,     ec_sect163k1    /*  = 1,   */       },
-   {	163,     ec_sect163r1    /*  = 2,   */       },
-   {	163,     ec_sect163r2    /*  = 3,   */       },
-   {	192,     ec_secp192k1    /*  = 18,  */       },
-   {	193,     ec_sect193r1    /*  = 4,   */       },
-   {	193,     ec_sect193r2    /*  = 5,   */       },
-   {	224,     ec_secp224r1    /*  = 21,  fast */  },
-   {	224,     ec_secp224k1    /*  = 20,  */       },
-   {	233,     ec_sect233k1    /*  = 6,   */       },
-   {	233,     ec_sect233r1    /*  = 7,   */       },
-   {	239,     ec_sect239k1    /*  = 8,   */       },
-   {	256,     ec_secp256r1    /*  = 23,  fast */  },
-   {	256,     ec_secp256k1    /*  = 22,  */       },
-   {	283,     ec_sect283k1    /*  = 9,   */       },
-   {	283,     ec_sect283r1    /*  = 10,  */       },
-   {	384,     ec_secp384r1    /*  = 24,  fast */  },
-   {	409,     ec_sect409k1    /*  = 11,  */       },
-   {	409,     ec_sect409r1    /*  = 12,  */       },
-   {	521,     ec_secp521r1    /*  = 25,  fast */  },
-   {	571,     ec_sect571k1    /*  = 13,  */       },
-   {	571,     ec_sect571r1    /*  = 14,  */       },
+   {    192,     ec_secp192r1    /*  = 19,  fast */  },
+   {    160,     ec_secp160r2    /*  = 17,  fast */  },
+   {    160,     ec_secp160k1    /*  = 15,  */       },
+   {    160,     ec_secp160r1    /*  = 16,  */       },
+   {    163,     ec_sect163k1    /*  = 1,   */       },
+   {    163,     ec_sect163r1    /*  = 2,   */       },
+   {    163,     ec_sect163r2    /*  = 3,   */       },
+   {    192,     ec_secp192k1    /*  = 18,  */       },
+   {    193,     ec_sect193r1    /*  = 4,   */       },
+   {    193,     ec_sect193r2    /*  = 5,   */       },
+   {    224,     ec_secp224r1    /*  = 21,  fast */  },
+   {    224,     ec_secp224k1    /*  = 20,  */       },
+   {    233,     ec_sect233k1    /*  = 6,   */       },
+   {    233,     ec_sect233r1    /*  = 7,   */       },
+   {    239,     ec_sect239k1    /*  = 8,   */       },
+   {    256,     ec_secp256r1    /*  = 23,  fast */  },
+   {    256,     ec_secp256k1    /*  = 22,  */       },
+   {    283,     ec_sect283k1    /*  = 9,   */       },
+   {    283,     ec_sect283r1    /*  = 10,  */       },
+   {    384,     ec_secp384r1    /*  = 24,  fast */  },
+   {    409,     ec_sect409k1    /*  = 11,  */       },
+   {    409,     ec_sect409r1    /*  = 12,  */       },
+   {    521,     ec_secp521r1    /*  = 25,  fast */  },
+   {    571,     ec_sect571k1    /*  = 13,  */       },
+   {    571,     ec_sect571r1    /*  = 14,  */       },
    {  65535,     ec_noName    }
 };
 
@@ -163,21 +163,21 @@
 /* arrays of ECDHE KeyPairs */
 static ECDHEKeyPair gECDHEKeyPairs[ec_pastLastName];
 
-SECStatus 
+SECStatus
 ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params)
 {
     SECOidData *oidData = NULL;
 
     if ((curve <= ec_noName) || (curve >= ec_pastLastName) ||
-	((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) {
+        ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) {
         PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-	return SECFailure;
+        return SECFailure;
     }
 
     SECITEM_AllocItem(arena, params, (2 + oidData->oid.len));
-    /* 
+    /*
      * params->data needs to contain the ASN encoding of an object ID (OID)
-     * representing the named curve. The actual OID is in 
+     * representing the named curve. The actual OID is in
      * oidData->oid.data so we simply prepend 0x06 and OID length
      */
     params->data[0] = SEC_ASN1_OBJECT_ID;
@@ -187,14 +187,14 @@
     return SECSuccess;
 }
 
-static ECName 
+static ECName
 params2ecName(SECKEYECParams * params)
 {
     SECItem oid = { siBuffer, NULL, 0};
     SECOidData *oidData = NULL;
     ECName i;
 
-    /* 
+    /*
      * params->data needs to contain the ASN encoding of an object ID (OID)
      * representing a named curve. Here, we strip away everything
      * before the actual OID and use the OID to look up a named curve.
@@ -204,8 +204,8 @@
     oid.data = params->data + 2;
     if ((oidData = SECOID_FindOID(&oid)) == NULL) return ec_noName;
     for (i = ec_noName + 1; i < ec_pastLastName; i++) {
-	if (ecName2OIDTag[i] == oidData->offset)
-	    return i;
+        if (ecName2OIDTag[i] == oidData->offset)
+            return i;
     }
 
     return ec_noName;
@@ -214,13 +214,13 @@
 /* Caller must set hiLevel error code. */
 static SECStatus
 ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
-			SECItem ec_params, SECItem server_ecpoint,
-			SSL3Random *client_rand, SSL3Random *server_rand,
-			SSL3Hashes *hashes, PRBool bypassPKCS11)
+                        SECItem ec_params, SECItem server_ecpoint,
+                        SSL3Random *client_rand, SSL3Random *server_rand,
+                        SSL3Hashes *hashes, PRBool bypassPKCS11)
 {
     PRUint8     * hashBuf;
     PRUint8     * pBuf;
-    SECStatus     rv 		= SECSuccess;
+    SECStatus     rv            = SECSuccess;
     unsigned int  bufLen;
     /*
      * XXX For now, we only support named curves (the appropriate
@@ -232,37 +232,37 @@
 
     bufLen = 2*SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len;
     if (bufLen <= sizeof buf) {
-    	hashBuf = buf;
+        hashBuf = buf;
     } else {
-    	hashBuf = PORT_Alloc(bufLen);
-	if (!hashBuf) {
-	    return SECFailure;
-	}
+        hashBuf = PORT_Alloc(bufLen);
+        if (!hashBuf) {
+            return SECFailure;
+        }
     }
 
-    memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH); 
-    	pBuf = hashBuf + SSL3_RANDOM_LENGTH;
+    memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
+        pBuf = hashBuf + SSL3_RANDOM_LENGTH;
     memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH);
-    	pBuf += SSL3_RANDOM_LENGTH;
+        pBuf += SSL3_RANDOM_LENGTH;
     memcpy(pBuf, ec_params.data, ec_params.len);
-    	pBuf += ec_params.len;
+        pBuf += ec_params.len;
     pBuf[0] = (PRUint8)(server_ecpoint.len);
     pBuf += 1;
     memcpy(pBuf, server_ecpoint.data, server_ecpoint.len);
-    	pBuf += server_ecpoint.len;
+        pBuf += server_ecpoint.len;
     PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
 
     rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes,
-				   bypassPKCS11);
+                                   bypassPKCS11);
 
     PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen));
     PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result",
-	      hashes->u.s.md5, MD5_LENGTH));
+              hashes->u.s.md5, MD5_LENGTH));
     PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result",
-	      hashes->u.s.sha, SHA1_LENGTH));
+              hashes->u.s.sha, SHA1_LENGTH));
 
     if (hashBuf != buf)
-    	PORT_Free(hashBuf);
+        PORT_Free(hashBuf);
     return rv;
 }
 
@@ -271,12 +271,12 @@
 SECStatus
 ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
 {
-    PK11SymKey *	pms 		= NULL;
-    SECStatus           rv    		= SECFailure;
+    PK11SymKey *        pms             = NULL;
+    SECStatus           rv              = SECFailure;
     PRBool              isTLS, isTLS12;
-    CK_MECHANISM_TYPE	target;
-    SECKEYPublicKey	*pubKey = NULL;		/* Ephemeral ECDH key */
-    SECKEYPrivateKey	*privKey = NULL;	/* Ephemeral ECDH key */
+    CK_MECHANISM_TYPE   target;
+    SECKEYPublicKey     *pubKey = NULL;         /* Ephemeral ECDH key */
+    SECKEYPrivateKey    *privKey = NULL;        /* Ephemeral ECDH key */
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
     PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
@@ -286,39 +286,39 @@
 
     /* Generate ephemeral EC keypair */
     if (svrPubKey->keyType != ecKey) {
-	PORT_SetError(SEC_ERROR_BAD_KEY);
-	goto loser;
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        goto loser;
     }
     /* XXX SHOULD CALL ssl3_CreateECDHEphemeralKeys here, instead! */
-    privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams, 
-	                                &pubKey, ss->pkcs11PinArg);
+    privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams,
+                                        &pubKey, ss->pkcs11PinArg);
     if (!privKey || !pubKey) {
-	    ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-	    rv = SECFailure;
-	    goto loser;
+            ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+            rv = SECFailure;
+            goto loser;
     }
     PRINT_BUF(50, (ss, "ECDH public value:",
-					pubKey->u.ec.publicValue.data,
-					pubKey->u.ec.publicValue.len));
+                                        pubKey->u.ec.publicValue.data,
+                                        pubKey->u.ec.publicValue.len));
 
     if (isTLS12) {
-	target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+        target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
     } else if (isTLS) {
-	target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
     } else {
-	target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
     }
 
     /*  Determine the PMS */
     pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL,
-			    CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
-			    CKD_NULL, NULL, NULL);
+                            CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+                            CKD_NULL, NULL, NULL);
 
     if (pms == NULL) {
-	SSL3AlertDescription desc  = illegal_parameter;
-	(void)SSL3_SendAlert(ss, alert_fatal, desc);
-	ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-	goto loser;
+        SSL3AlertDescription desc  = illegal_parameter;
+        (void)SSL3_SendAlert(ss, alert_fatal, desc);
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
     }
 
     SECKEY_DestroyPrivateKey(privKey);
@@ -328,24 +328,24 @@
     PK11_FreeSymKey(pms); pms = NULL;
 
     if (rv != SECSuccess) {
-	ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-	goto loser;
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
     }
 
-    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, 
-					pubKey->u.ec.publicValue.len + 1);
+    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
+                                        pubKey->u.ec.publicValue.len + 1);
     if (rv != SECSuccess) {
-        goto loser;	/* err set by ssl3_AppendHandshake* */
+        goto loser;     /* err set by ssl3_AppendHandshake* */
     }
 
-    rv = ssl3_AppendHandshakeVariable(ss, 
-					pubKey->u.ec.publicValue.data,
-					pubKey->u.ec.publicValue.len, 1);
+    rv = ssl3_AppendHandshakeVariable(ss,
+                                        pubKey->u.ec.publicValue.data,
+                                        pubKey->u.ec.publicValue.len, 1);
     SECKEY_DestroyPublicKey(pubKey);
     pubKey = NULL;
 
     if (rv != SECSuccess) {
-        goto loser;	/* err set by ssl3_AppendHandshake* */
+        goto loser;     /* err set by ssl3_AppendHandshake* */
     }
 
     rv = SECSuccess;
@@ -363,59 +363,59 @@
 */
 SECStatus
 ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
-				     PRUint32 length,
+                                     PRUint32 length,
                                      SECKEYPublicKey *srvrPubKey,
                                      SECKEYPrivateKey *srvrPrivKey)
 {
     PK11SymKey *      pms;
     SECStatus         rv;
     SECKEYPublicKey   clntPubKey;
-    CK_MECHANISM_TYPE	target;
+    CK_MECHANISM_TYPE   target;
     PRBool isTLS, isTLS12;
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
 
     clntPubKey.keyType = ecKey;
-    clntPubKey.u.ec.DEREncodedParams.len = 
-	srvrPubKey->u.ec.DEREncodedParams.len;
-    clntPubKey.u.ec.DEREncodedParams.data = 
-	srvrPubKey->u.ec.DEREncodedParams.data;
+    clntPubKey.u.ec.DEREncodedParams.len =
+        srvrPubKey->u.ec.DEREncodedParams.len;
+    clntPubKey.u.ec.DEREncodedParams.data =
+        srvrPubKey->u.ec.DEREncodedParams.data;
 
-    rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue, 
-	                               1, &b, &length);
+    rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue,
+                                       1, &b, &length);
     if (rv != SECSuccess) {
-	SEND_ALERT
-	return SECFailure;	/* XXX Who sets the error code?? */
+        SEND_ALERT
+        return SECFailure;      /* XXX Who sets the error code?? */
     }
 
     isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
     isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
 
     if (isTLS12) {
-	target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+        target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
     } else if (isTLS) {
-	target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
     } else {
-	target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
     }
 
     /*  Determine the PMS */
     pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL,
-			    CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
-			    CKD_NULL, NULL, NULL);
+                            CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+                            CKD_NULL, NULL, NULL);
 
     if (pms == NULL) {
-	/* last gasp.  */
-	ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-	return SECFailure;
+        /* last gasp.  */
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        return SECFailure;
     }
 
     rv = ssl3_InitPendingCipherSpec(ss,  pms);
     PK11_FreeSymKey(pms);
     if (rv != SECSuccess) {
-	SEND_ALERT
-	return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
+        SEND_ALERT
+        return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
     }
     return SECSuccess;
 }
@@ -424,13 +424,13 @@
 ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits)
 {
     int    i;
-    
+
     for ( i = 0; bits2curve[i].curve != ec_noName; i++) {
-	if (bits2curve[i].bits < requiredECCbits)
-	    continue;
-    	if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) {
-	    return bits2curve[i].curve;
-	}
+        if (bits2curve[i].bits < requiredECCbits)
+            continue;
+        if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) {
+            return bits2curve[i].curve;
+        }
     }
     PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
     return ec_noName;
@@ -448,24 +448,24 @@
     int    requiredECCbits = ss->sec.secretKeyBits * 2;
 
     if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa) {
-	svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh);
-	if (svrPublicKey)
-	    ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams);
-	if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) {
-	    PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-	    return ec_noName;
-	}
-	signatureKeyStrength = curve2bits[ ec_curve ];
+        svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh);
+        if (svrPublicKey)
+            ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams);
+        if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) {
+            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+            return ec_noName;
+        }
+        signatureKeyStrength = curve2bits[ ec_curve ];
     } else {
         /* RSA is our signing cert */
         int serverKeyStrengthInBits;
- 
+
         svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_rsa);
         if (!svrPublicKey) {
             PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
             return ec_noName;
         }
- 
+
         /* currently strength in bytes */
         serverKeyStrengthInBits = svrPublicKey->u.rsa.modulus.len;
         if (svrPublicKey->u.rsa.modulus.data[0] == 0) {
@@ -473,28 +473,28 @@
         }
         /* convert to strength in bits */
         serverKeyStrengthInBits *= BPB;
- 
+
         signatureKeyStrength =
-	    SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
+            SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
     }
-    if ( requiredECCbits > signatureKeyStrength ) 
+    if ( requiredECCbits > signatureKeyStrength )
          requiredECCbits = signatureKeyStrength;
 
     return ssl3_GetCurveWithECKeyStrength(ss->ssl3.hs.negotiatedECCurves,
-					  requiredECCbits);
+                                          requiredECCbits);
 }
 
 /* function to clear out the lists */
-static SECStatus 
+static SECStatus
 ssl3_ShutdownECDHECurves(void *appData, void *nssData)
 {
     int i;
     ECDHEKeyPair *keyPair = &gECDHEKeyPairs[0];
 
     for (i=0; i < ec_pastLastName; i++, keyPair++) {
-	if (keyPair->pair) {
-	    ssl3_FreeKeyPair(keyPair->pair);
-	}
+        if (keyPair->pair) {
+            ssl3_FreeKeyPair(keyPair->pair);
+        }
     }
     memset(gECDHEKeyPairs, 0, sizeof gECDHEKeyPairs);
     return SECSuccess;
@@ -506,42 +506,52 @@
     SECStatus rv;
     rv = NSS_RegisterShutdown(ssl3_ShutdownECDHECurves, gECDHEKeyPairs);
     if (rv != SECSuccess) {
-	gECDHEKeyPairs[ec_noName].error = PORT_GetError();
+        gECDHEKeyPairs[ec_noName].error = PORT_GetError();
     }
     return (PRStatus)rv;
 }
 
-/* CallOnce function, called once for each named curve. */
-static PRStatus 
-ssl3_CreateECDHEphemeralKeyPair(void * arg)
+/* Create an ECDHE key pair for a given curve */
+static SECStatus
+ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve, ssl3KeyPair** keyPair)
 {
     SECKEYPrivateKey *    privKey  = NULL;
     SECKEYPublicKey *     pubKey   = NULL;
-    ssl3KeyPair *	  keyPair  = NULL;
-    ECName                ec_curve = (ECName)arg;
     SECKEYECParams        ecParams = { siBuffer, NULL, 0 };
 
+    if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) {
+        return SECFailure;
+    }
+    privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL);
+    SECITEM_FreeItem(&ecParams, PR_FALSE);
+
+    if (!privKey || !pubKey || !(*keyPair = ssl3_NewKeyPair(privKey, pubKey))) {
+        if (privKey) {
+            SECKEY_DestroyPrivateKey(privKey);
+        }
+        if (pubKey) {
+            SECKEY_DestroyPublicKey(pubKey);
+        }
+        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+/* CallOnce function, called once for each named curve. */
+static PRStatus
+ssl3_CreateECDHEphemeralKeyPairOnce(void * arg)
+{
+    ECName                ec_curve = (ECName)arg;
+    ssl3KeyPair *         keyPair  = NULL;
+
     PORT_Assert(gECDHEKeyPairs[ec_curve].pair == NULL);
 
     /* ok, no one has generated a global key for this curve yet, do so */
-    if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) {
-	gECDHEKeyPairs[ec_curve].error = PORT_GetError();
-	return PR_FAILURE;
-    }
-
-    privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL);    
-    SECITEM_FreeItem(&ecParams, PR_FALSE);
-
-    if (!privKey || !pubKey || !(keyPair = ssl3_NewKeyPair(privKey, pubKey))) {
-	if (privKey) {
-	    SECKEY_DestroyPrivateKey(privKey);
-	}
-	if (pubKey) {
-	    SECKEY_DestroyPublicKey(pubKey);
-	}
-	ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-	gECDHEKeyPairs[ec_curve].error = PORT_GetError();
-	return PR_FAILURE;
+    if (ssl3_CreateECDHEphemeralKeyPair(ec_curve, &keyPair) != SECSuccess) {
+        gECDHEKeyPairs[ec_curve].error = PORT_GetError();
+        return PR_FAILURE;
     }
 
     gECDHEKeyPairs[ec_curve].pair = keyPair;
@@ -560,30 +570,30 @@
 static SECStatus
 ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve)
 {
-    ssl3KeyPair *	  keyPair        = NULL;
+    ssl3KeyPair *         keyPair        = NULL;
 
     /* if there's no global key for this curve, make one. */
     if (gECDHEKeyPairs[ec_curve].pair == NULL) {
-	PRStatus status;
+        PRStatus status;
 
-	status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister);
+        status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister);
         if (status != PR_SUCCESS) {
-	    PORT_SetError(gECDHEKeyPairs[ec_noName].error);
-	    return SECFailure;
-    	}
-	status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once,
-	                            ssl3_CreateECDHEphemeralKeyPair,
-				    (void *)ec_curve);
+            PORT_SetError(gECDHEKeyPairs[ec_noName].error);
+            return SECFailure;
+        }
+        status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once,
+                                    ssl3_CreateECDHEphemeralKeyPairOnce,
+                                    (void *)ec_curve);
         if (status != PR_SUCCESS) {
-	    PORT_SetError(gECDHEKeyPairs[ec_curve].error);
-	    return SECFailure;
-    	}
+            PORT_SetError(gECDHEKeyPairs[ec_curve].error);
+            return SECFailure;
+        }
     }
 
     keyPair = gECDHEKeyPairs[ec_curve].pair;
     PORT_Assert(keyPair != NULL);
-    if (!keyPair) 
-    	return SECFailure;
+    if (!keyPair)
+        return SECFailure;
     ss->ephemeralECDHKeyPair = ssl3_GetKeyPairRef(keyPair);
 
     return SECSuccess;
@@ -618,55 +628,55 @@
     ec_params.data = paramBuf;
     rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length);
     if (rv != SECSuccess) {
-	goto loser;		/* malformed. */
+        goto loser;             /* malformed. */
     }
 
     /* Fail if the curve is not a named curve */
-    if ((ec_params.data[0] != ec_type_named) || 
-	(ec_params.data[1] != 0) ||
-	!supportedCurve(ec_params.data[2])) {
-	    errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
-	    desc = handshake_failure;
-	    goto alert_loser;
+    if ((ec_params.data[0] != ec_type_named) ||
+        (ec_params.data[1] != 0) ||
+        !supportedCurve(ec_params.data[2])) {
+            errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+            desc = handshake_failure;
+            goto alert_loser;
     }
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &ec_point, 1, &b, &length);
     if (rv != SECSuccess) {
-	goto loser;		/* malformed. */
+        goto loser;             /* malformed. */
     }
     /* Fail if the ec point uses compressed representation */
     if (ec_point.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
-	    errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
-	    desc = handshake_failure;
-	    goto alert_loser;
+            errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
+            desc = handshake_failure;
+            goto alert_loser;
     }
 
     if (isTLS12) {
-	rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
-						   &sigAndHash);
-	if (rv != SECSuccess) {
-	    goto loser;		/* malformed or unsupported. */
-	}
-	rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
-		&sigAndHash, ss->sec.peerCert);
-	if (rv != SECSuccess) {
-	    goto loser;
-	}
+        rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
+                                                   &sigAndHash);
+        if (rv != SECSuccess) {
+            goto loser;         /* malformed or unsupported. */
+        }
+        rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
+                &sigAndHash, ss->sec.peerCert);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
     }
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
     if (rv != SECSuccess) {
-	goto loser;		/* malformed. */
+        goto loser;             /* malformed. */
     }
 
     if (length != 0) {
-	if (isTLS)
-	    desc = decode_error;
-	goto alert_loser;		/* malformed. */
+        if (isTLS)
+            desc = decode_error;
+        goto alert_loser;               /* malformed. */
     }
 
-    PRINT_BUF(60, (NULL, "Server EC params", ec_params.data, 
-	ec_params.len));
+    PRINT_BUF(60, (NULL, "Server EC params", ec_params.data,
+        ec_params.len));
     PRINT_BUF(60, (NULL, "Server EC point", ec_point.data, ec_point.len));
 
     /* failures after this point are not malformed handshakes. */
@@ -677,51 +687,51 @@
      *  check to make sure the hash is signed by right guy
      */
     rv = ssl3_ComputeECDHKeyHash(sigAndHash.hashAlg, ec_params, ec_point,
-				 &ss->ssl3.hs.client_random,
-				 &ss->ssl3.hs.server_random, 
-				 &hashes, ss->opt.bypassPKCS11);
+                                 &ss->ssl3.hs.client_random,
+                                 &ss->ssl3.hs.server_random,
+                                 &hashes, ss->opt.bypassPKCS11);
 
     if (rv != SECSuccess) {
-	errCode =
-	    ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-	goto alert_loser;
+        errCode =
+            ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto alert_loser;
     }
     rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature,
-				isTLS, ss->pkcs11PinArg);
+                                isTLS, ss->pkcs11PinArg);
     if (rv != SECSuccess)  {
-	errCode =
-	    ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-	goto alert_loser;
+        errCode =
+            ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto alert_loser;
     }
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
-	goto no_memory;
+        goto no_memory;
     }
 
     ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
     if (peerKey == NULL) {
-	goto no_memory;
+        goto no_memory;
     }
 
     peerKey->arena                 = arena;
     peerKey->keyType               = ecKey;
 
     /* set up EC parameters in peerKey */
-    if (ssl3_ECName2Params(arena, ec_params.data[2], 
-	    &peerKey->u.ec.DEREncodedParams) != SECSuccess) {
-	/* we should never get here since we already 
-	 * checked that we are dealing with a supported curve
-	 */
-	errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
-	goto alert_loser;
+    if (ssl3_ECName2Params(arena, ec_params.data[2],
+            &peerKey->u.ec.DEREncodedParams) != SECSuccess) {
+        /* we should never get here since we already
+         * checked that we are dealing with a supported curve
+         */
+        errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+        goto alert_loser;
     }
 
     /* copy publicValue in peerKey */
     if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue,  &ec_point))
     {
-	PORT_FreeArena(arena, PR_FALSE);
-	goto no_memory;
+        PORT_FreeArena(arena, PR_FALSE);
+        goto no_memory;
     }
     peerKey->pkcs11Slot         = NULL;
     peerKey->pkcs11ID           = CK_INVALID_HANDLE;
@@ -737,7 +747,7 @@
     PORT_SetError( errCode );
     return SECFailure;
 
-no_memory:	/* no-memory error has already been set. */
+no_memory:      /* no-memory error has already been set. */
     ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
     return SECFailure;
 }
@@ -763,104 +773,110 @@
     /* Generate ephemeral ECDH key pair and send the public key */
     curve = ssl3_GetCurveNameForServerSocket(ss);
     if (curve == ec_noName) {
-    	goto loser;
+        goto loser;
     }
-    rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
+
+    if (ss->opt.reuseServerECDHEKey) {
+        rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
+    } else {
+        rv = ssl3_CreateECDHEphemeralKeyPair(curve, &ss->ephemeralECDHKeyPair);
+    }
     if (rv != SECSuccess) {
-	goto loser; 	/* err set by AppendHandshake. */
-    }	    
+        goto loser;
+    }
+
     ecdhePub = ss->ephemeralECDHKeyPair->pubKey;
     PORT_Assert(ecdhePub != NULL);
     if (!ecdhePub) {
-	PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-	return SECFailure;
-    }	
-    
+        PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        return SECFailure;
+    }
+
     ec_params.len  = sizeof paramBuf;
     ec_params.data = paramBuf;
     curve = params2ecName(&ecdhePub->u.ec.DEREncodedParams);
     if (curve != ec_noName) {
-	ec_params.data[0] = ec_type_named;
-	ec_params.data[1] = 0x00;
-	ec_params.data[2] = curve;
+        ec_params.data[0] = ec_type_named;
+        ec_params.data[1] = 0x00;
+        ec_params.data[2] = curve;
     } else {
-	PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-	goto loser;
-    }		
+        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+        goto loser;
+    }
 
     rv = ssl3_ComputeECDHKeyHash(sigAndHash->hashAlg,
-				 ec_params,
-				 ecdhePub->u.ec.publicValue,
-				 &ss->ssl3.hs.client_random,
-				 &ss->ssl3.hs.server_random,
-				 &hashes, ss->opt.bypassPKCS11);
+                                 ec_params,
+                                 ecdhePub->u.ec.publicValue,
+                                 &ss->ssl3.hs.client_random,
+                                 &ss->ssl3.hs.server_random,
+                                 &hashes, ss->opt.bypassPKCS11);
     if (rv != SECSuccess) {
-	ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-	goto loser;
+        ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto loser;
     }
 
     isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
     isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
 
-    /* XXX SSLKEAType isn't really a good choice for 
+    /* XXX SSLKEAType isn't really a good choice for
      * indexing certificates but that's all we have
      * for now.
      */
     if (kea_def->kea == kea_ecdhe_rsa)
-	certIndex = kt_rsa;
+        certIndex = kt_rsa;
     else /* kea_def->kea == kea_ecdhe_ecdsa */
-	certIndex = kt_ecdh;
+        certIndex = kt_ecdh;
 
-    rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, 
-			 &signed_hash, isTLS);
+    rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
+                         &signed_hash, isTLS);
     if (rv != SECSuccess) {
-	goto loser;		/* ssl3_SignHashes has set err. */
+        goto loser;             /* ssl3_SignHashes has set err. */
     }
     if (signed_hash.data == NULL) {
-	/* how can this happen and rv == SECSuccess ?? */
-	PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-	goto loser;
+        /* how can this happen and rv == SECSuccess ?? */
+        PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto loser;
     }
 
-    length = ec_params.len + 
-	     1 + ecdhePub->u.ec.publicValue.len + 
-	     (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
+    length = ec_params.len +
+             1 + ecdhePub->u.ec.publicValue.len +
+             (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
 
     rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
     if (rv != SECSuccess) {
-	goto loser; 	/* err set by AppendHandshake. */
+        goto loser;     /* err set by AppendHandshake. */
     }
 
     rv = ssl3_AppendHandshake(ss, ec_params.data, ec_params.len);
     if (rv != SECSuccess) {
-	goto loser; 	/* err set by AppendHandshake. */
+        goto loser;     /* err set by AppendHandshake. */
     }
 
     rv = ssl3_AppendHandshakeVariable(ss, ecdhePub->u.ec.publicValue.data,
-				      ecdhePub->u.ec.publicValue.len, 1);
+                                      ecdhePub->u.ec.publicValue.len, 1);
     if (rv != SECSuccess) {
-	goto loser; 	/* err set by AppendHandshake. */
+        goto loser;     /* err set by AppendHandshake. */
     }
 
     if (isTLS12) {
-	rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
-	if (rv != SECSuccess) {
-	    goto loser; 	/* err set by AppendHandshake. */
-	}
+        rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
+        if (rv != SECSuccess) {
+            goto loser;         /* err set by AppendHandshake. */
+        }
     }
 
     rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
-				      signed_hash.len, 2);
+                                      signed_hash.len, 2);
     if (rv != SECSuccess) {
-	goto loser; 	/* err set by AppendHandshake. */
+        goto loser;     /* err set by AppendHandshake. */
     }
 
     PORT_Free(signed_hash.data);
     return SECSuccess;
 
 loser:
-    if (signed_hash.data != NULL) 
-    	PORT_Free(signed_hash.data);
+    if (signed_hash.data != NULL)
+        PORT_Free(signed_hash.data);
     return SECFailure;
 }
 
@@ -958,11 +974,11 @@
 ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite)
 {
     if (!suite)
-    	suite = ecSuites;
+        suite = ecSuites;
     for (; *suite; ++suite) {
-	SECStatus rv      = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
+        SECStatus rv      = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
 
-	PORT_Assert(rv == SECSuccess); /* else is coding error */
+        PORT_Assert(rv == SECSuccess); /* else is coding error */
     }
     return SECSuccess;
 }
@@ -977,41 +993,41 @@
 
     svrCert = ss->serverCerts[kt_rsa].serverCert;
     if (!svrCert) {
-	ssl3_DisableECCSuites(ss, ecdhe_rsa_suites);
+        ssl3_DisableECCSuites(ss, ecdhe_rsa_suites);
     }
 
     svrCert = ss->serverCerts[kt_ecdh].serverCert;
     if (!svrCert) {
-	ssl3_DisableECCSuites(ss, ecdh_suites);
-	ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
+        ssl3_DisableECCSuites(ss, ecdh_suites);
+        ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
     } else {
-	SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
+        SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
 
-	switch (sigTag) {
-	case SEC_OID_PKCS1_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
-	    ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
-	    break;
-	case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
-	case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
-	case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
-	case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
-	case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
-	case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
-	case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
-	    ssl3_DisableECCSuites(ss, ecdh_rsa_suites);
-	    break;
-	default:
-	    ssl3_DisableECCSuites(ss, ecdh_suites);
-	    break;
-	}
+        switch (sigTag) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+            ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
+            break;
+        case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
+        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
+            ssl3_DisableECCSuites(ss, ecdh_rsa_suites);
+            break;
+        default:
+            ssl3_DisableECCSuites(ss, ecdh_suites);
+            break;
+        }
     }
 }
 
@@ -1026,18 +1042,18 @@
     /* make sure we can do ECC */
     slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE,  ss->pkcs11PinArg);
     if (!slot) {
-	return PR_FALSE;
+        return PR_FALSE;
     }
     PK11_FreeSlot(slot);
 
     /* make sure an ECC cipher is enabled */
     for (suite = ecSuites; *suite; ++suite) {
-	PRBool    enabled = PR_FALSE;
-	SECStatus rv      = ssl3_CipherPrefGet(ss, *suite, &enabled);
+        PRBool    enabled = PR_FALSE;
+        SECStatus rv      = ssl3_CipherPrefGet(ss, *suite, &enabled);
 
-	PORT_Assert(rv == SECSuccess); /* else is coding error */
-	if (rv == SECSuccess && enabled)
-	    return PR_TRUE;
+        PORT_Assert(rv == SECSuccess); /* else is coding error */
+        if (rv == SECSuccess && enabled)
+            return PR_TRUE;
     }
     return PR_FALSE;
 }
@@ -1045,7 +1061,7 @@
 #define BE(n) 0, n
 
 /* Prefabricated TLS client hello extension, Elliptic Curves List,
- * offers only 3 curves, the Suite B curves, 23-25 
+ * offers only 3 curves, the Suite B curves, 23-25
  */
 static const PRUint8 suiteBECList[12] = {
     BE(10),         /* Extension type */
@@ -1061,9 +1077,9 @@
     BE(10),         /* Extension type */
     BE(52),         /* octets that follow (25 pairs + 1 length pair) */
     BE(50),         /* octets that follow (25 pairs) */
-            BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7), 
-    BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15), 
-    BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23), 
+            BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7),
+    BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15),
+    BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23),
     BE(24), BE(25)
 };
 
@@ -1087,12 +1103,12 @@
     /* See if we can support small curves (like 163). If not, assume we can
      * only support Suite-B curves (P-256, P-384, P-521). */
     PK11SlotInfo *slot =
-	PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
-				       ss ? ss->pkcs11PinArg : NULL);
+        PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
+                                       ss ? ss->pkcs11PinArg : NULL);
 
     if (!slot) {
-	/* nope, presume we can only do suite B */
-	return PR_TRUE;
+        /* nope, presume we can only do suite B */
+        return PR_TRUE;
     }
     /* we can, presume we can do all curves */
     PK11_FreeSlot(slot);
@@ -1107,33 +1123,33 @@
  */
 PRInt32
 ssl3_SendSupportedCurvesXtn(
-			sslSocket * ss,
-			PRBool      append,
-			PRUint32    maxBytes)
+                        sslSocket * ss,
+                        PRBool      append,
+                        PRUint32    maxBytes)
 {
     PRInt32 ecListSize = 0;
     const PRUint8 *ecList = NULL;
 
     if (!ss || !ssl3_IsECCEnabled(ss))
-    	return 0;
+        return 0;
 
     if (ssl3_SuiteBOnly(ss)) {
-	ecListSize = sizeof suiteBECList;
-	ecList = suiteBECList;
+        ecListSize = sizeof suiteBECList;
+        ecList = suiteBECList;
     } else {
-	ecListSize = sizeof tlsECList;
-	ecList = tlsECList;
+        ecListSize = sizeof tlsECList;
+        ecList = tlsECList;
     }
- 
+
     if (append && maxBytes >= ecListSize) {
-	SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
-	if (rv != SECSuccess)
-	    return -1;
-	if (!ss->sec.isServer) {
-	    TLSExtensionData *xtnData = &ss->xtnData;
-	    xtnData->advertised[xtnData->numAdvertised++] =
-		ssl_elliptic_curves_xtn;
-	}
+        SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
+        if (rv != SECSuccess)
+            return -1;
+        if (!ss->sec.isServer) {
+            TLSExtensionData *xtnData = &ss->xtnData;
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_elliptic_curves_xtn;
+        }
     }
     return ecListSize;
 }
@@ -1142,7 +1158,7 @@
 ssl3_GetSupportedECCurveMask(sslSocket *ss)
 {
     if (ssl3_SuiteBOnly(ss)) {
-	return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
+        return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
     }
     return SSL3_ALL_SUPPORTED_CURVES_MASK;
 }
@@ -1152,21 +1168,21 @@
  */
 PRInt32
 ssl3_SendSupportedPointFormatsXtn(
-			sslSocket * ss,
-			PRBool      append,
-			PRUint32    maxBytes)
+                        sslSocket * ss,
+                        PRBool      append,
+                        PRUint32    maxBytes)
 {
     if (!ss || !ssl3_IsECCEnabled(ss))
-    	return 0;
+        return 0;
     if (append && maxBytes >= (sizeof ecPtFmt)) {
-	SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
-	if (rv != SECSuccess)
-	    return -1;
-	if (!ss->sec.isServer) {
-	    TLSExtensionData *xtnData = &ss->xtnData;
-	    xtnData->advertised[xtnData->numAdvertised++] =
-		ssl_ec_point_formats_xtn;
-	}
+        SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
+        if (rv != SECSuccess)
+            return -1;
+        if (!ss->sec.isServer) {
+            TLSExtensionData *xtnData = &ss->xtnData;
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_ec_point_formats_xtn;
+        }
     }
     return (sizeof ecPtFmt);
 }
@@ -1182,17 +1198,17 @@
 
     if (data->len < 2 || data->len > 255 || !data->data ||
         data->len != (unsigned int)data->data[0] + 1) {
-    	/* malformed */
-	goto loser;
+        /* malformed */
+        goto loser;
     }
     for (i = data->len; --i > 0; ) {
-    	if (data->data[i] == 0) {
-	    /* indicate that we should send a reply */
-	    SECStatus rv;
-	    rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-			      &ssl3_SendSupportedPointFormatsXtn);
-	    return rv;
-	}
+        if (data->data[i] == 0) {
+            /* indicate that we should send a reply */
+            SECStatus rv;
+            rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
+                              &ssl3_SendSupportedPointFormatsXtn);
+            return rv;
+        }
     }
 loser:
     /* evil client doesn't support uncompressed */
@@ -1206,14 +1222,14 @@
     ss->serverCerts[type].serverKeyPair->pubKey : NULL)
 
 /* Extract the TLS curve name for the public key in our EC server cert. */
-ECName ssl3_GetSvrCertCurveName(sslSocket *ss) 
+ECName ssl3_GetSvrCertCurveName(sslSocket *ss)
 {
-    SECKEYPublicKey       *srvPublicKey; 
-    ECName		  ec_curve       = ec_noName;
+    SECKEYPublicKey       *srvPublicKey;
+    ECName                ec_curve       = ec_noName;
 
     srvPublicKey = SSL3_GET_SERVER_PUBLICKEY(ss, kt_ecdh);
     if (srvPublicKey) {
-	ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams);
+        ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams);
     }
     return ec_curve;
 }
@@ -1230,37 +1246,37 @@
     PRUint16 svrCertCurveName;
 
     if (!data->data || data->len < 4 || data->len > 65535)
-    	goto loser;
+        goto loser;
     /* get the length of elliptic_curve_list */
     list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
     if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) {
-    	/* malformed */
-	goto loser;
+        /* malformed */
+        goto loser;
     }
     /* build bit vector of peer's supported curve names */
     while (data->len) {
-	PRInt32  curve_name = 
-		 ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
-	if (curve_name > ec_noName && curve_name < ec_pastLastName) {
-	    peerCurves |= (1U << curve_name);
-	}
+        PRInt32  curve_name =
+                 ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
+        if (curve_name > ec_noName && curve_name < ec_pastLastName) {
+            peerCurves |= (1U << curve_name);
+        }
     }
     /* What curves do we support in common? */
     mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves;
     if (!mutualCurves) { /* no mutually supported EC Curves */
-    	goto loser;
+        goto loser;
     }
 
-    /* if our ECC cert doesn't use one of these supported curves, 
-     * disable ECC cipher suites that require an ECC cert. 
+    /* if our ECC cert doesn't use one of these supported curves,
+     * disable ECC cipher suites that require an ECC cert.
      */
     svrCertCurveName = ssl3_GetSvrCertCurveName(ss);
     if (svrCertCurveName != ec_noName &&
         (mutualCurves & (1U << svrCertCurveName)) != 0) {
-	return SECSuccess;
+        return SECSuccess;
     }
     /* Our EC cert doesn't contain a mutually supported curve.
-     * Disable all ECC cipher suites that require an EC cert 
+     * Disable all ECC cipher suites that require an EC cert
      */
     ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
     ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
@@ -1272,4 +1288,4 @@
     return SECFailure;
 }
 
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
index f6530fe7..697a313 100644
--- a/net/third_party/nss/ssl/ssl3ext.c
+++ b/net/third_party/nss/ssl/ssl3ext.c
@@ -48,20 +48,20 @@
 #endif
 static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss,
     PRBool append, PRUint32 maxBytes);
-static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, 
+static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss,
     PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
-			PRUint16 ex_type, SECItem *data);
+                        PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss,
-			PRUint16 ex_type, SECItem *data);
+                        PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
-			PRUint16 ex_type, SECItem *data);
+                        PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type,
                                               SECItem *data);
 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
                                                PRUint32 maxBytes);
 static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append,
-					  PRUint32 maxBytes);
+                                          PRUint32 maxBytes);
 static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append,
                                           PRUint32 maxBytes);
 static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append,
@@ -72,7 +72,7 @@
     PRUint16 ex_type, SECItem *data);
 static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
     PRUint32 maxBytes);
-static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
+static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
     PRBool append, PRUint32 maxBytes);
 static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
     PRUint16 ex_type, SECItem *data);
@@ -86,11 +86,16 @@
 static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
                                              SECItem *data);
 static PRInt32 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss,
-						     PRBool append,
-						     PRUint32 maxBytes);
+                                                     PRBool append,
+                                                     PRUint32 maxBytes);
 static SECStatus ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss,
-							 PRUint16 ex_type,
-							 SECItem *data);
+                                                         PRUint16 ex_type,
+                                                         SECItem *data);
+
+static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append,
+                                              PRUint32 maxBytes);
+static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type,
+                                                  SECItem *data);
 
 /*
  * Write bytes.  Using this function means the SECItem structure
@@ -101,7 +106,7 @@
 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes)
 {
     if (bytes > item->len)
-	return SECFailure;
+        return SECFailure;
 
     PORT_Memcpy(item->data, buf, bytes);
     item->data += bytes;
@@ -123,13 +128,13 @@
 
     switch (lenSize) {
     case 4:
-	*p++ = (PRUint8) (num >> 24);
+        *p++ = (PRUint8) (num >> 24);
     case 3:
-	*p++ = (PRUint8) (num >> 16);
+        *p++ = (PRUint8) (num >> 16);
     case 2:
-	*p++ = (PRUint8) (num >> 8);
+        *p++ = (PRUint8) (num >> 8);
     case 1:
-	*p = (PRUint8) num;
+        *p = (PRUint8) num;
     }
     rv = ssl3_AppendToItem(item, &b[0], lenSize);
     return rv;
@@ -138,15 +143,15 @@
 static SECStatus ssl3_SessionTicketShutdown(void* appData, void* nssData)
 {
     if (session_ticket_enc_key_pkcs11) {
-	PK11_FreeSymKey(session_ticket_enc_key_pkcs11);
-	session_ticket_enc_key_pkcs11 = NULL;
+        PK11_FreeSymKey(session_ticket_enc_key_pkcs11);
+        session_ticket_enc_key_pkcs11 = NULL;
     }
     if (session_ticket_mac_key_pkcs11) {
-	PK11_FreeSymKey(session_ticket_mac_key_pkcs11);
-	session_ticket_mac_key_pkcs11 = NULL;
+        PK11_FreeSymKey(session_ticket_mac_key_pkcs11);
+        session_ticket_mac_key_pkcs11 = NULL;
     }
     PORT_Memset(&generate_session_keys_once, 0,
-	sizeof(generate_session_keys_once));
+        sizeof(generate_session_keys_once));
     return SECSuccess;
 }
 
@@ -160,22 +165,22 @@
     SECKEYPublicKey *svrPubKey = ss->serverCerts[kt_rsa].serverKeyPair->pubKey;
 
     if (svrPrivKey == NULL || svrPubKey == NULL) {
-	SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.",
-			SSL_GETPID(), ss->fd));
-	goto loser;
+        SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.",
+                        SSL_GETPID(), ss->fd));
+        goto loser;
     }
 
     /* Get a copy of the session keys from shared memory. */
     PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX,
-	sizeof(SESS_TICKET_KEY_NAME_PREFIX));
+        sizeof(SESS_TICKET_KEY_NAME_PREFIX));
     if (!ssl_GetSessionTicketKeysPKCS11(svrPrivKey, svrPubKey,
-	    ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
-	    &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11))
-	return PR_FAILURE;
+            ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
+            &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11))
+        return PR_FAILURE;
 
     rv = NSS_RegisterShutdown(ssl3_SessionTicketShutdown, NULL);
     if (rv != SECSuccess)
-	goto loser;
+        goto loser;
 
     return PR_SUCCESS;
 
@@ -189,12 +194,12 @@
                                 PK11SymKey **mac_key)
 {
     if (PR_CallOnceWithArg(&generate_session_keys_once,
-	    ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS)
-	return SECFailure;
+            ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS)
+        return SECFailure;
 
     if (session_ticket_enc_key_pkcs11 == NULL ||
-	session_ticket_mac_key_pkcs11 == NULL)
-	return SECFailure;
+        session_ticket_mac_key_pkcs11 == NULL)
+        return SECFailure;
 
     *aes_key = session_ticket_enc_key_pkcs11;
     *mac_key = session_ticket_mac_key_pkcs11;
@@ -206,11 +211,11 @@
 ssl3_GenerateSessionTicketKeys(void)
 {
     PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX,
-	sizeof(SESS_TICKET_KEY_NAME_PREFIX));
+        sizeof(SESS_TICKET_KEY_NAME_PREFIX));
 
     if (!ssl_GetSessionTicketKeys(&key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
-	    session_ticket_enc_key, session_ticket_mac_key))
-	return PR_FAILURE;
+            session_ticket_enc_key, session_ticket_mac_key))
+        return PR_FAILURE;
 
     session_ticket_keys_initialized = PR_TRUE;
     return PR_SUCCESS;
@@ -222,11 +227,11 @@
     PRUint32 *mac_key_length)
 {
     if (PR_CallOnce(&generate_session_keys_once,
-	    ssl3_GenerateSessionTicketKeys) != PR_SUCCESS)
-	return SECFailure;
+            ssl3_GenerateSessionTicketKeys) != PR_SUCCESS)
+        return SECFailure;
 
     if (!session_ticket_keys_initialized)
-	return SECFailure;
+        return SECFailure;
 
     *aes_key = session_ticket_enc_key;
     *aes_key_length = sizeof(session_ticket_enc_key);
@@ -244,7 +249,7 @@
 /* This table is used by the server, to handle client hello extensions. */
 static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
     { ssl_server_name_xtn,        &ssl3_HandleServerNameXtn },
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     { ssl_elliptic_curves_xtn,    &ssl3_HandleSupportedCurvesXtn },
     { ssl_ec_point_formats_xtn,   &ssl3_HandleSupportedPointFormatsXtn },
 #endif
@@ -255,6 +260,7 @@
     { ssl_use_srtp_xtn,           &ssl3_HandleUseSRTPXtn },
     { ssl_cert_status_xtn,        &ssl3_ServerHandleStatusRequestXtn },
     { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
+    { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn },
     { -1, NULL }
 };
 
@@ -286,11 +292,11 @@
  * The server's table of hello senders is dynamic, in the socket struct,
  * and sender functions are registered there.
  */
-static const 
+static const
 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
     { ssl_server_name_xtn,        &ssl3_SendServerNameXtn        },
     { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     { ssl_elliptic_curves_xtn,    &ssl3_SendSupportedCurvesXtn },
     { ssl_ec_point_formats_xtn,   &ssl3_SendSupportedPointFormatsXtn },
 #endif
@@ -303,13 +309,15 @@
     { ssl_signed_certificate_timestamp_xtn,
       &ssl3_ClientSendSignedCertTimestampXtn },
     /* WebSphere Application Server 7.0 is intolerant to the last extension
-     * being zero-length. It is not intolerant of TLS 1.2, so move
-     * signature_algorithms to the end. */
-    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
+     * being zero-length. It is not intolerant of TLS 1.2, so ensure that
+     * signature_algorithms is at the end to guarantee a non-empty
+     * extension. */
+    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+    { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
     /* any extra entries will appear as { 0, NULL }    */
 };
 
-static const 
+static const
 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
     { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
     /* any extra entries will appear as { 0, NULL }    */
@@ -320,8 +328,8 @@
 {
     int i;
     for (i = 0; i < len; i++) {
-	if (ex_type == array[i])
-	    return PR_TRUE;
+        if (ex_type == array[i])
+            return PR_TRUE;
     }
     return PR_FALSE;
 }
@@ -330,14 +338,14 @@
 ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) {
     TLSExtensionData *xtnData = &ss->xtnData;
     return arrayContainsExtension(xtnData->negotiated,
-	                          xtnData->numNegotiated, ex_type);
+                                  xtnData->numNegotiated, ex_type);
 }
 
 static PRBool
 ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) {
     TLSExtensionData *xtnData = &ss->xtnData;
     return arrayContainsExtension(xtnData->advertised,
-	                          xtnData->numAdvertised, ex_type);
+                                  xtnData->numAdvertised, ex_type);
 }
 
 /* Format an SNI extension, using the name from the socket's URL,
@@ -350,11 +358,11 @@
 {
     SECStatus rv;
     if (!ss)
-    	return 0;
+        return 0;
     if (!ss->sec.isServer) {
         PRUint32 len;
         PRNetAddr netAddr;
-        
+
         /* must have a hostname */
         if (!ss->url || !ss->url[0])
             return 0;
@@ -366,10 +374,10 @@
         len  = PORT_Strlen(ss->url);
         if (append && maxBytes >= len + 9) {
             /* extension_type */
-            rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2); 
+            rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
             if (rv != SECSuccess) return -1;
             /* length of extension_data */
-            rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2); 
+            rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2);
             if (rv != SECSuccess) return -1;
             /* length of server_name_list */
             rv = ssl3_AppendHandshakeNumber(ss, len + 3, 2);
@@ -382,8 +390,8 @@
             if (rv != SECSuccess) return -1;
             if (!ss->sec.isServer) {
                 TLSExtensionData *xtnData = &ss->xtnData;
-                xtnData->advertised[xtnData->numAdvertised++] = 
-		    ssl_server_name_xtn;
+                xtnData->advertised[xtnData->numAdvertised++] =
+                    ssl_server_name_xtn;
             }
         }
         return len + 9;
@@ -425,7 +433,7 @@
         return SECSuccess;
     }
     /* length of server_name_list */
-    listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); 
+    listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
     if (listLenBytes == 0 || listLenBytes != data->len) {
         return SECFailure;
     }
@@ -436,7 +444,7 @@
         SECStatus rv;
         PRInt32  type;
         /* Name Type (sni_host_name) */
-        type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); 
+        type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len);
         if (!ldata.len) {
             return SECFailure;
         }
@@ -464,7 +472,7 @@
         SECStatus rv;
         PRBool nametypePresent = PR_FALSE;
         /* Name Type (sni_host_name) */
-        type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); 
+        type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len);
         /* Check if we have such type in the list */
         for (j = 0;j < listCount && names[j].data;j++) {
             if (names[j].type == type) {
@@ -496,16 +504,16 @@
     PORT_Free(names);
     return SECFailure;
 }
-        
+
 /* Called by both clients and servers.
  * Clients sends a filled in session ticket if one is available, and otherwise
  * sends an empty ticket.  Servers always send empty tickets.
  */
 PRInt32
 ssl3_SendSessionTicketXtn(
-			sslSocket * ss,
-			PRBool      append,
-			PRUint32    maxBytes)
+                        sslSocket * ss,
+                        PRBool      append,
+                        PRUint32    maxBytes)
 {
     PRInt32 extension_length;
     NewSessionTicket *session_ticket = NULL;
@@ -513,7 +521,7 @@
 
     /* Ignore the SessionTicket extension if processing is disabled. */
     if (!ss->opt.enableSessionTickets)
-	return 0;
+        return 0;
 
     /* Empty extension length = extension_type (2-bytes) +
      * length(extension_data) (2-bytes)
@@ -525,53 +533,53 @@
      * the extension always respond with an empty extension.
      */
     if (!ss->sec.isServer) {
-	/* The caller must be holding sid->u.ssl3.lock for reading. We cannot
-	 * just acquire and release the lock within this function because the
-	 * caller will call this function twice, and we need the inputs to be
-	 * consistent between the two calls. Note that currently the caller
-	 * will only be holding the lock when we are the client and when we're
-	 * attempting to resume an existing session.
-	 */
+        /* The caller must be holding sid->u.ssl3.lock for reading. We cannot
+         * just acquire and release the lock within this function because the
+         * caller will call this function twice, and we need the inputs to be
+         * consistent between the two calls. Note that currently the caller
+         * will only be holding the lock when we are the client and when we're
+         * attempting to resume an existing session.
+         */
 
-	session_ticket = &sid->u.ssl3.locked.sessionTicket;
-	if (session_ticket->ticket.data) {
-	    if (ss->xtnData.ticketTimestampVerified) {
-		extension_length += session_ticket->ticket.len;
-	    } else if (!append &&
-		(session_ticket->ticket_lifetime_hint == 0 ||
-		(session_ticket->ticket_lifetime_hint +
-		    session_ticket->received_timestamp > ssl_Time()))) {
-		extension_length += session_ticket->ticket.len;
-		ss->xtnData.ticketTimestampVerified = PR_TRUE;
-	    }
-	}
+        session_ticket = &sid->u.ssl3.locked.sessionTicket;
+        if (session_ticket->ticket.data) {
+            if (ss->xtnData.ticketTimestampVerified) {
+                extension_length += session_ticket->ticket.len;
+            } else if (!append &&
+                (session_ticket->ticket_lifetime_hint == 0 ||
+                (session_ticket->ticket_lifetime_hint +
+                    session_ticket->received_timestamp > ssl_Time()))) {
+                extension_length += session_ticket->ticket.len;
+                ss->xtnData.ticketTimestampVerified = PR_TRUE;
+            }
+        }
     }
 
     if (append && maxBytes >= extension_length) {
-	SECStatus rv;
-	/* extension_type */
+        SECStatus rv;
+        /* extension_type */
         rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2);
         if (rv != SECSuccess)
-	    goto loser;
-	if (session_ticket && session_ticket->ticket.data &&
-	    ss->xtnData.ticketTimestampVerified) {
-	    rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data,
-		session_ticket->ticket.len, 2);
-	    ss->xtnData.ticketTimestampVerified = PR_FALSE;
-	    ss->xtnData.sentSessionTicketInClientHello = PR_TRUE;
-	} else {
-	    rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-	}
+            goto loser;
+        if (session_ticket && session_ticket->ticket.data &&
+            ss->xtnData.ticketTimestampVerified) {
+            rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data,
+                session_ticket->ticket.len, 2);
+            ss->xtnData.ticketTimestampVerified = PR_FALSE;
+            ss->xtnData.sentSessionTicketInClientHello = PR_TRUE;
+        } else {
+            rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+        }
         if (rv != SECSuccess)
-	    goto loser;
+            goto loser;
 
-	if (!ss->sec.isServer) {
-	    TLSExtensionData *xtnData = &ss->xtnData;
-	    xtnData->advertised[xtnData->numAdvertised++] = 
-		ssl_session_ticket_xtn;
-	}
+        if (!ss->sec.isServer) {
+            TLSExtensionData *xtnData = &ss->xtnData;
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_session_ticket_xtn;
+        }
     } else if (maxBytes < extension_length) {
-	PORT_Assert(0);
+        PORT_Assert(0);
         return 0;
     }
     return extension_length;
@@ -587,9 +595,9 @@
                                   SECItem *data)
 {
     if (ss->firstHsDone || data->len != 0) {
-	/* Clients MUST send an empty NPN extension, if any. */
-	PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-	return SECFailure;
+        /* Clients MUST send an empty NPN extension, if any. */
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
     }
 
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -610,20 +618,20 @@
     unsigned int offset = 0;
 
     while (offset < length) {
-	unsigned int newOffset = offset + 1 + (unsigned int) data[offset];
-	/* Reject embedded nulls to protect against buggy applications that
-	 * store protocol identifiers in null-terminated strings.
-	 */
-	if (newOffset > length || data[offset] == 0) {
-	    PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-	    return SECFailure;
-	}
-	offset = newOffset;
+        unsigned int newOffset = offset + 1 + (unsigned int) data[offset];
+        /* Reject embedded nulls to protect against buggy applications that
+         * store protocol identifiers in null-terminated strings.
+         */
+        if (newOffset > length || data[offset] == 0) {
+            PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+            return SECFailure;
+        }
+        offset = newOffset;
     }
 
     if (offset > length) {
-	PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-	return SECFailure;
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
     }
 
     return SECSuccess;
@@ -719,13 +727,14 @@
     PORT_Assert(!ss->firstHsDone);
 
     if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) {
-	/* If the server negotiated ALPN then it has already told us what protocol
-	 * to use, so it doesn't make sense for us to try to negotiate a different
-	 * one by sending the NPN handshake message. However, if we've negotiated
-	 * NPN then we're required to send the NPN handshake message. Thus, these
-	 * two extensions cannot both be negotiated on the same connection. */
-	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-	return SECFailure;
+        /* If the server negotiated ALPN then it has already told us what
+         * protocol to use, so it doesn't make sense for us to try to negotiate
+         * a different one by sending the NPN handshake message. However, if
+         * we've negotiated NPN then we're required to send the NPN handshake
+         * message. Thus, these two extensions cannot both be negotiated on the
+         * same connection. */
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
     }
 
     /* We should only get this call if we sent the extension, so
@@ -733,8 +742,8 @@
      * that an application erroneously cleared the callback between the time
      * we sent the ClientHello and now. */
     if (!ss->nextProtoCallback) {
-	PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
-	return SECFailure;
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
+        return SECFailure;
     }
 
     return ssl3_SelectAppProtocol(ss, ex_type, data);
@@ -748,8 +757,8 @@
     SECItem protocol_name;
 
     if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) {
-	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
     }
 
     /* The extension data from the server has the following format:
@@ -757,15 +766,15 @@
      *   uint8 len;
      *   uint8 protocol_name[len]; */
     if (data->len < 4 || data->len > 2 + 1 + 255) {
-	PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-	return SECFailure;
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
     }
 
     name_list_len = ((PRUint16) d[0]) << 8 |
-	            ((PRUint16) d[1]);
+                    ((PRUint16) d[1]);
     if (name_list_len != data->len - 2 || d[2] != data->len - 3) {
-	PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-	return SECFailure;
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
     }
 
     protocol_name.data = data->data + 3;
@@ -779,29 +788,29 @@
 
 static PRInt32
 ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append,
-				PRUint32 maxBytes)
+                                PRUint32 maxBytes)
 {
     PRInt32 extension_length;
 
     /* Renegotiations do not send this extension. */
     if (!ss->opt.enableNPN || !ss->nextProtoCallback || ss->firstHsDone) {
-	return 0;
+        return 0;
     }
 
     extension_length = 4;
 
     if (append && maxBytes >= extension_length) {
-	SECStatus rv;
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
-	if (rv != SECSuccess)
-	    goto loser;
-	rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-	if (rv != SECSuccess)
-	    goto loser;
-	ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-		ssl_next_proto_nego_xtn;
+        SECStatus rv;
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+                ssl_next_proto_nego_xtn;
     } else if (maxBytes < extension_length) {
-	return 0;
+        return 0;
     }
 
     return extension_length;
@@ -818,62 +827,62 @@
 
     /* Renegotiations do not send this extension. */
     if (!ss->opt.enableALPN || !ss->opt.nextProtoNego.data || ss->firstHsDone) {
-	return 0;
+        return 0;
     }
 
     extension_length = 2 /* extension type */ + 2 /* extension length */ +
-		       2 /* protocol name list length */ +
-		       ss->opt.nextProtoNego.len;
+                       2 /* protocol name list length */ +
+                       ss->opt.nextProtoNego.len;
 
     if (append && maxBytes >= extension_length) {
-	/* NPN requires that the client's fallback protocol is first in the
-	 * list. However, ALPN sends protocols in preference order. So we
-	 * allocate a buffer and move the first protocol to the end of the
-	 * list. */
-	SECStatus rv;
-	const unsigned int len = ss->opt.nextProtoNego.len;
+        /* NPN requires that the client's fallback protocol is first in the
+         * list. However, ALPN sends protocols in preference order. So we
+         * allocate a buffer and move the first protocol to the end of the
+         * list. */
+        SECStatus rv;
+        const unsigned int len = ss->opt.nextProtoNego.len;
 
-	alpn_protos = PORT_Alloc(len);
-	if (alpn_protos == NULL) {
-	    return SECFailure;
-	}
-	if (len > 0) {
-	    /* Each protocol string is prefixed with a single byte length. */
-	    unsigned int i = ss->opt.nextProtoNego.data[0] + 1;
-	    if (i <= len) {
-		memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
-		memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
-	    } else {
-		/* This seems to be invalid data so we'll send as-is. */
-		memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
-	    }
-	}
+        alpn_protos = PORT_Alloc(len);
+        if (alpn_protos == NULL) {
+            return SECFailure;
+        }
+        if (len > 0) {
+            /* Each protocol string is prefixed with a single byte length. */
+            unsigned int i = ss->opt.nextProtoNego.data[0] + 1;
+            if (i <= len) {
+                memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
+                memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
+            } else {
+                /* This seems to be invalid data so we'll send as-is. */
+                memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
+            }
+        }
 
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
-	if (rv != SECSuccess) {
-	    goto loser;
-	}
-	rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-	if (rv != SECSuccess) {
-	    goto loser;
-	}
-	rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2);
-	PORT_Free(alpn_protos);
-	alpn_protos = NULL;
-	if (rv != SECSuccess) {
-	    goto loser;
-	}
-	ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-		ssl_app_layer_protocol_xtn;
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2);
+        PORT_Free(alpn_protos);
+        alpn_protos = NULL;
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+                ssl_app_layer_protocol_xtn;
     } else if (maxBytes < extension_length) {
-	return 0;
+        return 0;
     }
 
     return extension_length;
 
 loser:
     if (alpn_protos) {
-	PORT_Free(alpn_protos);
+        PORT_Free(alpn_protos);
     }
     return -1;
 }
@@ -883,6 +892,7 @@
 {
     PRInt32 extension_length;
 
+    /* we're in over our heads if any of these fail */
     PORT_Assert(ss->opt.enableALPN);
     PORT_Assert(ss->ssl3.nextProto.data);
     PORT_Assert(ss->ssl3.nextProto.len > 0);
@@ -979,8 +989,9 @@
                                  SECItem *data)
 {
     /* The echoed extension must be empty. */
-    if (data->len != 0)
-       return SECFailure;
+    if (data->len != 0) {
+       return SECSuccess;  /* Ignore the extension. */
+    }
 
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -990,9 +1001,9 @@
 
 static PRInt32
 ssl3_ServerSendStatusRequestXtn(
-			sslSocket * ss,
-			PRBool      append,
-			PRUint32    maxBytes)
+                        sslSocket * ss,
+                        PRBool      append,
+                        PRUint32    maxBytes)
 {
     PRInt32 extension_length;
     SECStatus rv;
@@ -1000,29 +1011,29 @@
     PRBool haveStatus = PR_FALSE;
 
     for (i = kt_null; i < kt_kea_size; i++) {
-	/* TODO: This is a temporary workaround.
-	 *       The correct code needs to see if we have an OCSP response for
-	 *       the server certificate being used, rather than if we have any
-	 *       OCSP response. See also ssl3_SendCertificateStatus.
-	 */
-	if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) {
-	    haveStatus = PR_TRUE;
-	    break;
-	}
+        /* TODO: This is a temporary workaround.
+         *       The correct code needs to see if we have an OCSP response for
+         *       the server certificate being used, rather than if we have any
+         *       OCSP response. See also ssl3_SendCertificateStatus.
+         */
+        if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) {
+            haveStatus = PR_TRUE;
+            break;
+        }
     }
     if (!haveStatus)
-	return 0;
+        return 0;
 
     extension_length = 2 + 2;
     if (append && maxBytes >= extension_length) {
-	/* extension_type */
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
-	if (rv != SECSuccess)
-	    return -1;
-	/* length of extension_data */
-	rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-	if (rv != SECSuccess)
-	    return -1;
+        /* extension_type */
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* length of extension_data */
+        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
     }
 
     return extension_length;
@@ -1132,14 +1143,14 @@
                                           * must be >= 0 */
 
     SSL_TRC(3, ("%d: SSL3[%d]: send session_ticket handshake",
-		SSL_GETPID(), ss->fd));
+                SSL_GETPID(), ss->fd));
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     ticket.ticket_lifetime_hint = TLS_EX_SESS_TICKET_LIFETIME_HINT;
     cert_length = (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) ?
-	3 + ss->sec.ci.sid->peerCert->derCert.len : 0;
+        3 + ss->sec.ci.sid->peerCert->derCert.len : 0;
 
     /* Get IV and encryption keys */
     ivItem.data = iv;
@@ -1149,47 +1160,47 @@
 
 #ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
-	rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
-	    &mac_key, &mac_key_length);
-    } else 
+        rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
+            &mac_key, &mac_key_length);
+    } else
 #endif
     {
-	rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
-	    &mac_key_pkcs11);
+        rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
+            &mac_key_pkcs11);
     }
     if (rv != SECSuccess) goto loser;
 
     if (ss->ssl3.pwSpec->msItem.len && ss->ssl3.pwSpec->msItem.data) {
-	/* The master secret is available unwrapped. */
-	ms_item.data = ss->ssl3.pwSpec->msItem.data;
-	ms_item.len = ss->ssl3.pwSpec->msItem.len;
-	ms_is_wrapped = PR_FALSE;
+        /* The master secret is available unwrapped. */
+        ms_item.data = ss->ssl3.pwSpec->msItem.data;
+        ms_item.len = ss->ssl3.pwSpec->msItem.len;
+        ms_is_wrapped = PR_FALSE;
     } else {
-	/* Extract the master secret wrapped. */
-	sslSessionID sid;
-	PORT_Memset(&sid, 0, sizeof(sslSessionID));
+        /* Extract the master secret wrapped. */
+        sslSessionID sid;
+        PORT_Memset(&sid, 0, sizeof(sslSessionID));
 
-	if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
-	    effectiveExchKeyType = kt_rsa;
-	} else {
-	    effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
-	}
+        if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
+            effectiveExchKeyType = kt_rsa;
+        } else {
+            effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
+        }
 
-	rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec,
-	    effectiveExchKeyType);
-	if (rv == SECSuccess) {
-	    if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
-		goto loser;
-	    memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
-		sid.u.ssl3.keys.wrapped_master_secret_len);
-	    ms_item.data = wrapped_ms;
-	    ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
-	    msWrapMech = sid.u.ssl3.masterWrapMech;
-	} else {
-	    /* TODO: else send an empty ticket. */
-	    goto loser;
-	}
-	ms_is_wrapped = PR_TRUE;
+        rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec,
+            effectiveExchKeyType);
+        if (rv == SECSuccess) {
+            if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
+                goto loser;
+            memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
+                sid.u.ssl3.keys.wrapped_master_secret_len);
+            ms_item.data = wrapped_ms;
+            ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
+            msWrapMech = sid.u.ssl3.masterWrapMech;
+        } else {
+            /* TODO: else send an empty ticket. */
+            goto loser;
+        }
+        ms_is_wrapped = PR_TRUE;
     }
     /* Prep to send negotiated name */
     srvName = &ss->ssl3.pwSpec->srvVirtName;
@@ -1197,55 +1208,55 @@
         srvNameLen = 2 + srvName->len; /* len bytes + name len */
     }
 
-    ciphertext_length = 
-	sizeof(PRUint16)                     /* ticket_version */
-	+ sizeof(SSL3ProtocolVersion)        /* ssl_version */
-	+ sizeof(ssl3CipherSuite)            /* ciphersuite */
-	+ 1                                  /* compression */
-	+ 10                                 /* cipher spec parameters */
-	+ 1                                  /* SessionTicket.ms_is_wrapped */
-	+ 1                                  /* effectiveExchKeyType */
-	+ 4                                  /* msWrapMech */
-	+ 2                                  /* master_secret.length */
-	+ ms_item.len                        /* master_secret */
-	+ 1                                  /* client_auth_type */
-	+ cert_length                        /* cert */
+    ciphertext_length =
+        sizeof(PRUint16)                     /* ticket_version */
+        + sizeof(SSL3ProtocolVersion)        /* ssl_version */
+        + sizeof(ssl3CipherSuite)            /* ciphersuite */
+        + 1                                  /* compression */
+        + 10                                 /* cipher spec parameters */
+        + 1                                  /* SessionTicket.ms_is_wrapped */
+        + 1                                  /* effectiveExchKeyType */
+        + 4                                  /* msWrapMech */
+        + 2                                  /* master_secret.length */
+        + ms_item.len                        /* master_secret */
+        + 1                                  /* client_auth_type */
+        + cert_length                        /* cert */
         + 1                                  /* server name type */
         + srvNameLen                         /* name len + length field */
-	+ sizeof(ticket.ticket_lifetime_hint);
+        + sizeof(ticket.ticket_lifetime_hint);
     padding_length =  AES_BLOCK_SIZE -
-	(ciphertext_length % AES_BLOCK_SIZE);
+        (ciphertext_length % AES_BLOCK_SIZE);
     ciphertext_length += padding_length;
 
     message_length =
-	sizeof(ticket.ticket_lifetime_hint)    /* ticket_lifetime_hint */
-	+ 2 /* length field for NewSessionTicket.ticket */
-	+ SESS_TICKET_KEY_NAME_LEN             /* key_name */
-	+ AES_BLOCK_SIZE                       /* iv */
-	+ 2 /* length field for NewSessionTicket.ticket.encrypted_state */
-	+ ciphertext_length                    /* encrypted_state */
-	+ TLS_EX_SESS_TICKET_MAC_LENGTH;       /* mac */
+        sizeof(ticket.ticket_lifetime_hint)    /* ticket_lifetime_hint */
+        + 2 /* length field for NewSessionTicket.ticket */
+        + SESS_TICKET_KEY_NAME_LEN             /* key_name */
+        + AES_BLOCK_SIZE                       /* iv */
+        + 2 /* length field for NewSessionTicket.ticket.encrypted_state */
+        + ciphertext_length                    /* encrypted_state */
+        + TLS_EX_SESS_TICKET_MAC_LENGTH;       /* mac */
 
     if (SECITEM_AllocItem(NULL, &plaintext_item, ciphertext_length) == NULL)
-	goto loser;
+        goto loser;
 
     plaintext = plaintext_item;
 
     /* ticket_version */
     rv = ssl3_AppendNumberToItem(&plaintext, TLS_EX_SESS_TICKET_VERSION,
-	sizeof(PRUint16));
+        sizeof(PRUint16));
     if (rv != SECSuccess) goto loser;
 
     /* ssl_version */
     rv = ssl3_AppendNumberToItem(&plaintext, ss->version,
-	sizeof(SSL3ProtocolVersion));
+        sizeof(SSL3ProtocolVersion));
     if (rv != SECSuccess) goto loser;
 
     /* ciphersuite */
-    rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite, 
-	sizeof(ssl3CipherSuite));
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite,
+        sizeof(ssl3CipherSuite));
     if (rv != SECSuccess) goto loser;
-    
+
     /* compression */
     rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.compression, 1);
     if (rv != SECSuccess) goto loser;
@@ -1274,24 +1285,24 @@
 
     /* client_identity */
     if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) {
-	rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1);
-	if (rv != SECSuccess) goto loser;
-	rv = ssl3_AppendNumberToItem(&plaintext,
-	    ss->sec.ci.sid->peerCert->derCert.len, 3);
-	if (rv != SECSuccess) goto loser;
-	rv = ssl3_AppendToItem(&plaintext,
-	    ss->sec.ci.sid->peerCert->derCert.data,
-	    ss->sec.ci.sid->peerCert->derCert.len);
-	if (rv != SECSuccess) goto loser;
+        rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1);
+        if (rv != SECSuccess) goto loser;
+        rv = ssl3_AppendNumberToItem(&plaintext,
+            ss->sec.ci.sid->peerCert->derCert.len, 3);
+        if (rv != SECSuccess) goto loser;
+        rv = ssl3_AppendToItem(&plaintext,
+            ss->sec.ci.sid->peerCert->derCert.data,
+            ss->sec.ci.sid->peerCert->derCert.len);
+        if (rv != SECSuccess) goto loser;
     } else {
-	rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
-	if (rv != SECSuccess) goto loser;
+        rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
+        if (rv != SECSuccess) goto loser;
     }
 
     /* timestamp */
     now = ssl_Time();
     rv = ssl3_AppendNumberToItem(&plaintext, now,
-	sizeof(ticket.ticket_lifetime_hint));
+        sizeof(ticket.ticket_lifetime_hint));
     if (rv != SECSuccess) goto loser;
 
     if (srvNameLen) {
@@ -1312,39 +1323,39 @@
 
     PORT_Assert(plaintext.len == padding_length);
     for (i = 0; i < padding_length; i++)
-	plaintext.data[i] = (unsigned char)padding_length;
+        plaintext.data[i] = (unsigned char)padding_length;
 
     if (SECITEM_AllocItem(NULL, &ciphertext, ciphertext_length) == NULL) {
-	rv = SECFailure;
-	goto loser;
+        rv = SECFailure;
+        goto loser;
     }
 
     /* Generate encrypted portion of ticket. */
 #ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
-	aes_ctx = (AESContext *)aes_ctx_buf;
-	rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv, 
-	    NSS_AES_CBC, 1, AES_BLOCK_SIZE);
-	if (rv != SECSuccess) goto loser;
+        aes_ctx = (AESContext *)aes_ctx_buf;
+        rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv,
+            NSS_AES_CBC, 1, AES_BLOCK_SIZE);
+        if (rv != SECSuccess) goto loser;
 
-	rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len,
-	    ciphertext.len, plaintext_item.data,
-	    plaintext_item.len);
-	if (rv != SECSuccess) goto loser;
-    } else 
+        rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len,
+            ciphertext.len, plaintext_item.data,
+            plaintext_item.len);
+        if (rv != SECSuccess) goto loser;
+    } else
 #endif
     {
-	aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
-	    CKA_ENCRYPT, aes_key_pkcs11, &ivItem);
-	if (!aes_ctx_pkcs11) 
-	    goto loser;
+        aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
+            CKA_ENCRYPT, aes_key_pkcs11, &ivItem);
+        if (!aes_ctx_pkcs11)
+            goto loser;
 
-	rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data,
-	    (int *)&ciphertext.len, ciphertext.len,
-	    plaintext_item.data, plaintext_item.len);
-	PK11_Finalize(aes_ctx_pkcs11);
-	PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
-	if (rv != SECSuccess) goto loser;
+        rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data,
+            (int *)&ciphertext.len, ciphertext.len,
+            plaintext_item.data, plaintext_item.len);
+        PK11_Finalize(aes_ctx_pkcs11);
+        PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
+        if (rv != SECSuccess) goto loser;
     }
 
     /* Convert ciphertext length to network order. */
@@ -1354,40 +1365,40 @@
     /* Compute MAC. */
 #ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
-	hmac_ctx = (HMACContext *)hmac_ctx_buf;
-	hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
-	if (HMAC_Init(hmac_ctx, hashObj, mac_key,
-		mac_key_length, PR_FALSE) != SECSuccess)
-	    goto loser;
+        hmac_ctx = (HMACContext *)hmac_ctx_buf;
+        hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
+        if (HMAC_Init(hmac_ctx, hashObj, mac_key,
+                mac_key_length, PR_FALSE) != SECSuccess)
+            goto loser;
 
-	HMAC_Begin(hmac_ctx);
-	HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN);
-	HMAC_Update(hmac_ctx, iv, sizeof(iv));
-	HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2);
-	HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
-	HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
-	    sizeof(computed_mac));
-    } else 
+        HMAC_Begin(hmac_ctx);
+        HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN);
+        HMAC_Update(hmac_ctx, iv, sizeof(iv));
+        HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2);
+        HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
+        HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
+            sizeof(computed_mac));
+    } else
 #endif
     {
-	SECItem macParam;
-	macParam.data = NULL;
-	macParam.len = 0;
-	hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
-	    CKA_SIGN, mac_key_pkcs11, &macParam);
-	if (!hmac_ctx_pkcs11)
-	    goto loser;
+        SECItem macParam;
+        macParam.data = NULL;
+        macParam.len = 0;
+        hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
+            CKA_SIGN, mac_key_pkcs11, &macParam);
+        if (!hmac_ctx_pkcs11)
+            goto loser;
 
-	rv = PK11_DigestBegin(hmac_ctx_pkcs11);
-	rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name,
-	    SESS_TICKET_KEY_NAME_LEN);
-	rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv));
-	rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2);
-	rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len);
-	rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
-	    &computed_mac_length, sizeof(computed_mac));
-	PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
-	if (rv != SECSuccess) goto loser;
+        rv = PK11_DigestBegin(hmac_ctx_pkcs11);
+        rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name,
+            SESS_TICKET_KEY_NAME_LEN);
+        rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv));
+        rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2);
+        rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len);
+        rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
+            &computed_mac_length, sizeof(computed_mac));
+        PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
+        if (rv != SECSuccess) goto loser;
     }
 
     /* Serialize the handshake message. */
@@ -1395,11 +1406,11 @@
     if (rv != SECSuccess) goto loser;
 
     rv = ssl3_AppendHandshakeNumber(ss, ticket.ticket_lifetime_hint,
-	sizeof(ticket.ticket_lifetime_hint));
+        sizeof(ticket.ticket_lifetime_hint));
     if (rv != SECSuccess) goto loser;
 
     rv = ssl3_AppendHandshakeNumber(ss,
-	message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2);
+        message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2);
     if (rv != SECSuccess) goto loser;
 
     rv = ssl3_AppendHandshake(ss, key_name, SESS_TICKET_KEY_NAME_LEN);
@@ -1416,9 +1427,9 @@
 
 loser:
     if (plaintext_item.data)
-	SECITEM_FreeItem(&plaintext_item, PR_FALSE);
+        SECITEM_FreeItem(&plaintext_item, PR_FALSE);
     if (ciphertext.data)
-	SECITEM_FreeItem(&ciphertext, PR_FALSE);
+        SECITEM_FreeItem(&ciphertext, PR_FALSE);
 
     return rv;
 }
@@ -1430,8 +1441,9 @@
 ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
                                   SECItem *data)
 {
-    if (data->len != 0)
-	return SECFailure;
+    if (data->len != 0) {
+        return SECSuccess;  /* Ignore the extension. */
+    }
 
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -1450,7 +1462,7 @@
 
     /* Ignore the SessionTicket extension if processing is disabled. */
     if (!ss->opt.enableSessionTickets)
-	return SECSuccess;
+        return SECSuccess;
 
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -1460,302 +1472,302 @@
      * instead of terminating the current connection.
      */
     if (data->len == 0) {
-	ss->xtnData.emptySessionTicket = PR_TRUE;
+        ss->xtnData.emptySessionTicket = PR_TRUE;
     } else {
-	int                    i;
-	SECItem                extension_data;
-	EncryptedSessionTicket enc_session_ticket;
-	unsigned char          computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
-	unsigned int           computed_mac_length;
+        int                    i;
+        SECItem                extension_data;
+        EncryptedSessionTicket enc_session_ticket;
+        unsigned char          computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
+        unsigned int           computed_mac_length;
 #ifndef NO_PKCS11_BYPASS
-	const SECHashObject   *hashObj;
-	const unsigned char   *aes_key;
-	const unsigned char   *mac_key;
-	PRUint32               aes_key_length;
-	PRUint32               mac_key_length;
-	PRUint64               hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
-	HMACContext           *hmac_ctx;
-	PRUint64               aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
-	AESContext            *aes_ctx;
+        const SECHashObject   *hashObj;
+        const unsigned char   *aes_key;
+        const unsigned char   *mac_key;
+        PRUint32               aes_key_length;
+        PRUint32               mac_key_length;
+        PRUint64               hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
+        HMACContext           *hmac_ctx;
+        PRUint64               aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
+        AESContext            *aes_ctx;
 #endif
-	PK11SymKey            *aes_key_pkcs11;
-	PK11SymKey            *mac_key_pkcs11;
-	PK11Context           *hmac_ctx_pkcs11;
-	CK_MECHANISM_TYPE      macMech = CKM_SHA256_HMAC;
-	PK11Context           *aes_ctx_pkcs11;
-	CK_MECHANISM_TYPE      cipherMech = CKM_AES_CBC;
-	unsigned char *        padding;
-	PRUint32               padding_length;
-	unsigned char         *buffer;
-	unsigned int           buffer_len;
-	PRInt32                temp;
-	SECItem                cert_item;
+        PK11SymKey            *aes_key_pkcs11;
+        PK11SymKey            *mac_key_pkcs11;
+        PK11Context           *hmac_ctx_pkcs11;
+        CK_MECHANISM_TYPE      macMech = CKM_SHA256_HMAC;
+        PK11Context           *aes_ctx_pkcs11;
+        CK_MECHANISM_TYPE      cipherMech = CKM_AES_CBC;
+        unsigned char *        padding;
+        PRUint32               padding_length;
+        unsigned char         *buffer;
+        unsigned int           buffer_len;
+        PRInt32                temp;
+        SECItem                cert_item;
         PRInt8                 nameType = TLS_STE_NO_SERVER_NAME;
 
-	/* Turn off stateless session resumption if the client sends a
-	 * SessionTicket extension, even if the extension turns out to be
-	 * malformed (ss->sec.ci.sid is non-NULL when doing session
-	 * renegotiation.)
-	 */
-	if (ss->sec.ci.sid != NULL) {
-	    if (ss->sec.uncache)
-		ss->sec.uncache(ss->sec.ci.sid);
-	    ssl_FreeSID(ss->sec.ci.sid);
-	    ss->sec.ci.sid = NULL;
-	}
+        /* Turn off stateless session resumption if the client sends a
+         * SessionTicket extension, even if the extension turns out to be
+         * malformed (ss->sec.ci.sid is non-NULL when doing session
+         * renegotiation.)
+         */
+        if (ss->sec.ci.sid != NULL) {
+            if (ss->sec.uncache)
+                ss->sec.uncache(ss->sec.ci.sid);
+            ssl_FreeSID(ss->sec.ci.sid);
+            ss->sec.ci.sid = NULL;
+        }
 
-	extension_data.data = data->data; /* Keep a copy for future use. */
-	extension_data.len = data->len;
+        extension_data.data = data->data; /* Keep a copy for future use. */
+        extension_data.len = data->len;
 
-	if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket)
-	    != SECSuccess)
-	    return SECFailure;
+        if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket)
+            != SECSuccess)
+            return SECFailure;
 
-	/* Get session ticket keys. */
+        /* Get session ticket keys. */
 #ifndef NO_PKCS11_BYPASS
-	if (ss->opt.bypassPKCS11) {
-	    rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
-		&mac_key, &mac_key_length);
-	} else 
+        if (ss->opt.bypassPKCS11) {
+            rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
+                &mac_key, &mac_key_length);
+        } else
 #endif
-	{
-	    rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
-		&mac_key_pkcs11);
-	}
-	if (rv != SECSuccess) {
-	    SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.",
-			SSL_GETPID(), ss->fd));
-	    goto loser;
-	}
+        {
+            rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
+                &mac_key_pkcs11);
+        }
+        if (rv != SECSuccess) {
+            SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.",
+                        SSL_GETPID(), ss->fd));
+            goto loser;
+        }
 
-	/* If the ticket sent by the client was generated under a key different
-	 * from the one we have, bypass ticket processing.
-	 */
-	if (PORT_Memcmp(enc_session_ticket.key_name, key_name,
-		SESS_TICKET_KEY_NAME_LEN) != 0) {
-	    SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.",
-			SSL_GETPID(), ss->fd));
-	    goto no_ticket;
-	}
+        /* If the ticket sent by the client was generated under a key different
+         * from the one we have, bypass ticket processing.
+         */
+        if (PORT_Memcmp(enc_session_ticket.key_name, key_name,
+                SESS_TICKET_KEY_NAME_LEN) != 0) {
+            SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.",
+                        SSL_GETPID(), ss->fd));
+            goto no_ticket;
+        }
 
-	/* Verify the MAC on the ticket.  MAC verification may also
-	 * fail if the MAC key has been recently refreshed.
-	 */
+        /* Verify the MAC on the ticket.  MAC verification may also
+         * fail if the MAC key has been recently refreshed.
+         */
 #ifndef NO_PKCS11_BYPASS
-	if (ss->opt.bypassPKCS11) {
-	    hmac_ctx = (HMACContext *)hmac_ctx_buf;
-	    hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
-	    if (HMAC_Init(hmac_ctx, hashObj, mac_key,
-		    sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess)
-		goto no_ticket;
-	    HMAC_Begin(hmac_ctx);
-	    HMAC_Update(hmac_ctx, extension_data.data,
-		extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
-	    if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
-		    sizeof(computed_mac)) != SECSuccess)
-		goto no_ticket;
-	} else 
+        if (ss->opt.bypassPKCS11) {
+            hmac_ctx = (HMACContext *)hmac_ctx_buf;
+            hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
+            if (HMAC_Init(hmac_ctx, hashObj, mac_key,
+                    sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess)
+                goto no_ticket;
+            HMAC_Begin(hmac_ctx);
+            HMAC_Update(hmac_ctx, extension_data.data,
+                extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
+            if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
+                    sizeof(computed_mac)) != SECSuccess)
+                goto no_ticket;
+        } else
 #endif
-	{
-	    SECItem macParam;
-	    macParam.data = NULL;
-	    macParam.len = 0;
-	    hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
-		CKA_SIGN, mac_key_pkcs11, &macParam);
-	    if (!hmac_ctx_pkcs11) {
-		SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
-			    SSL_GETPID(), ss->fd, PORT_GetError()));
-		goto no_ticket;
-	    } else {
-		SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
-			    SSL_GETPID(), ss->fd));
-	    }
-	    rv = PK11_DigestBegin(hmac_ctx_pkcs11);
-	    rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data,
-		extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
-	    if (rv != SECSuccess) {
-		PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
-		goto no_ticket;
-	    }
-	    rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
-		&computed_mac_length, sizeof(computed_mac));
-	    PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
-	    if (rv != SECSuccess)
-		goto no_ticket;
-	}
-	if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac,
-		computed_mac_length) != 0) {
-	    SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.",
-			SSL_GETPID(), ss->fd));
-	    goto no_ticket;
-	}
+        {
+            SECItem macParam;
+            macParam.data = NULL;
+            macParam.len = 0;
+            hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
+                CKA_SIGN, mac_key_pkcs11, &macParam);
+            if (!hmac_ctx_pkcs11) {
+                SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
+                            SSL_GETPID(), ss->fd, PORT_GetError()));
+                goto no_ticket;
+            } else {
+                SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
+                            SSL_GETPID(), ss->fd));
+            }
+            rv = PK11_DigestBegin(hmac_ctx_pkcs11);
+            rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data,
+                extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
+            if (rv != SECSuccess) {
+                PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
+                goto no_ticket;
+            }
+            rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
+                &computed_mac_length, sizeof(computed_mac));
+            PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
+            if (rv != SECSuccess)
+                goto no_ticket;
+        }
+        if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac,
+                computed_mac_length) != 0) {
+            SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.",
+                        SSL_GETPID(), ss->fd));
+            goto no_ticket;
+        }
 
-	/* We ignore key_name for now.
-	 * This is ok as MAC verification succeeded.
-	 */
+        /* We ignore key_name for now.
+         * This is ok as MAC verification succeeded.
+         */
 
-	/* Decrypt the ticket. */
+        /* Decrypt the ticket. */
 
-	/* Plaintext is shorter than the ciphertext due to padding. */
-	decrypted_state = SECITEM_AllocItem(NULL, NULL,
-	    enc_session_ticket.encrypted_state.len);
+        /* Plaintext is shorter than the ciphertext due to padding. */
+        decrypted_state = SECITEM_AllocItem(NULL, NULL,
+            enc_session_ticket.encrypted_state.len);
 
 #ifndef NO_PKCS11_BYPASS
-	if (ss->opt.bypassPKCS11) {
-	    aes_ctx = (AESContext *)aes_ctx_buf;
-	    rv = AES_InitContext(aes_ctx, aes_key,
-		sizeof(session_ticket_enc_key), enc_session_ticket.iv,
-		NSS_AES_CBC, 0,AES_BLOCK_SIZE);
-	    if (rv != SECSuccess) {
-		SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
-			    SSL_GETPID(), ss->fd));
-		goto no_ticket;
-	    }
+        if (ss->opt.bypassPKCS11) {
+            aes_ctx = (AESContext *)aes_ctx_buf;
+            rv = AES_InitContext(aes_ctx, aes_key,
+                sizeof(session_ticket_enc_key), enc_session_ticket.iv,
+                NSS_AES_CBC, 0,AES_BLOCK_SIZE);
+            if (rv != SECSuccess) {
+                SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
+                            SSL_GETPID(), ss->fd));
+                goto no_ticket;
+            }
 
-	    rv = AES_Decrypt(aes_ctx, decrypted_state->data,
-		&decrypted_state->len, decrypted_state->len,
-		enc_session_ticket.encrypted_state.data,
-		enc_session_ticket.encrypted_state.len);
-	    if (rv != SECSuccess)
-		goto no_ticket;
-	} else 
+            rv = AES_Decrypt(aes_ctx, decrypted_state->data,
+                &decrypted_state->len, decrypted_state->len,
+                enc_session_ticket.encrypted_state.data,
+                enc_session_ticket.encrypted_state.len);
+            if (rv != SECSuccess)
+                goto no_ticket;
+        } else
 #endif
-	{
-	    SECItem ivItem;
-	    ivItem.data = enc_session_ticket.iv;
-	    ivItem.len = AES_BLOCK_SIZE;
-	    aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
-		CKA_DECRYPT, aes_key_pkcs11, &ivItem);
-	    if (!aes_ctx_pkcs11) {
-		SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
-			    SSL_GETPID(), ss->fd));
-		goto no_ticket;
-	    }
+        {
+            SECItem ivItem;
+            ivItem.data = enc_session_ticket.iv;
+            ivItem.len = AES_BLOCK_SIZE;
+            aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
+                CKA_DECRYPT, aes_key_pkcs11, &ivItem);
+            if (!aes_ctx_pkcs11) {
+                SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
+                            SSL_GETPID(), ss->fd));
+                goto no_ticket;
+            }
 
-	    rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data,
-		(int *)&decrypted_state->len, decrypted_state->len,
-		enc_session_ticket.encrypted_state.data,
-		enc_session_ticket.encrypted_state.len);
-	    PK11_Finalize(aes_ctx_pkcs11);
-	    PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
-	    if (rv != SECSuccess)
-		goto no_ticket;
-	}
+            rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data,
+                (int *)&decrypted_state->len, decrypted_state->len,
+                enc_session_ticket.encrypted_state.data,
+                enc_session_ticket.encrypted_state.len);
+            PK11_Finalize(aes_ctx_pkcs11);
+            PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
+            if (rv != SECSuccess)
+                goto no_ticket;
+        }
 
-	/* Check padding. */
-	padding_length = 
-	    (PRUint32)decrypted_state->data[decrypted_state->len - 1];
-	if (padding_length == 0 || padding_length > AES_BLOCK_SIZE)
-	    goto no_ticket;
+        /* Check padding. */
+        padding_length =
+            (PRUint32)decrypted_state->data[decrypted_state->len - 1];
+        if (padding_length == 0 || padding_length > AES_BLOCK_SIZE)
+            goto no_ticket;
 
-	padding = &decrypted_state->data[decrypted_state->len - padding_length];
-	for (i = 0; i < padding_length; i++, padding++) {
-	    if (padding_length != (PRUint32)*padding)
-		goto no_ticket;
-	}
+        padding = &decrypted_state->data[decrypted_state->len - padding_length];
+        for (i = 0; i < padding_length; i++, padding++) {
+            if (padding_length != (PRUint32)*padding)
+                goto no_ticket;
+        }
 
-	/* Deserialize session state. */
-	buffer = decrypted_state->data;
-	buffer_len = decrypted_state->len;
+        /* Deserialize session state. */
+        buffer = decrypted_state->data;
+        buffer_len = decrypted_state->len;
 
-	parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket));
-	if (parsed_session_ticket == NULL) {
-	    rv = SECFailure;
-	    goto loser;
-	}
+        parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket));
+        if (parsed_session_ticket == NULL) {
+            rv = SECFailure;
+            goto loser;
+        }
 
-	/* Read ticket_version (which is ignored for now.) */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp;
+        /* Read ticket_version (which is ignored for now.) */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp;
 
-	/* Read SSLVersion. */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp;
+        /* Read SSLVersion. */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp;
 
-	/* Read cipher_suite. */
-	temp =  ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp;
+        /* Read cipher_suite. */
+        temp =  ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp;
 
-	/* Read compression_method. */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->compression_method = (SSLCompressionMethod)temp;
+        /* Read compression_method. */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->compression_method = (SSLCompressionMethod)temp;
 
-	/* Read cipher spec parameters. */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->authAlgorithm = (SSLSignType)temp;
-	temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->authKeyBits = (PRUint32)temp;
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->keaType = (SSLKEAType)temp;
-	temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->keaKeyBits = (PRUint32)temp;
+        /* Read cipher spec parameters. */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->authAlgorithm = (SSLSignType)temp;
+        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->authKeyBits = (PRUint32)temp;
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->keaType = (SSLKEAType)temp;
+        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->keaKeyBits = (PRUint32)temp;
 
-	/* Read wrapped master_secret. */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->ms_is_wrapped = (PRBool)temp;
+        /* Read wrapped master_secret. */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->ms_is_wrapped = (PRBool)temp;
 
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->exchKeyType = (SSL3KEAType)temp;
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->exchKeyType = (SSL3KEAType)temp;
 
-	temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp;
+        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp;
 
-	temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->ms_length = (PRUint16)temp;
-	if (parsed_session_ticket->ms_length == 0 ||  /* sanity check MS. */
-	    parsed_session_ticket->ms_length >
-	    sizeof(parsed_session_ticket->master_secret))
-	    goto no_ticket;
-	
-	/* Allow for the wrapped master secret to be longer. */
-	if (buffer_len < parsed_session_ticket->ms_length)
-	    goto no_ticket;
-	PORT_Memcpy(parsed_session_ticket->master_secret, buffer,
-	    parsed_session_ticket->ms_length);
-	buffer += parsed_session_ticket->ms_length;
-	buffer_len -= parsed_session_ticket->ms_length;
+        temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->ms_length = (PRUint16)temp;
+        if (parsed_session_ticket->ms_length == 0 ||  /* sanity check MS. */
+            parsed_session_ticket->ms_length >
+            sizeof(parsed_session_ticket->master_secret))
+            goto no_ticket;
 
-	/* Read client_identity */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0)
-	    goto no_ticket;
-	parsed_session_ticket->client_identity.client_auth_type = 
-	    (ClientAuthenticationType)temp;
-	switch(parsed_session_ticket->client_identity.client_auth_type) {
+        /* Allow for the wrapped master secret to be longer. */
+        if (buffer_len < parsed_session_ticket->ms_length)
+            goto no_ticket;
+        PORT_Memcpy(parsed_session_ticket->master_secret, buffer,
+            parsed_session_ticket->ms_length);
+        buffer += parsed_session_ticket->ms_length;
+        buffer_len -= parsed_session_ticket->ms_length;
+
+        /* Read client_identity */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0)
+            goto no_ticket;
+        parsed_session_ticket->client_identity.client_auth_type =
+            (ClientAuthenticationType)temp;
+        switch(parsed_session_ticket->client_identity.client_auth_type) {
             case CLIENT_AUTH_ANONYMOUS:
-		break;
+                break;
             case CLIENT_AUTH_CERTIFICATE:
-		rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3,
-		    &buffer, &buffer_len);
-		if (rv != SECSuccess) goto no_ticket;
-		rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert,
-		    &cert_item);
-		if (rv != SECSuccess) goto no_ticket;
-		break;
+                rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3,
+                    &buffer, &buffer_len);
+                if (rv != SECSuccess) goto no_ticket;
+                rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert,
+                    &cert_item);
+                if (rv != SECSuccess) goto no_ticket;
+                break;
             default:
-		goto no_ticket;
-	}
-	/* Read timestamp. */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-	if (temp < 0)
-	    goto no_ticket;
-	parsed_session_ticket->timestamp = (PRUint32)temp;
+                goto no_ticket;
+        }
+        /* Read timestamp. */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+        if (temp < 0)
+            goto no_ticket;
+        parsed_session_ticket->timestamp = (PRUint32)temp;
 
         /* Read server name */
         nameType =
-                ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); 
+                ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
         if (nameType != TLS_STE_NO_SERVER_NAME) {
             SECItem name_item;
             rv = ssl3_ConsumeHandshakeVariable(ss, &name_item, 2, &buffer,
@@ -1767,99 +1779,99 @@
             parsed_session_ticket->srvName.type = nameType;
         }
 
-	/* Done parsing.  Check that all bytes have been consumed. */
-	if (buffer_len != padding_length)
-	    goto no_ticket;
+        /* Done parsing.  Check that all bytes have been consumed. */
+        if (buffer_len != padding_length)
+            goto no_ticket;
 
-	/* Use the ticket if it has not expired, otherwise free the allocated
-	 * memory since the ticket is of no use.
-	 */
-	if (parsed_session_ticket->timestamp != 0 &&
-	    parsed_session_ticket->timestamp +
-	    TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) {
+        /* Use the ticket if it has not expired, otherwise free the allocated
+         * memory since the ticket is of no use.
+         */
+        if (parsed_session_ticket->timestamp != 0 &&
+            parsed_session_ticket->timestamp +
+            TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) {
 
-	    sid = ssl3_NewSessionID(ss, PR_TRUE);
-	    if (sid == NULL) {
-		rv = SECFailure;
-		goto loser;
-	    }
+            sid = ssl3_NewSessionID(ss, PR_TRUE);
+            if (sid == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
 
-	    /* Copy over parameters. */
-	    sid->version = parsed_session_ticket->ssl_version;
-	    sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite;
-	    sid->u.ssl3.compression = parsed_session_ticket->compression_method;
-	    sid->authAlgorithm = parsed_session_ticket->authAlgorithm;
-	    sid->authKeyBits = parsed_session_ticket->authKeyBits;
-	    sid->keaType = parsed_session_ticket->keaType;
-	    sid->keaKeyBits = parsed_session_ticket->keaKeyBits;
+            /* Copy over parameters. */
+            sid->version = parsed_session_ticket->ssl_version;
+            sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite;
+            sid->u.ssl3.compression = parsed_session_ticket->compression_method;
+            sid->authAlgorithm = parsed_session_ticket->authAlgorithm;
+            sid->authKeyBits = parsed_session_ticket->authKeyBits;
+            sid->keaType = parsed_session_ticket->keaType;
+            sid->keaKeyBits = parsed_session_ticket->keaKeyBits;
 
-	    /* Copy master secret. */
+            /* Copy master secret. */
 #ifndef NO_PKCS11_BYPASS
-	    if (ss->opt.bypassPKCS11 &&
-		    parsed_session_ticket->ms_is_wrapped)
-		goto no_ticket;
+            if (ss->opt.bypassPKCS11 &&
+                    parsed_session_ticket->ms_is_wrapped)
+                goto no_ticket;
 #endif
-	    if (parsed_session_ticket->ms_length >
-		    sizeof(sid->u.ssl3.keys.wrapped_master_secret))
-		goto no_ticket;
-	    PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret,
-		parsed_session_ticket->master_secret,
-		parsed_session_ticket->ms_length);
-	    sid->u.ssl3.keys.wrapped_master_secret_len =
-		parsed_session_ticket->ms_length;
-	    sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType;
-	    sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech;
-	    sid->u.ssl3.keys.msIsWrapped =
-		parsed_session_ticket->ms_is_wrapped;
-	    sid->u.ssl3.masterValid    = PR_TRUE;
-	    sid->u.ssl3.keys.resumable = PR_TRUE;
+            if (parsed_session_ticket->ms_length >
+                    sizeof(sid->u.ssl3.keys.wrapped_master_secret))
+                goto no_ticket;
+            PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret,
+                parsed_session_ticket->master_secret,
+                parsed_session_ticket->ms_length);
+            sid->u.ssl3.keys.wrapped_master_secret_len =
+                parsed_session_ticket->ms_length;
+            sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType;
+            sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech;
+            sid->u.ssl3.keys.msIsWrapped =
+                parsed_session_ticket->ms_is_wrapped;
+            sid->u.ssl3.masterValid    = PR_TRUE;
+            sid->u.ssl3.keys.resumable = PR_TRUE;
 
-	    /* Copy over client cert from session ticket if there is one. */
-	    if (parsed_session_ticket->peer_cert.data != NULL) {
-		if (sid->peerCert != NULL)
-		    CERT_DestroyCertificate(sid->peerCert);
-		sid->peerCert = CERT_NewTempCertificate(ss->dbHandle,
-		    &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE);
-		if (sid->peerCert == NULL) {
-		    rv = SECFailure;
-		    goto loser;
-		}
-	    }
-	    if (parsed_session_ticket->srvName.data != NULL) {
+            /* Copy over client cert from session ticket if there is one. */
+            if (parsed_session_ticket->peer_cert.data != NULL) {
+                if (sid->peerCert != NULL)
+                    CERT_DestroyCertificate(sid->peerCert);
+                sid->peerCert = CERT_NewTempCertificate(ss->dbHandle,
+                    &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE);
+                if (sid->peerCert == NULL) {
+                    rv = SECFailure;
+                    goto loser;
+                }
+            }
+            if (parsed_session_ticket->srvName.data != NULL) {
                 sid->u.ssl3.srvName = parsed_session_ticket->srvName;
             }
-	    ss->statelessResume = PR_TRUE;
-	    ss->sec.ci.sid = sid;
-	}
+            ss->statelessResume = PR_TRUE;
+            ss->sec.ci.sid = sid;
+        }
     }
 
     if (0) {
 no_ticket:
-	SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.",
-			SSL_GETPID(), ss->fd));
-	ssl3stats = SSL_GetStatistics();
-	SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures );
+        SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.",
+                        SSL_GETPID(), ss->fd));
+        ssl3stats = SSL_GetStatistics();
+        SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures );
     }
     rv = SECSuccess;
 
 loser:
-	/* ss->sec.ci.sid == sid if it did NOT come here via goto statement
-	 * in that case do not free sid
-	 */
-	if (sid && (ss->sec.ci.sid != sid)) {
-	    ssl_FreeSID(sid);
-	    sid = NULL;
-	}
+        /* ss->sec.ci.sid == sid if it did NOT come here via goto statement
+         * in that case do not free sid
+         */
+        if (sid && (ss->sec.ci.sid != sid)) {
+            ssl_FreeSID(sid);
+            sid = NULL;
+        }
     if (decrypted_state != NULL) {
-	SECITEM_FreeItem(decrypted_state, PR_TRUE);
-	decrypted_state = NULL;
+        SECITEM_FreeItem(decrypted_state, PR_TRUE);
+        decrypted_state = NULL;
     }
 
     if (parsed_session_ticket != NULL) {
-	if (parsed_session_ticket->peer_cert.data) {
-	    SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE);
-	}
-	PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket));
+        if (parsed_session_ticket->peer_cert.data) {
+            SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE);
+        }
+        PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket));
     }
 
     return rv;
@@ -1870,11 +1882,11 @@
  * cannot be freed.  The caller is expected to call this function
  * on a shallow copy of the structure.
  */
-static SECStatus 
+static SECStatus
 ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes)
 {
     if (bytes > item->len)
-	return SECFailure;
+        return SECFailure;
 
     *buf = item->data;
     item->data += bytes;
@@ -1887,30 +1899,30 @@
                                  EncryptedSessionTicket *enc_session_ticket)
 {
     if (ssl3_ConsumeFromItem(data, &enc_session_ticket->key_name,
-	    SESS_TICKET_KEY_NAME_LEN) != SECSuccess)
-	return SECFailure;
+            SESS_TICKET_KEY_NAME_LEN) != SECSuccess)
+        return SECFailure;
     if (ssl3_ConsumeFromItem(data, &enc_session_ticket->iv,
-	    AES_BLOCK_SIZE) != SECSuccess)
-	return SECFailure;
+            AES_BLOCK_SIZE) != SECSuccess)
+        return SECFailure;
     if (ssl3_ConsumeHandshakeVariable(ss, &enc_session_ticket->encrypted_state,
-	    2, &data->data, &data->len) != SECSuccess)
-	return SECFailure;
+            2, &data->data, &data->len) != SECSuccess)
+        return SECFailure;
     if (ssl3_ConsumeFromItem(data, &enc_session_ticket->mac,
-	    TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess)
-	return SECFailure;
+            TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess)
+        return SECFailure;
     if (data->len != 0)  /* Make sure that we have consumed all bytes. */
-	return SECFailure;
+        return SECFailure;
 
     return SECSuccess;
 }
 
 /* go through hello extensions in buffer "b".
- * For each one, find the extension handler in the table, and 
- * if present, invoke that handler.  
+ * For each one, find the extension handler in the table, and
+ * if present, invoke that handler.
  * Servers ignore any extensions with unknown extension types.
  * Clients reject any extensions with unadvertised extension types.
  */
-SECStatus 
+SECStatus
 ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length)
 {
     const ssl3HelloExtensionHandler * handlers;
@@ -1924,68 +1936,68 @@
     }
 
     while (*length) {
-	const ssl3HelloExtensionHandler * handler;
-	SECStatus rv;
-	PRInt32   extension_type;
-	SECItem   extension_data;
+        const ssl3HelloExtensionHandler * handler;
+        SECStatus rv;
+        PRInt32   extension_type;
+        SECItem   extension_data;
 
-	/* Get the extension's type field */
-	extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
-	if (extension_type < 0)  /* failure to decode extension_type */
-	    return SECFailure;   /* alert already sent */
+        /* Get the extension's type field */
+        extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
+        if (extension_type < 0)  /* failure to decode extension_type */
+            return SECFailure;   /* alert already sent */
 
-	/* get the data for this extension, so we can pass it or skip it. */
-	rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
-	if (rv != SECSuccess)
-	    return rv;
+        /* get the data for this extension, so we can pass it or skip it. */
+        rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
+        if (rv != SECSuccess)
+            return rv;
 
-	/* Check whether the server sent an extension which was not advertised
-	 * in the ClientHello.
-	 */
-	if (!ss->sec.isServer &&
-	    !ssl3_ClientExtensionAdvertised(ss, extension_type))
-	    return SECFailure;  /* TODO: send unsupported_extension alert */
+        /* Check whether the server sent an extension which was not advertised
+         * in the ClientHello.
+         */
+        if (!ss->sec.isServer &&
+            !ssl3_ClientExtensionAdvertised(ss, extension_type))
+            return SECFailure;  /* TODO: send unsupported_extension alert */
 
-	/* Check whether an extension has been sent multiple times. */
-	if (ssl3_ExtensionNegotiated(ss, extension_type))
-	    return SECFailure;
+        /* Check whether an extension has been sent multiple times. */
+        if (ssl3_ExtensionNegotiated(ss, extension_type))
+            return SECFailure;
 
-	/* find extension_type in table of Hello Extension Handlers */
-	for (handler = handlers; handler->ex_type >= 0; handler++) {
-	    /* if found, call this handler */
-	    if (handler->ex_type == extension_type) {
-		rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, 
-	                                         	&extension_data);
-		/* Ignore this result */
-		/* Treat all bad extensions as unrecognized types. */
-	        break;
-	    }
-	}
+        /* find extension_type in table of Hello Extension Handlers */
+        for (handler = handlers; handler->ex_type >= 0; handler++) {
+            /* if found, call this handler */
+            if (handler->ex_type == extension_type) {
+                rv = (*handler->ex_handler)(ss, (PRUint16)extension_type,
+                                                        &extension_data);
+                /* Ignore this result */
+                /* Treat all bad extensions as unrecognized types. */
+                break;
+            }
+        }
     }
     return SECSuccess;
 }
 
 /* Add a callback function to the table of senders of server hello extensions.
  */
-SECStatus 
+SECStatus
 ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
-				        ssl3HelloExtensionSenderFunc cb)
+                                        ssl3HelloExtensionSenderFunc cb)
 {
     int i;
     ssl3HelloExtensionSender *sender = &ss->xtnData.serverSenders[0];
 
     for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
         if (!sender->ex_sender) {
-	    sender->ex_type   = ex_type;
-	    sender->ex_sender = cb;
-	    return SECSuccess;
-	}
-	/* detect duplicate senders */
-	PORT_Assert(sender->ex_type != ex_type);
-	if (sender->ex_type == ex_type) {
-	    /* duplicate */
-	    break;
-	}
+            sender->ex_type   = ex_type;
+            sender->ex_sender = cb;
+            return SECSuccess;
+        }
+        /* detect duplicate senders */
+        PORT_Assert(sender->ex_type != ex_type);
+        if (sender->ex_type == ex_type) {
+            /* duplicate */
+            break;
+        }
     }
     PORT_Assert(i < SSL_MAX_EXTENSIONS); /* table needs to grow */
     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -2001,18 +2013,18 @@
     int i;
 
     if (!sender) {
-    	sender = ss->version > SSL_LIBRARY_VERSION_3_0 ?
+        sender = ss->version > SSL_LIBRARY_VERSION_3_0 ?
                  &clientHelloSendersTLS[0] : &clientHelloSendersSSL3[0];
     }
 
     for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
-	if (sender->ex_sender) {
-	    PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes);
-	    if (extLen < 0)
-	    	return -1;
-	    maxBytes        -= extLen;
-	    total_exten_len += extLen;
-	}
+        if (sender->ex_sender) {
+            PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes);
+            if (extLen < 0)
+                return -1;
+            maxBytes        -= extLen;
+            total_exten_len += extLen;
+        }
     }
     return total_exten_len;
 }
@@ -2025,48 +2037,48 @@
  * Verify Data (TLS): 12 bytes (client) or 24 bytes (server)
  * Verify Data (SSL): 36 bytes (client) or 72 bytes (server)
  */
-static PRInt32 
+static PRInt32
 ssl3_SendRenegotiationInfoXtn(
-			sslSocket * ss,
-			PRBool      append,
-			PRUint32    maxBytes)
+                        sslSocket * ss,
+                        PRBool      append,
+                        PRUint32    maxBytes)
 {
     PRInt32 len, needed;
 
     /* In draft-ietf-tls-renegotiation-03, it is NOT RECOMMENDED to send
-     * both the SCSV and the empty RI, so when we send SCSV in 
+     * both the SCSV and the empty RI, so when we send SCSV in
      * the initial handshake, we don't also send RI.
      */
     if (!ss || ss->ssl3.hs.sendingSCSV)
-    	return 0;
-    len = !ss->firstHsDone ? 0 : 
-	   (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 
-			     : ss->ssl3.hs.finishedBytes);
+        return 0;
+    len = !ss->firstHsDone ? 0 :
+           (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2
+                             : ss->ssl3.hs.finishedBytes);
     needed = 5 + len;
     if (append && maxBytes >= needed) {
-	SECStatus rv;
-	/* extension_type */
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); 
-	if (rv != SECSuccess) return -1;
-	/* length of extension_data */
-	rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2); 
-	if (rv != SECSuccess) return -1;
-	/* verify_Data from previous Finished message(s) */
-	rv = ssl3_AppendHandshakeVariable(ss, 
-		  ss->ssl3.hs.finishedMsgs.data, len, 1);
-	if (rv != SECSuccess) return -1;
-	if (!ss->sec.isServer) {
-	    TLSExtensionData *xtnData = &ss->xtnData;
-	    xtnData->advertised[xtnData->numAdvertised++] = 
-	                                           ssl_renegotiation_info_xtn;
-	}
+        SECStatus rv;
+        /* extension_type */
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
+        if (rv != SECSuccess) return -1;
+        /* length of extension_data */
+        rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2);
+        if (rv != SECSuccess) return -1;
+        /* verify_Data from previous Finished message(s) */
+        rv = ssl3_AppendHandshakeVariable(ss,
+                  ss->ssl3.hs.finishedMsgs.data, len, 1);
+        if (rv != SECSuccess) return -1;
+        if (!ss->sec.isServer) {
+            TLSExtensionData *xtnData = &ss->xtnData;
+            xtnData->advertised[xtnData->numAdvertised++] =
+                                                   ssl_renegotiation_info_xtn;
+        }
     }
     return needed;
 }
 
 static SECStatus
 ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
-				  SECItem *data)
+                                  SECItem *data)
 {
     SECStatus rv = SECSuccess;
 
@@ -2075,7 +2087,7 @@
     PORT_Assert(ss->sec.isServer);
     /* prepare to send back the appropriate response */
     rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-					    ssl3_ServerSendStatusRequestXtn);
+                                            ssl3_ServerSendStatusRequestXtn);
     return rv;
 }
 
@@ -2087,25 +2099,25 @@
     PRUint32 len = 0;
 
     if (ss->firstHsDone) {
-	len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes 
-	                       : ss->ssl3.hs.finishedBytes * 2;
+        len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes
+                               : ss->ssl3.hs.finishedBytes * 2;
     }
     if (data->len != 1 + len  ||
-	data->data[0] != len  || (len && 
-	NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
-	                 data->data + 1, len))) {
-	/* Can we do this here? Or, must we arrange for the caller to do it? */     
-	(void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);                   
-	PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
-	return SECFailure;
+        data->data[0] != len  || (len &&
+        NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
+                         data->data + 1, len))) {
+        /* Can we do this here? Or, must we arrange for the caller to do it? */
+        (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+        PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+        return SECFailure;
     }
     /* remember that we got this extension and it was correct. */
     ss->peerRequestedProtection = 1;
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
     if (ss->sec.isServer) {
-	/* prepare to send back the appropriate response */
-	rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-					     ssl3_SendRenegotiationInfoXtn);
+        /* prepare to send back the appropriate response */
+        rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
+                                             ssl3_SendRenegotiationInfoXtn);
     }
     return rv;
 }
@@ -2118,60 +2130,60 @@
     SECStatus rv;
 
     if (!ss)
-	return 0;
+        return 0;
 
     if (!ss->sec.isServer) {
-	/* Client side */
+        /* Client side */
 
-	if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount)
-	    return 0;  /* Not relevant */
+        if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount)
+            return 0;  /* Not relevant */
 
-	ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1;
+        ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1;
 
-	if (append && maxBytes >= 4 + ext_data_len) {
-	    /* Extension type */
-	    rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
-	    if (rv != SECSuccess) return -1;
-	    /* Length of extension data */
-	    rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2);
-	    if (rv != SECSuccess) return -1;
-	    /* Length of the SRTP cipher list */
-	    rv = ssl3_AppendHandshakeNumber(ss,
-					    2 * ss->ssl3.dtlsSRTPCipherCount,
-					    2);
-	    if (rv != SECSuccess) return -1;
-	    /* The SRTP ciphers */
-	    for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
-		rv = ssl3_AppendHandshakeNumber(ss,
-						ss->ssl3.dtlsSRTPCiphers[i],
-						2);
-	    }
-	    /* Empty MKI value */
-	    ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+        if (append && maxBytes >= 4 + ext_data_len) {
+            /* Extension type */
+            rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
+            if (rv != SECSuccess) return -1;
+            /* Length of extension data */
+            rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2);
+            if (rv != SECSuccess) return -1;
+            /* Length of the SRTP cipher list */
+            rv = ssl3_AppendHandshakeNumber(ss,
+                                            2 * ss->ssl3.dtlsSRTPCipherCount,
+                                            2);
+            if (rv != SECSuccess) return -1;
+            /* The SRTP ciphers */
+            for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
+                rv = ssl3_AppendHandshakeNumber(ss,
+                                                ss->ssl3.dtlsSRTPCiphers[i],
+                                                2);
+            }
+            /* Empty MKI value */
+            ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
 
-	    ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-		ssl_use_srtp_xtn;
-	}
+            ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+                ssl_use_srtp_xtn;
+        }
 
-	return 4 + ext_data_len;
+        return 4 + ext_data_len;
     }
 
     /* Server side */
     if (append && maxBytes >= 9) {
-	/* Extension type */
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
-	if (rv != SECSuccess) return -1;
-	/* Length of extension data */
-	rv = ssl3_AppendHandshakeNumber(ss, 5, 2);
-	if (rv != SECSuccess) return -1;
-	/* Length of the SRTP cipher list */
-	rv = ssl3_AppendHandshakeNumber(ss, 2, 2);
-	if (rv != SECSuccess) return -1;
-	/* The selected cipher */
-	rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2);
-	if (rv != SECSuccess) return -1;
-	/* Empty MKI value */
-	ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+        /* Extension type */
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
+        if (rv != SECSuccess) return -1;
+        /* Length of extension data */
+        rv = ssl3_AppendHandshakeNumber(ss, 5, 2);
+        if (rv != SECSuccess) return -1;
+        /* Length of the SRTP cipher list */
+        rv = ssl3_AppendHandshakeNumber(ss, 2, 2);
+        if (rv != SECSuccess) return -1;
+        /* The selected cipher */
+        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2);
+        if (rv != SECSuccess) return -1;
+        /* Empty MKI value */
+        ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
     }
 
     return 9;
@@ -2189,121 +2201,121 @@
     SECItem litem;
 
     if (!ss->sec.isServer) {
-	/* Client side */
-	if (!data->data || !data->len) {
+        /* Client side */
+        if (!data->data || !data->len) {
             /* malformed */
             return SECFailure;
-	}
+        }
 
-	/* Get the cipher list */
-	rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
-					   &data->data, &data->len);
-	if (rv != SECSuccess) {
-	    return SECFailure;
-	}
-	/* Now check that the number of ciphers listed is 1 (len = 2) */
-	if (ciphers.len != 2) {
-	    return SECFailure;
-	}
+        /* Get the cipher list */
+        rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
+                                           &data->data, &data->len);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+        /* Now check that the number of ciphers listed is 1 (len = 2) */
+        if (ciphers.len != 2) {
+            return SECFailure;
+        }
 
-	/* Get the selected cipher */
-	cipher = (ciphers.data[0] << 8) | ciphers.data[1];
+        /* Get the selected cipher */
+        cipher = (ciphers.data[0] << 8) | ciphers.data[1];
 
-	/* Now check that this is one of the ciphers we offered */
-	for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
-	    if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
-		found = PR_TRUE;
-		break;
-	    }
-	}
+        /* Now check that this is one of the ciphers we offered */
+        for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
+            if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
+                found = PR_TRUE;
+                break;
+            }
+        }
 
-	if (!found) {
-	    return SECFailure;
-	}
+        if (!found) {
+            return SECFailure;
+        }
 
-	/* Get the srtp_mki value */
+        /* Get the srtp_mki value */
         rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1,
-					   &data->data, &data->len);
+                                           &data->data, &data->len);
         if (rv != SECSuccess) {
             return SECFailure;
         }
 
-	/* We didn't offer an MKI, so this must be 0 length */
-	/* XXX RFC 5764 Section 4.1.3 says:
-	 *   If the client detects a nonzero-length MKI in the server's
-	 *   response that is different than the one the client offered,
-	 *   then the client MUST abort the handshake and SHOULD send an
-	 *   invalid_parameter alert.
-	 *
-	 * Due to a limitation of the ssl3_HandleHelloExtensions function,
-	 * returning SECFailure here won't abort the handshake.  It will
-	 * merely cause the use_srtp extension to be not negotiated.  We
-	 * should fix this.  See NSS bug 753136.
-	 */
-	if (litem.len != 0) {
-	    return SECFailure;
-	}
+        /* We didn't offer an MKI, so this must be 0 length */
+        /* XXX RFC 5764 Section 4.1.3 says:
+         *   If the client detects a nonzero-length MKI in the server's
+         *   response that is different than the one the client offered,
+         *   then the client MUST abort the handshake and SHOULD send an
+         *   invalid_parameter alert.
+         *
+         * Due to a limitation of the ssl3_HandleHelloExtensions function,
+         * returning SECFailure here won't abort the handshake.  It will
+         * merely cause the use_srtp extension to be not negotiated.  We
+         * should fix this.  See NSS bug 753136.
+         */
+        if (litem.len != 0) {
+            return SECFailure;
+        }
 
-	if (data->len != 0) {
+        if (data->len != 0) {
             /* malformed */
             return SECFailure;
-	}
+        }
 
-	/* OK, this looks fine. */
-	ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
-	ss->ssl3.dtlsSRTPCipherSuite = cipher;
-	return SECSuccess;
+        /* OK, this looks fine. */
+        ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
+        ss->ssl3.dtlsSRTPCipherSuite = cipher;
+        return SECSuccess;
     }
 
     /* Server side */
     if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) {
-	/* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP
-	 * preferences have been set. */
-	return SECSuccess;
+        /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP
+         * preferences have been set. */
+        return SECSuccess;
     }
 
     if (!data->data || data->len < 5) {
-	/* malformed */
-	return SECFailure;
+        /* malformed */
+        return SECFailure;
     }
 
     /* Get the cipher list */
     rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
-				       &data->data, &data->len);
+                                       &data->data, &data->len);
     if (rv != SECSuccess) {
-	return SECFailure;
+        return SECFailure;
     }
     /* Check that the list is even length */
     if (ciphers.len % 2) {
-	return SECFailure;
+        return SECFailure;
     }
 
     /* Walk through the offered list and pick the most preferred of our
      * ciphers, if any */
     for (i = 0; !found && i < ss->ssl3.dtlsSRTPCipherCount; i++) {
-	for (j = 0; j + 1 < ciphers.len; j += 2) {
-	    cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1];
-	    if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
-		found = PR_TRUE;
-		break;
-	    }
-	}
+        for (j = 0; j + 1 < ciphers.len; j += 2) {
+            cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1];
+            if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
+                found = PR_TRUE;
+                break;
+            }
+        }
     }
 
     /* Get the srtp_mki value */
     rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, &data->data, &data->len);
     if (rv != SECSuccess) {
-	return SECFailure;
+        return SECFailure;
     }
 
     if (data->len != 0) {
-	return SECFailure; /* Malformed */
+        return SECFailure; /* Malformed */
     }
 
     /* Now figure out what to do */
     if (!found) {
-	/* No matching ciphers */
-	return SECSuccess;
+        /* No matching ciphers */
+        return SECSuccess;
     }
 
     /* OK, we have a valid cipher and we've selected it */
@@ -2311,7 +2323,7 @@
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
 
     return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn,
-						   ssl3_SendUseSRTPXtn);
+                                                   ssl3_SendUseSRTPXtn);
 }
 
 /* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension
@@ -2323,63 +2335,64 @@
     SECStatus rv;
     SECItem algorithms;
     const unsigned char *b;
-    unsigned int numAlgorithms, i;
+    unsigned int numAlgorithms, i, j;
 
     /* Ignore this extension if we aren't doing TLS 1.2 or greater. */
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
-	return SECSuccess;
+        return SECSuccess;
     }
 
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data,
-				       &data->len);
+                                       &data->len);
     if (rv != SECSuccess) {
-	return SECFailure;
+        return SECFailure;
     }
     /* Trailing data, empty value, or odd-length value is invalid. */
     if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) {
-	PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
-	return SECFailure;
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+        return SECFailure;
     }
 
     numAlgorithms = algorithms.len/2;
 
     /* We don't care to process excessive numbers of algorithms. */
     if (numAlgorithms > 512) {
-	numAlgorithms = 512;
+        numAlgorithms = 512;
     }
 
     ss->ssl3.hs.clientSigAndHash =
-	    PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
+            PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
     if (!ss->ssl3.hs.clientSigAndHash) {
-	return SECFailure;
+        return SECFailure;
     }
     ss->ssl3.hs.numClientSigAndHash = 0;
 
     b = algorithms.data;
-    for (i = 0; i < numAlgorithms; i++) {
-	unsigned char tls_hash = *(b++);
-	unsigned char tls_sig = *(b++);
-	SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash);
+    for (i = j = 0; i < numAlgorithms; i++) {
+        unsigned char tls_hash = *(b++);
+        unsigned char tls_sig = *(b++);
+        SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash);
 
-	if (hash == SEC_OID_UNKNOWN) {
-	    /* We ignore formats that we don't understand. */
-	    continue;
-	}
-	/* tls_sig support will be checked later in
-	 * ssl3_PickSignatureHashAlgorithm. */
-	ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash;
-	ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig;
-	ss->ssl3.hs.numClientSigAndHash++;
+        if (hash == SEC_OID_UNKNOWN) {
+            /* We ignore formats that we don't understand. */
+            continue;
+        }
+        /* tls_sig support will be checked later in
+         * ssl3_PickSignatureHashAlgorithm. */
+        ss->ssl3.hs.clientSigAndHash[j].hashAlg = hash;
+        ss->ssl3.hs.clientSigAndHash[j].sigAlg = tls_sig;
+        ++j;
+        ++ss->ssl3.hs.numClientSigAndHash;
     }
 
     if (!ss->ssl3.hs.numClientSigAndHash) {
-	/* We didn't understand any of the client's requested signature
-	 * formats. We'll use the defaults. */
-	PORT_Free(ss->ssl3.hs.clientSigAndHash);
-	ss->ssl3.hs.clientSigAndHash = NULL;
+        /* We didn't understand any of the client's requested signature
+         * formats. We'll use the defaults. */
+        PORT_Free(ss->ssl3.hs.clientSigAndHash);
+        ss->ssl3.hs.clientSigAndHash = NULL;
     }
 
     return SECSuccess;
@@ -2391,49 +2404,49 @@
 ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
 {
     static const unsigned char signatureAlgorithms[] = {
-	/* This block is the contents of our signature_algorithms extension, in
-	 * wire format. See
-	 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
-	tls_hash_sha256, tls_sig_rsa,
-	tls_hash_sha384, tls_sig_rsa,
-	tls_hash_sha1,   tls_sig_rsa,
-#ifdef NSS_ENABLE_ECC
-	tls_hash_sha256, tls_sig_ecdsa,
-	tls_hash_sha384, tls_sig_ecdsa,
-	tls_hash_sha1,   tls_sig_ecdsa,
+        /* This block is the contents of our signature_algorithms extension, in
+         * wire format. See
+         * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+        tls_hash_sha256, tls_sig_rsa,
+        tls_hash_sha384, tls_sig_rsa,
+        tls_hash_sha1,   tls_sig_rsa,
+#ifndef NSS_DISABLE_ECC
+        tls_hash_sha256, tls_sig_ecdsa,
+        tls_hash_sha384, tls_sig_ecdsa,
+        tls_hash_sha1,   tls_sig_ecdsa,
 #endif
-	tls_hash_sha256, tls_sig_dsa,
-	tls_hash_sha1,   tls_sig_dsa,
+        tls_hash_sha256, tls_sig_dsa,
+        tls_hash_sha1,   tls_sig_dsa,
     };
     PRInt32 extension_length;
 
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
-	return 0;
+        return 0;
     }
 
     extension_length =
-	2 /* extension type */ +
-	2 /* extension length */ +
-	2 /* supported_signature_algorithms length */ +
-	sizeof(signatureAlgorithms);
+        2 /* extension type */ +
+        2 /* extension length */ +
+        2 /* supported_signature_algorithms length */ +
+        sizeof(signatureAlgorithms);
 
     if (append && maxBytes >= extension_length) {
-	SECStatus rv;
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
-	if (rv != SECSuccess)
-	    goto loser;
-	rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-	if (rv != SECSuccess)
-	    goto loser;
-	rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms,
-					  sizeof(signatureAlgorithms), 2);
-	if (rv != SECSuccess)
-	    goto loser;
-	ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-		ssl_signature_algorithms_xtn;
+        SECStatus rv;
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms,
+                                          sizeof(signatureAlgorithms), 2);
+        if (rv != SECSuccess)
+            goto loser;
+        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+                ssl_signature_algorithms_xtn;
     } else if (maxBytes < extension_length) {
-	PORT_Assert(0);
-	return 0;
+        PORT_Assert(0);
+        return 0;
     }
 
     return extension_length;
@@ -2446,20 +2459,20 @@
 ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
 {
     unsigned int recordLength = 1 /* handshake message type */ +
-				3 /* handshake message length */ +
-				clientHelloLength;
+                                3 /* handshake message length */ +
+                                clientHelloLength;
     unsigned int extensionLength;
 
     if (recordLength < 256 || recordLength >= 512) {
-	return 0;
+        return 0;
     }
 
     extensionLength = 512 - recordLength;
     /* Extensions take at least four bytes to encode. Always include at least
-     * one byte of data if including the extension. WebSphere Application Server
-     * 7.0 is intolerant to the last extension being zero-length. */
+     * one byte of data if including the extension. WebSphere Application
+     * Server 7.0 is intolerant to the last extension being zero-length. */
     if (extensionLength < 4 + 1) {
-	extensionLength = 4 + 1;
+        extensionLength = 4 + 1;
     }
 
     return extensionLength;
@@ -2470,62 +2483,151 @@
  * that we don't trigger bugs in F5 products. */
 PRInt32
 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
-			    PRUint32 maxBytes)
+                            PRUint32 maxBytes)
 {
     unsigned int paddingLen = extensionLen - 4;
     static unsigned char padding[256];
 
     if (extensionLen == 0) {
-	return 0;
+        return 0;
     }
 
     if (extensionLen < 4 ||
-	extensionLen > maxBytes ||
-	paddingLen > sizeof(padding)) {
-	PORT_Assert(0);
-	return -1;
+        extensionLen > maxBytes ||
+        paddingLen > sizeof(padding)) {
+        PORT_Assert(0);
+        return -1;
     }
 
     if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
-	return -1;
+        return -1;
     if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2))
-	return -1;
+        return -1;
     if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen))
-	return -1;
+        return -1;
 
     return extensionLen;
 }
 
+/* ssl3_ClientSendDraftVersionXtn sends the TLS 1.3 temporary draft
+ * version extension.
+ * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
+static PRInt32
+ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+
+    if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
+        return 0;
+    }
+
+    extension_length = 6;  /* Type + length + number */
+    if (append && maxBytes >= extension_length) {
+        SECStatus rv;
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendHandshakeNumber(ss, TLS_1_3_DRAFT_VERSION, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+                ssl_tls13_draft_version_xtn;
+    } else if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    return extension_length;
+
+loser:
+    return -1;
+}
+
+/* ssl3_ServerHandleDraftVersionXtn handles the TLS 1.3 temporary draft
+ * version extension.
+ * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
+static SECStatus
+ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type,
+                                 SECItem *data)
+{
+    PRInt32 draft_version;
+
+    /* Ignore this extension if we aren't doing TLS 1.3 */
+    if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
+        return SECSuccess;
+    }
+
+    if (data->len != 2)
+        goto loser;
+
+    /* Get the draft version out of the handshake */
+    draft_version = ssl3_ConsumeHandshakeNumber(ss, 2,
+                                                &data->data, &data->len);
+    if (draft_version < 0) {
+        goto loser;
+    }
+
+    /*  Keep track of negotiated extensions. */
+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
+
+    /* Compare the version */
+    if (draft_version != TLS_1_3_DRAFT_VERSION) {
+        SSL_TRC(30, ("%d: SSL3[%d]: Incompatible version of TLS 1.3 (%d), "
+                     "expected %d",
+                     SSL_GETPID(), ss->fd, draft_version, TLS_1_3_DRAFT_VERSION));
+        goto loser;
+    }
+
+    return SECSuccess;
+
+loser:
+    /*
+     * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2.
+     * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back
+     * here. Need to double-check.
+     * TODO(ekr@rtfm.com): Currently we fall back even on broken extensions.
+     * because SECFailure does not cause handshake failures. See bug
+     * 753136.
+     */
+    SSL_TRC(30, ("%d: SSL3[%d]: Rolling back to TLS 1.2", SSL_GETPID(), ss->fd));
+    ss->version = SSL_LIBRARY_VERSION_TLS_1_2;
+
+    return SECSuccess;
+}
+
 /* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
  * extension for TLS ClientHellos. */
 static PRInt32
 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
-				      PRUint32 maxBytes)
+                                      PRUint32 maxBytes)
 {
     PRInt32 extension_length = 2 /* extension_type */ +
-	    2 /* length(extension_data) */;
+                               2 /* length(extension_data) */;
 
     /* Only send the extension if processing is enabled. */
     if (!ss->opt.enableSignedCertTimestamps)
-	return 0;
+        return 0;
 
     if (append && maxBytes >= extension_length) {
-	SECStatus rv;
-	/* extension_type */
-	rv = ssl3_AppendHandshakeNumber(ss,
-					ssl_signed_certificate_timestamp_xtn,
-					2);
-	if (rv != SECSuccess)
-	    goto loser;
-	/* zero length */
-	rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-	if (rv != SECSuccess)
-	    goto loser;
-	ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-		ssl_signed_certificate_timestamp_xtn;
+        SECStatus rv;
+        /* extension_type */
+        rv = ssl3_AppendHandshakeNumber(ss,
+                                        ssl_signed_certificate_timestamp_xtn,
+                                        2);
+        if (rv != SECSuccess)
+            goto loser;
+        /* zero length */
+        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+            ssl_signed_certificate_timestamp_xtn;
     } else if (maxBytes < extension_length) {
-	PORT_Assert(0);
-	return 0;
+        PORT_Assert(0);
+        return 0;
     }
 
     return extension_length;
@@ -2535,7 +2637,7 @@
 
 static SECStatus
 ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
-					SECItem *data)
+                                        SECItem *data)
 {
     /* We do not yet know whether we'll be resuming a session or creating
      * a new one, so we keep a pointer to the data in the TLSExtensionData
@@ -2549,8 +2651,8 @@
     PORT_Assert(!scts->data && !scts->len);
 
     if (!data->len) {
-	/* Empty extension data: RFC 6962 mandates non-empty contents. */
-	return SECFailure;
+        /* Empty extension data: RFC 6962 mandates non-empty contents. */
+        return SECFailure;
     }
     *scts = *data;
     /* Keep track of negotiated extensions. */
diff --git a/net/third_party/nss/ssl/ssl3prot.h b/net/third_party/nss/ssl/ssl3prot.h
index d32be38..78fbcaa 100644
--- a/net/third_party/nss/ssl/ssl3prot.h
+++ b/net/third_party/nss/ssl/ssl3prot.h
@@ -14,28 +14,33 @@
 typedef PRUint16 SSL3ProtocolVersion;
 /* version numbers are defined in sslproto.h */
 
+/* The TLS 1.3 draft version. Used to avoid negotiating
+ * between incompatible pre-standard TLS 1.3 drafts.
+ * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
+#define TLS_1_3_DRAFT_VERSION  3
+
 typedef PRUint16 ssl3CipherSuite;
 /* The cipher suites are defined in sslproto.h */
 
-#define MAX_CERT_TYPES			10
-#define MAX_COMPRESSION_METHODS		10
-#define MAX_MAC_LENGTH			64
-#define MAX_PADDING_LENGTH		64
-#define MAX_KEY_LENGTH			64
-#define EXPORT_KEY_LENGTH		 5
-#define SSL3_RANDOM_LENGTH		32
+#define MAX_CERT_TYPES                  10
+#define MAX_COMPRESSION_METHODS         10
+#define MAX_MAC_LENGTH                  64
+#define MAX_PADDING_LENGTH              64
+#define MAX_KEY_LENGTH                  64
+#define EXPORT_KEY_LENGTH                5
+#define SSL3_RANDOM_LENGTH              32
 
-#define SSL3_RECORD_HEADER_LENGTH	 5
+#define SSL3_RECORD_HEADER_LENGTH        5
 
 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
 #define DTLS_RECORD_HEADER_LENGTH       13
 
-#define MAX_FRAGMENT_LENGTH		16384
-     
+#define MAX_FRAGMENT_LENGTH          16384
+
 typedef enum {
-    content_change_cipher_spec = 20, 
+    content_change_cipher_spec = 20,
     content_alert              = 21,
-    content_handshake          = 22, 
+    content_handshake          = 22,
     content_application_data   = 23
 } SSL3ContentType;
 
@@ -77,11 +82,11 @@
     close_notify            = 0,
     unexpected_message      = 10,
     bad_record_mac          = 20,
-    decryption_failed_RESERVED = 21,	/* do not send; see RFC 5246 */
-    record_overflow         = 22,	/* TLS only */
+    decryption_failed_RESERVED = 21,    /* do not send; see RFC 5246 */
+    record_overflow         = 22,       /* TLS only */
     decompression_failure   = 30,
     handshake_failure       = 40,
-    no_certificate          = 41,	/* SSL3 only, NOT TLS */
+    no_certificate          = 41,       /* SSL3 only, NOT TLS */
     bad_certificate         = 42,
     unsupported_certificate = 43,
     certificate_revoked     = 44,
@@ -118,45 +123,45 @@
 } SSL3Alert;
 
 typedef enum {
-    hello_request	= 0, 
-    client_hello	= 1, 
-    server_hello	= 2,
+    hello_request       = 0,
+    client_hello        = 1,
+    server_hello        = 2,
     hello_verify_request = 3,
-    new_session_ticket	= 4,
-    certificate 	= 11, 
+    new_session_ticket  = 4,
+    certificate         = 11,
     server_key_exchange = 12,
-    certificate_request	= 13, 
-    server_hello_done	= 14,
-    certificate_verify	= 15, 
-    client_key_exchange	= 16, 
-    finished		= 20,
+    certificate_request = 13,
+    server_hello_done   = 14,
+    certificate_verify  = 15,
+    client_key_exchange = 16,
+    finished            = 20,
     certificate_status  = 22,
-    next_proto		= 67,
-    encrypted_extensions= 203
+    next_proto          = 67,
+    encrypted_extensions = 203,
 } SSL3HandshakeType;
 
 typedef struct {
     PRUint8 empty;
 } SSL3HelloRequest;
-     
+
 typedef struct {
     SSL3Opaque rand[SSL3_RANDOM_LENGTH];
 } SSL3Random;
-     
+
 typedef struct {
     SSL3Opaque id[32];
     PRUint8 length;
 } SSL3SessionID;
-     
+
 typedef struct {
     SSL3ProtocolVersion   client_version;
     SSL3Random            random;
     SSL3SessionID         session_id;
     SECItem               cipher_suites;
-    PRUint8                 cm_count;
+    PRUint8               cm_count;
     SSLCompressionMethod  compression_methods[MAX_COMPRESSION_METHODS];
 } SSL3ClientHello;
-     
+
 typedef struct  {
     SSL3ProtocolVersion   server_version;
     SSL3Random            random;
@@ -164,29 +169,29 @@
     ssl3CipherSuite       cipher_suite;
     SSLCompressionMethod  compression_method;
 } SSL3ServerHello;
-     
+
 typedef struct {
     SECItem list;
 } SSL3Certificate;
 
 /* SSL3SignType moved to ssl.h */
 
-/* The SSL key exchange method used */     
+/* The SSL key exchange method used */
 typedef enum {
-    kea_null, 
-    kea_rsa, 
+    kea_null,
+    kea_rsa,
     kea_rsa_export,
     kea_rsa_export_1024,
-    kea_dh_dss, 
-    kea_dh_dss_export, 
-    kea_dh_rsa, 
+    kea_dh_dss,
+    kea_dh_dss_export,
+    kea_dh_rsa,
     kea_dh_rsa_export,
-    kea_dhe_dss, 
-    kea_dhe_dss_export, 
-    kea_dhe_rsa, 
+    kea_dhe_dss,
+    kea_dhe_dss_export,
+    kea_dhe_rsa,
     kea_dhe_rsa_export,
-    kea_dh_anon, 
-    kea_dh_anon_export, 
+    kea_dh_anon,
+    kea_dh_anon_export,
     kea_rsa_fips,
     kea_ecdh_ecdsa,
     kea_ecdhe_ecdsa,
@@ -194,7 +199,7 @@
     kea_ecdhe_rsa,
     kea_ecdh_anon
 } SSL3KeyExchangeAlgorithm;
-     
+
 typedef struct {
     SECItem modulus;
     SECItem exponent;
@@ -208,8 +213,8 @@
 
 typedef struct {
     union {
-	SSL3ServerDHParams dh;
-	SSL3ServerRSAParams rsa;
+        SSL3ServerDHParams dh;
+        SSL3ServerRSAParams rsa;
     } u;
 } SSL3ServerParams;
 
@@ -253,56 +258,56 @@
     unsigned int len;
     SECOidTag hashAlg;
     union {
-	PRUint8 raw[64];
-	SSL3HashesIndividually s;
+        PRUint8 raw[64];
+        SSL3HashesIndividually s;
     } u;
 } SSL3Hashes;
 
 typedef struct {
     union {
-	SSL3Opaque anonymous;
-	SSL3Hashes certified;
+        SSL3Opaque anonymous;
+        SSL3Hashes certified;
     } u;
 } SSL3ServerKeyExchange;
-     
+
 typedef enum {
-    ct_RSA_sign 	=  1, 
-    ct_DSS_sign 	=  2, 
-    ct_RSA_fixed_DH 	=  3,
-    ct_DSS_fixed_DH 	=  4, 
-    ct_RSA_ephemeral_DH =  5, 
+    ct_RSA_sign         =  1,
+    ct_DSS_sign         =  2,
+    ct_RSA_fixed_DH     =  3,
+    ct_DSS_fixed_DH     =  4,
+    ct_RSA_ephemeral_DH =  5,
     ct_DSS_ephemeral_DH =  6,
-    ct_ECDSA_sign	=  64, 
-    ct_RSA_fixed_ECDH	=  65, 
-    ct_ECDSA_fixed_ECDH	=  66 
+    ct_ECDSA_sign       =  64,
+    ct_RSA_fixed_ECDH   =  65,
+    ct_ECDSA_fixed_ECDH =  66
 
 } SSL3ClientCertificateType;
-     
+
 typedef SECItem *SSL3DistinquishedName;
 
 typedef struct {
     SSL3Opaque client_version[2];
     SSL3Opaque random[46];
 } SSL3RSAPreMasterSecret;
-     
+
 typedef SECItem SSL3EncryptedPreMasterSecret;
 
 
 typedef SSL3Opaque SSL3MasterSecret[48];
 
 typedef enum { implicit, explicit } SSL3PublicValueEncoding;
-     
+
 typedef struct {
     union {
-	SSL3Opaque implicit;
-	SECItem    explicit;
+        SSL3Opaque implicit;
+        SECItem    explicit;
     } dh_public;
 } SSL3ClientDiffieHellmanPublic;
-     
+
 typedef struct {
     union {
-	SSL3EncryptedPreMasterSecret  rsa;
-	SSL3ClientDiffieHellmanPublic diffie_helman;
+        SSL3EncryptedPreMasterSecret  rsa;
+        SSL3ClientDiffieHellmanPublic diffie_helman;
     } exchange_keys;
 } SSL3ClientKeyExchange;
 
@@ -315,7 +320,7 @@
     sender_server = 0x53525652
 } SSL3Sender;
 
-typedef SSL3HashesIndividually SSL3Finished;   
+typedef SSL3HashesIndividually SSL3Finished;
 
 typedef struct {
     SSL3Opaque verify_data[12];
@@ -323,7 +328,7 @@
 
 /*
  * TLS extension related data structures and constants.
- */ 
+ */
 
 /* SessionTicket extension related data structures. */
 
@@ -342,7 +347,7 @@
 typedef struct {
     ClientAuthenticationType client_auth_type;
     union {
-	SSL3Opaque *certificate_list;
+        SSL3Opaque *certificate_list;
     } identity;
 } ClientIdentity;
 
@@ -358,7 +363,7 @@
     unsigned char *mac;
 } EncryptedSessionTicket;
 
-#define TLS_EX_SESS_TICKET_MAC_LENGTH       32
+#define TLS_EX_SESS_TICKET_MAC_LENGTH 32
 
 #define TLS_STE_NO_SERVER_NAME        -1
 
diff --git a/net/third_party/nss/ssl/sslcon.c b/net/third_party/nss/ssl/sslcon.c
index 2763654..8c5a5ad 100644
--- a/net/third_party/nss/ssl/sslcon.c
+++ b/net/third_party/nss/ssl/sslcon.c
@@ -428,7 +428,6 @@
           int cipherChoice)
 {
     switch (cipherChoice) {
-
       case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
       case SSL_CK_RC2_128_CBC_WITH_MD5:
       case SSL_CK_RC4_128_EXPORT40_WITH_MD5:
@@ -436,8 +435,10 @@
       case SSL_CK_DES_64_CBC_WITH_MD5:
       case SSL_CK_DES_192_EDE3_CBC_WITH_MD5:
 	sec->hash = HASH_GetHashObject(HASH_AlgMD5);
-	SECITEM_CopyItem(0, &sec->sendSecret, writeKey);
-	SECITEM_CopyItem(0, &sec->rcvSecret, readKey);
+	if (SECITEM_CopyItem(0, &sec->sendSecret, writeKey) ||
+	    SECITEM_CopyItem(0, &sec->rcvSecret, readKey)) {
+	    return SECFailure;
+	}
 	break;
 
       default:
@@ -3101,7 +3102,7 @@
 
 	return rv;
     }
-#if defined(NSS_ENABLE_ECC)
+#ifndef NSS_DISABLE_ECC
     /* ensure we don't neogtiate ECC cipher suites with SSL2 hello */
     ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
     if (ss->cipherSpecs != NULL) {
@@ -3109,7 +3110,7 @@
 	ss->cipherSpecs     = NULL;
 	ss->sizeCipherSpecs = 0;
     }
-#endif
+#endif /* NSS_DISABLE_ECC */
 
     if (!ss->cipherSpecs) {
         rv = ssl2_ConstructCipherSpecs(ss);
diff --git a/net/third_party/nss/ssl/sslenum.c b/net/third_party/nss/ssl/sslenum.c
index d601207..a036627 100644
--- a/net/third_party/nss/ssl/sslenum.c
+++ b/net/third_party/nss/ssl/sslenum.c
@@ -49,7 +49,7 @@
  * the fifth one.
  */
 const PRUint16 SSL_ImplementedCiphers[] = {
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -67,7 +67,7 @@
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
@@ -80,11 +80,11 @@
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
     TLS_DHE_DSS_WITH_RC4_128_SHA,
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
@@ -93,7 +93,7 @@
     TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
     TLS_ECDH_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     TLS_RSA_WITH_AES_128_GCM_SHA256,
     TLS_RSA_WITH_AES_128_CBC_SHA,
@@ -104,34 +104,34 @@
     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_RSA_WITH_SEED_CBC_SHA,
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,
-    SSL_RSA_WITH_RC4_128_SHA,
-    SSL_RSA_WITH_RC4_128_MD5,
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_RSA_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_MD5,
 
     /* 56-bit DES "domestic" cipher suites */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,
-    SSL_RSA_WITH_DES_CBC_SHA,
+    TLS_RSA_WITH_DES_CBC_SHA,
 
     /* export ciphersuites with 1024-bit public key exchange keys */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
 
     /* export ciphersuites with 512-bit public key exchange keys */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
 
     /* ciphersuites with no encryption */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     TLS_ECDHE_ECDSA_WITH_NULL_SHA,
     TLS_ECDHE_RSA_WITH_NULL_SHA,
     TLS_ECDH_RSA_WITH_NULL_SHA,
     TLS_ECDH_ECDSA_WITH_NULL_SHA,
-#endif /* NSS_ENABLE_ECC */
-    SSL_RSA_WITH_NULL_SHA,
+#endif /* NSS_DISABLE_ECC */
+    TLS_RSA_WITH_NULL_SHA,
     TLS_RSA_WITH_NULL_SHA256,
-    SSL_RSA_WITH_NULL_MD5,
+    TLS_RSA_WITH_NULL_MD5,
 
     /* SSL2 cipher suites. */
     SSL_EN_RC4_128_WITH_MD5,
diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h
index 5184a6e06..24bf893 100644
--- a/net/third_party/nss/ssl/sslerr.h
+++ b/net/third_party/nss/ssl/sslerr.h
@@ -8,179 +8,179 @@
 #define __SSL_ERR_H_
 
 
-#define SSL_ERROR_BASE				(-0x3000)
-#define SSL_ERROR_LIMIT				(SSL_ERROR_BASE + 1000)
+#define SSL_ERROR_BASE                          (-0x3000)
+#define SSL_ERROR_LIMIT                         (SSL_ERROR_BASE + 1000)
 
 #define IS_SSL_ERROR(code) \
     (((code) >= SSL_ERROR_BASE) && ((code) < SSL_ERROR_LIMIT))
 
 #ifndef NO_SECURITY_ERROR_ENUM
 typedef enum {
-SSL_ERROR_EXPORT_ONLY_SERVER 		= (SSL_ERROR_BASE +  0),
-SSL_ERROR_US_ONLY_SERVER 		= (SSL_ERROR_BASE +  1),
-SSL_ERROR_NO_CYPHER_OVERLAP 		= (SSL_ERROR_BASE +  2),
-/* 
+SSL_ERROR_EXPORT_ONLY_SERVER            = (SSL_ERROR_BASE +  0),
+SSL_ERROR_US_ONLY_SERVER                = (SSL_ERROR_BASE +  1),
+SSL_ERROR_NO_CYPHER_OVERLAP             = (SSL_ERROR_BASE +  2),
+/*
  * Received an alert reporting what we did wrong.  (more alerts below)
  */
-SSL_ERROR_NO_CERTIFICATE /*_ALERT */	= (SSL_ERROR_BASE +  3),
-SSL_ERROR_BAD_CERTIFICATE            	= (SSL_ERROR_BASE +  4),
-SSL_ERROR_UNUSED_5			= (SSL_ERROR_BASE +  5),
-					/* error 5 is obsolete */
-SSL_ERROR_BAD_CLIENT 			= (SSL_ERROR_BASE +  6),
-SSL_ERROR_BAD_SERVER 			= (SSL_ERROR_BASE +  7),
-SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	= (SSL_ERROR_BASE +  8),
-SSL_ERROR_UNSUPPORTED_VERSION 		= (SSL_ERROR_BASE +  9),
-SSL_ERROR_UNUSED_10			= (SSL_ERROR_BASE + 10),
-					/* error 10 is obsolete */
-SSL_ERROR_WRONG_CERTIFICATE		= (SSL_ERROR_BASE + 11),
-SSL_ERROR_BAD_CERT_DOMAIN 		= (SSL_ERROR_BASE + 12),
-SSL_ERROR_POST_WARNING 			= (SSL_ERROR_BASE + 13),
-SSL_ERROR_SSL2_DISABLED 		= (SSL_ERROR_BASE + 14),
-SSL_ERROR_BAD_MAC_READ 			= (SSL_ERROR_BASE + 15),
-/* 
+SSL_ERROR_NO_CERTIFICATE /*_ALERT */    = (SSL_ERROR_BASE +  3),
+SSL_ERROR_BAD_CERTIFICATE               = (SSL_ERROR_BASE +  4),
+SSL_ERROR_UNUSED_5                      = (SSL_ERROR_BASE +  5),
+                                        /* error 5 is obsolete */
+SSL_ERROR_BAD_CLIENT                    = (SSL_ERROR_BASE +  6),
+SSL_ERROR_BAD_SERVER                    = (SSL_ERROR_BASE +  7),
+SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE  = (SSL_ERROR_BASE +  8),
+SSL_ERROR_UNSUPPORTED_VERSION           = (SSL_ERROR_BASE +  9),
+SSL_ERROR_UNUSED_10                     = (SSL_ERROR_BASE + 10),
+                                        /* error 10 is obsolete */
+SSL_ERROR_WRONG_CERTIFICATE             = (SSL_ERROR_BASE + 11),
+SSL_ERROR_BAD_CERT_DOMAIN               = (SSL_ERROR_BASE + 12),
+SSL_ERROR_POST_WARNING                  = (SSL_ERROR_BASE + 13),
+SSL_ERROR_SSL2_DISABLED                 = (SSL_ERROR_BASE + 14),
+SSL_ERROR_BAD_MAC_READ                  = (SSL_ERROR_BASE + 15),
+/*
  * Received an alert reporting what we did wrong.
  * (two more alerts above, and many more below)
  */
-SSL_ERROR_BAD_MAC_ALERT 		= (SSL_ERROR_BASE + 16),
+SSL_ERROR_BAD_MAC_ALERT                 = (SSL_ERROR_BASE + 16),
 SSL_ERROR_BAD_CERT_ALERT                = (SSL_ERROR_BASE + 17),
-SSL_ERROR_REVOKED_CERT_ALERT 		= (SSL_ERROR_BASE + 18),
-SSL_ERROR_EXPIRED_CERT_ALERT 		= (SSL_ERROR_BASE + 19),
+SSL_ERROR_REVOKED_CERT_ALERT            = (SSL_ERROR_BASE + 18),
+SSL_ERROR_EXPIRED_CERT_ALERT            = (SSL_ERROR_BASE + 19),
 
-SSL_ERROR_SSL_DISABLED 			= (SSL_ERROR_BASE + 20),
-SSL_ERROR_FORTEZZA_PQG 			= (SSL_ERROR_BASE + 21),
-SSL_ERROR_UNKNOWN_CIPHER_SUITE		= (SSL_ERROR_BASE + 22),
-SSL_ERROR_NO_CIPHERS_SUPPORTED		= (SSL_ERROR_BASE + 23),
-SSL_ERROR_BAD_BLOCK_PADDING		= (SSL_ERROR_BASE + 24),
-SSL_ERROR_RX_RECORD_TOO_LONG		= (SSL_ERROR_BASE + 25),
-SSL_ERROR_TX_RECORD_TOO_LONG		= (SSL_ERROR_BASE + 26),
-/* 
+SSL_ERROR_SSL_DISABLED                  = (SSL_ERROR_BASE + 20),
+SSL_ERROR_FORTEZZA_PQG                  = (SSL_ERROR_BASE + 21),
+SSL_ERROR_UNKNOWN_CIPHER_SUITE          = (SSL_ERROR_BASE + 22),
+SSL_ERROR_NO_CIPHERS_SUPPORTED          = (SSL_ERROR_BASE + 23),
+SSL_ERROR_BAD_BLOCK_PADDING             = (SSL_ERROR_BASE + 24),
+SSL_ERROR_RX_RECORD_TOO_LONG            = (SSL_ERROR_BASE + 25),
+SSL_ERROR_TX_RECORD_TOO_LONG            = (SSL_ERROR_BASE + 26),
+/*
  * Received a malformed (too long or short) SSL handshake.
  */
-SSL_ERROR_RX_MALFORMED_HELLO_REQUEST	= (SSL_ERROR_BASE + 27),
-SSL_ERROR_RX_MALFORMED_CLIENT_HELLO	= (SSL_ERROR_BASE + 28),
-SSL_ERROR_RX_MALFORMED_SERVER_HELLO	= (SSL_ERROR_BASE + 29),
-SSL_ERROR_RX_MALFORMED_CERTIFICATE	= (SSL_ERROR_BASE + 30),
-SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH	= (SSL_ERROR_BASE + 31),
-SSL_ERROR_RX_MALFORMED_CERT_REQUEST	= (SSL_ERROR_BASE + 32),
-SSL_ERROR_RX_MALFORMED_HELLO_DONE	= (SSL_ERROR_BASE + 33),
-SSL_ERROR_RX_MALFORMED_CERT_VERIFY	= (SSL_ERROR_BASE + 34),
-SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH	= (SSL_ERROR_BASE + 35),
-SSL_ERROR_RX_MALFORMED_FINISHED 	= (SSL_ERROR_BASE + 36),
-/* 
+SSL_ERROR_RX_MALFORMED_HELLO_REQUEST    = (SSL_ERROR_BASE + 27),
+SSL_ERROR_RX_MALFORMED_CLIENT_HELLO     = (SSL_ERROR_BASE + 28),
+SSL_ERROR_RX_MALFORMED_SERVER_HELLO     = (SSL_ERROR_BASE + 29),
+SSL_ERROR_RX_MALFORMED_CERTIFICATE      = (SSL_ERROR_BASE + 30),
+SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH  = (SSL_ERROR_BASE + 31),
+SSL_ERROR_RX_MALFORMED_CERT_REQUEST     = (SSL_ERROR_BASE + 32),
+SSL_ERROR_RX_MALFORMED_HELLO_DONE       = (SSL_ERROR_BASE + 33),
+SSL_ERROR_RX_MALFORMED_CERT_VERIFY      = (SSL_ERROR_BASE + 34),
+SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH  = (SSL_ERROR_BASE + 35),
+SSL_ERROR_RX_MALFORMED_FINISHED         = (SSL_ERROR_BASE + 36),
+/*
  * Received a malformed (too long or short) SSL record.
  */
-SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER 	= (SSL_ERROR_BASE + 37),
-SSL_ERROR_RX_MALFORMED_ALERT	 	= (SSL_ERROR_BASE + 38),
-SSL_ERROR_RX_MALFORMED_HANDSHAKE 	= (SSL_ERROR_BASE + 39),
-SSL_ERROR_RX_MALFORMED_APPLICATION_DATA	= (SSL_ERROR_BASE + 40),
+SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER    = (SSL_ERROR_BASE + 37),
+SSL_ERROR_RX_MALFORMED_ALERT            = (SSL_ERROR_BASE + 38),
+SSL_ERROR_RX_MALFORMED_HANDSHAKE        = (SSL_ERROR_BASE + 39),
+SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40),
 /*
  * Received an SSL handshake that was inappropriate for the state we're in.
  * E.g. Server received message from server, or wrong state in state machine.
  */
-SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST	= (SSL_ERROR_BASE + 41),
-SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO	= (SSL_ERROR_BASE + 42),
-SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO	= (SSL_ERROR_BASE + 43),
-SSL_ERROR_RX_UNEXPECTED_CERTIFICATE	= (SSL_ERROR_BASE + 44),
-SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH	= (SSL_ERROR_BASE + 45),
-SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST	= (SSL_ERROR_BASE + 46),
-SSL_ERROR_RX_UNEXPECTED_HELLO_DONE	= (SSL_ERROR_BASE + 47),
-SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY	= (SSL_ERROR_BASE + 48),
-SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH	= (SSL_ERROR_BASE + 49),
-SSL_ERROR_RX_UNEXPECTED_FINISHED 	= (SSL_ERROR_BASE + 50),
+SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST   = (SSL_ERROR_BASE + 41),
+SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO    = (SSL_ERROR_BASE + 42),
+SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO    = (SSL_ERROR_BASE + 43),
+SSL_ERROR_RX_UNEXPECTED_CERTIFICATE     = (SSL_ERROR_BASE + 44),
+SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45),
+SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST    = (SSL_ERROR_BASE + 46),
+SSL_ERROR_RX_UNEXPECTED_HELLO_DONE      = (SSL_ERROR_BASE + 47),
+SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY     = (SSL_ERROR_BASE + 48),
+SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49),
+SSL_ERROR_RX_UNEXPECTED_FINISHED        = (SSL_ERROR_BASE + 50),
 /*
  * Received an SSL record that was inappropriate for the state we're in.
  */
-SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER 	= (SSL_ERROR_BASE + 51),
-SSL_ERROR_RX_UNEXPECTED_ALERT	 	= (SSL_ERROR_BASE + 52),
-SSL_ERROR_RX_UNEXPECTED_HANDSHAKE 	= (SSL_ERROR_BASE + 53),
-SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA= (SSL_ERROR_BASE + 54),
+SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER   = (SSL_ERROR_BASE + 51),
+SSL_ERROR_RX_UNEXPECTED_ALERT           = (SSL_ERROR_BASE + 52),
+SSL_ERROR_RX_UNEXPECTED_HANDSHAKE       = (SSL_ERROR_BASE + 53),
+SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA = (SSL_ERROR_BASE + 54),
 /*
  * Received record/message with unknown discriminant.
  */
-SSL_ERROR_RX_UNKNOWN_RECORD_TYPE	= (SSL_ERROR_BASE + 55),
-SSL_ERROR_RX_UNKNOWN_HANDSHAKE 		= (SSL_ERROR_BASE + 56),
-SSL_ERROR_RX_UNKNOWN_ALERT 		= (SSL_ERROR_BASE + 57),
-/* 
+SSL_ERROR_RX_UNKNOWN_RECORD_TYPE        = (SSL_ERROR_BASE + 55),
+SSL_ERROR_RX_UNKNOWN_HANDSHAKE          = (SSL_ERROR_BASE + 56),
+SSL_ERROR_RX_UNKNOWN_ALERT              = (SSL_ERROR_BASE + 57),
+/*
  * Received an alert reporting what we did wrong.  (more alerts above)
  */
-SSL_ERROR_CLOSE_NOTIFY_ALERT 		= (SSL_ERROR_BASE + 58),
-SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT 	= (SSL_ERROR_BASE + 59),
-SSL_ERROR_DECOMPRESSION_FAILURE_ALERT 	= (SSL_ERROR_BASE + 60),
-SSL_ERROR_HANDSHAKE_FAILURE_ALERT 	= (SSL_ERROR_BASE + 61),
-SSL_ERROR_ILLEGAL_PARAMETER_ALERT 	= (SSL_ERROR_BASE + 62),
-SSL_ERROR_UNSUPPORTED_CERT_ALERT 	= (SSL_ERROR_BASE + 63),
-SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT 	= (SSL_ERROR_BASE + 64),
+SSL_ERROR_CLOSE_NOTIFY_ALERT            = (SSL_ERROR_BASE + 58),
+SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT    = (SSL_ERROR_BASE + 59),
+SSL_ERROR_DECOMPRESSION_FAILURE_ALERT   = (SSL_ERROR_BASE + 60),
+SSL_ERROR_HANDSHAKE_FAILURE_ALERT       = (SSL_ERROR_BASE + 61),
+SSL_ERROR_ILLEGAL_PARAMETER_ALERT       = (SSL_ERROR_BASE + 62),
+SSL_ERROR_UNSUPPORTED_CERT_ALERT        = (SSL_ERROR_BASE + 63),
+SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT     = (SSL_ERROR_BASE + 64),
 
-SSL_ERROR_GENERATE_RANDOM_FAILURE	= (SSL_ERROR_BASE + 65),
-SSL_ERROR_SIGN_HASHES_FAILURE		= (SSL_ERROR_BASE + 66),
-SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE	= (SSL_ERROR_BASE + 67),
-SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE	= (SSL_ERROR_BASE + 68),
-SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE	= (SSL_ERROR_BASE + 69),
+SSL_ERROR_GENERATE_RANDOM_FAILURE       = (SSL_ERROR_BASE + 65),
+SSL_ERROR_SIGN_HASHES_FAILURE           = (SSL_ERROR_BASE + 66),
+SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE    = (SSL_ERROR_BASE + 67),
+SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE   = (SSL_ERROR_BASE + 68),
+SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE   = (SSL_ERROR_BASE + 69),
 
-SSL_ERROR_ENCRYPTION_FAILURE		= (SSL_ERROR_BASE + 70),
-SSL_ERROR_DECRYPTION_FAILURE		= (SSL_ERROR_BASE + 71), /* don't use */
-SSL_ERROR_SOCKET_WRITE_FAILURE		= (SSL_ERROR_BASE + 72),
+SSL_ERROR_ENCRYPTION_FAILURE            = (SSL_ERROR_BASE + 70),
+SSL_ERROR_DECRYPTION_FAILURE            = (SSL_ERROR_BASE + 71), /* don't use */
+SSL_ERROR_SOCKET_WRITE_FAILURE          = (SSL_ERROR_BASE + 72),
 
-SSL_ERROR_MD5_DIGEST_FAILURE		= (SSL_ERROR_BASE + 73),
-SSL_ERROR_SHA_DIGEST_FAILURE		= (SSL_ERROR_BASE + 74),
-SSL_ERROR_MAC_COMPUTATION_FAILURE	= (SSL_ERROR_BASE + 75),
-SSL_ERROR_SYM_KEY_CONTEXT_FAILURE	= (SSL_ERROR_BASE + 76),
-SSL_ERROR_SYM_KEY_UNWRAP_FAILURE	= (SSL_ERROR_BASE + 77),
-SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED	= (SSL_ERROR_BASE + 78),
-SSL_ERROR_IV_PARAM_FAILURE		= (SSL_ERROR_BASE + 79),
-SSL_ERROR_INIT_CIPHER_SUITE_FAILURE	= (SSL_ERROR_BASE + 80),
-SSL_ERROR_SESSION_KEY_GEN_FAILURE	= (SSL_ERROR_BASE + 81),
-SSL_ERROR_NO_SERVER_KEY_FOR_ALG		= (SSL_ERROR_BASE + 82),
-SSL_ERROR_TOKEN_INSERTION_REMOVAL	= (SSL_ERROR_BASE + 83),
-SSL_ERROR_TOKEN_SLOT_NOT_FOUND		= (SSL_ERROR_BASE + 84),
-SSL_ERROR_NO_COMPRESSION_OVERLAP	= (SSL_ERROR_BASE + 85),
-SSL_ERROR_HANDSHAKE_NOT_COMPLETED	= (SSL_ERROR_BASE + 86),
-SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE	= (SSL_ERROR_BASE + 87),
-SSL_ERROR_CERT_KEA_MISMATCH		= (SSL_ERROR_BASE + 88),
+SSL_ERROR_MD5_DIGEST_FAILURE            = (SSL_ERROR_BASE + 73),
+SSL_ERROR_SHA_DIGEST_FAILURE            = (SSL_ERROR_BASE + 74),
+SSL_ERROR_MAC_COMPUTATION_FAILURE       = (SSL_ERROR_BASE + 75),
+SSL_ERROR_SYM_KEY_CONTEXT_FAILURE       = (SSL_ERROR_BASE + 76),
+SSL_ERROR_SYM_KEY_UNWRAP_FAILURE        = (SSL_ERROR_BASE + 77),
+SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED   = (SSL_ERROR_BASE + 78),
+SSL_ERROR_IV_PARAM_FAILURE              = (SSL_ERROR_BASE + 79),
+SSL_ERROR_INIT_CIPHER_SUITE_FAILURE     = (SSL_ERROR_BASE + 80),
+SSL_ERROR_SESSION_KEY_GEN_FAILURE       = (SSL_ERROR_BASE + 81),
+SSL_ERROR_NO_SERVER_KEY_FOR_ALG         = (SSL_ERROR_BASE + 82),
+SSL_ERROR_TOKEN_INSERTION_REMOVAL       = (SSL_ERROR_BASE + 83),
+SSL_ERROR_TOKEN_SLOT_NOT_FOUND          = (SSL_ERROR_BASE + 84),
+SSL_ERROR_NO_COMPRESSION_OVERLAP        = (SSL_ERROR_BASE + 85),
+SSL_ERROR_HANDSHAKE_NOT_COMPLETED       = (SSL_ERROR_BASE + 86),
+SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE      = (SSL_ERROR_BASE + 87),
+SSL_ERROR_CERT_KEA_MISMATCH             = (SSL_ERROR_BASE + 88),
 /* SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA became obsolete in NSS 3.14. */
-SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA	= (SSL_ERROR_BASE + 89),
-SSL_ERROR_SESSION_NOT_FOUND		= (SSL_ERROR_BASE + 90),
+SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA      = (SSL_ERROR_BASE + 89),
+SSL_ERROR_SESSION_NOT_FOUND             = (SSL_ERROR_BASE + 90),
 
-SSL_ERROR_DECRYPTION_FAILED_ALERT	= (SSL_ERROR_BASE + 91),
-SSL_ERROR_RECORD_OVERFLOW_ALERT		= (SSL_ERROR_BASE + 92),
-SSL_ERROR_UNKNOWN_CA_ALERT		= (SSL_ERROR_BASE + 93),
-SSL_ERROR_ACCESS_DENIED_ALERT		= (SSL_ERROR_BASE + 94),
-SSL_ERROR_DECODE_ERROR_ALERT		= (SSL_ERROR_BASE + 95),
-SSL_ERROR_DECRYPT_ERROR_ALERT		= (SSL_ERROR_BASE + 96),
-SSL_ERROR_EXPORT_RESTRICTION_ALERT	= (SSL_ERROR_BASE + 97),
-SSL_ERROR_PROTOCOL_VERSION_ALERT	= (SSL_ERROR_BASE + 98),
-SSL_ERROR_INSUFFICIENT_SECURITY_ALERT	= (SSL_ERROR_BASE + 99),
-SSL_ERROR_INTERNAL_ERROR_ALERT		= (SSL_ERROR_BASE + 100),
-SSL_ERROR_USER_CANCELED_ALERT		= (SSL_ERROR_BASE + 101),
-SSL_ERROR_NO_RENEGOTIATION_ALERT	= (SSL_ERROR_BASE + 102),
+SSL_ERROR_DECRYPTION_FAILED_ALERT       = (SSL_ERROR_BASE + 91),
+SSL_ERROR_RECORD_OVERFLOW_ALERT         = (SSL_ERROR_BASE + 92),
+SSL_ERROR_UNKNOWN_CA_ALERT              = (SSL_ERROR_BASE + 93),
+SSL_ERROR_ACCESS_DENIED_ALERT           = (SSL_ERROR_BASE + 94),
+SSL_ERROR_DECODE_ERROR_ALERT            = (SSL_ERROR_BASE + 95),
+SSL_ERROR_DECRYPT_ERROR_ALERT           = (SSL_ERROR_BASE + 96),
+SSL_ERROR_EXPORT_RESTRICTION_ALERT      = (SSL_ERROR_BASE + 97),
+SSL_ERROR_PROTOCOL_VERSION_ALERT        = (SSL_ERROR_BASE + 98),
+SSL_ERROR_INSUFFICIENT_SECURITY_ALERT   = (SSL_ERROR_BASE + 99),
+SSL_ERROR_INTERNAL_ERROR_ALERT          = (SSL_ERROR_BASE + 100),
+SSL_ERROR_USER_CANCELED_ALERT           = (SSL_ERROR_BASE + 101),
+SSL_ERROR_NO_RENEGOTIATION_ALERT        = (SSL_ERROR_BASE + 102),
 
-SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED	= (SSL_ERROR_BASE + 103),
+SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED   = (SSL_ERROR_BASE + 103),
 
-SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT		= (SSL_ERROR_BASE + 104),
-SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT	= (SSL_ERROR_BASE + 105),
-SSL_ERROR_UNRECOGNIZED_NAME_ALERT		= (SSL_ERROR_BASE + 106),
-SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT	= (SSL_ERROR_BASE + 107),
-SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT		= (SSL_ERROR_BASE + 108),
+SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT   = (SSL_ERROR_BASE + 104),
+SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105),
+SSL_ERROR_UNRECOGNIZED_NAME_ALERT       = (SSL_ERROR_BASE + 106),
+SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107),
+SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT     = (SSL_ERROR_BASE + 108),
 
 SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 109),
-SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET  = (SSL_ERROR_BASE + 110),
+SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110),
 
-SSL_ERROR_DECOMPRESSION_FAILURE		= (SSL_ERROR_BASE + 111),
+SSL_ERROR_DECOMPRESSION_FAILURE         = (SSL_ERROR_BASE + 111),
 SSL_ERROR_RENEGOTIATION_NOT_ALLOWED     = (SSL_ERROR_BASE + 112),
 SSL_ERROR_UNSAFE_NEGOTIATION            = (SSL_ERROR_BASE + 113),
 
-SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD	= (SSL_ERROR_BASE + 114),
+SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114),
 
 SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY  = (SSL_ERROR_BASE + 115),
 
-SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID	= (SSL_ERROR_BASE + 116),
+SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID    = (SSL_ERROR_BASE + 116),
 
 SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 = (SSL_ERROR_BASE + 117),
 SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118),
 SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119),
 
-SSL_ERROR_INVALID_VERSION_RANGE		= (SSL_ERROR_BASE + 120),
-SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION	= (SSL_ERROR_BASE + 121),
+SSL_ERROR_INVALID_VERSION_RANGE         = (SSL_ERROR_BASE + 120),
+SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121),
 
 SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 122),
 SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123),
@@ -189,20 +189,20 @@
 
 SSL_ERROR_RX_UNEXPECTED_CERT_STATUS     = (SSL_ERROR_BASE + 125),
 
-SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126),
-SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
+SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM    = (SSL_ERROR_BASE + 126),
+SSL_ERROR_DIGEST_FAILURE                = (SSL_ERROR_BASE + 127),
 SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
 
 SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK     = (SSL_ERROR_BASE + 129),
 SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL     = (SSL_ERROR_BASE + 130),
 
-SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
+SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT  = (SSL_ERROR_BASE + 131),
 
-SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 132),
-SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 133),
-SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 134),
+SSL_ERROR_BAD_CHANNEL_ID_DATA           = (SSL_ERROR_BASE + 132),
+SSL_ERROR_INVALID_CHANNEL_ID_KEY        = (SSL_ERROR_BASE + 133),
+SSL_ERROR_GET_CHANNEL_ID_FAILED         = (SSL_ERROR_BASE + 134),
 
-SSL_ERROR_END_OF_LIST	/* let the c compiler determine the value of this. */
+SSL_ERROR_END_OF_LIST   /* let the c compiler determine the value of this. */
 } SSLErrorCodes;
 #endif /* NO_SECURITY_ERROR_ENUM */
 
diff --git a/net/third_party/nss/ssl/sslgathr.c b/net/third_party/nss/ssl/sslgathr.c
index 6c17eb00..bdf470b 100644
--- a/net/third_party/nss/ssl/sslgathr.c
+++ b/net/third_party/nss/ssl/sslgathr.c
@@ -364,34 +364,6 @@
     return ssl2_GatherData(ss, &ss->gs, flags);
 }
 
-/*
- * Returns +1 when it has gathered a complete SSLV2 record.
- * Returns  0 if it hits EOF.
- * Returns -1 (SECFailure)    on any error
- * Returns -2 (SECWouldBlock) 
- *
- * Called from SocksStartGather in sslsocks.c
- * Caller must hold RecvBufLock. 
- */
-int 
-ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, unsigned int count)
-{
-    int rv;
-
-    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
-    gs->state     = GS_DATA;
-    gs->remainder = count;
-    gs->count     = count;
-    gs->offset    = 0;
-    if (count > gs->buf.space) {
-	rv = sslBuffer_Grow(&gs->buf, count);
-	if (rv) {
-	    return rv;
-	}
-    }
-    return ssl2_GatherData(ss, gs, 0);
-}
-
 /* Caller should hold RecvBufLock. */
 SECStatus
 ssl_InitGather(sslGather *gs)
diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
index 8754e16..a809616 100644
--- a/net/third_party/nss/ssl/sslimpl.h
+++ b/net/third_party/nss/ssl/sslimpl.h
@@ -299,11 +299,11 @@
 #endif
 } ssl3CipherSuiteCfg;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 #define ssl_V3_SUITES_IMPLEMENTED 63
 #else
 #define ssl_V3_SUITES_IMPLEMENTED 37
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 #define MAX_DTLS_SRTP_CIPHER_SUITES 4
 
@@ -337,8 +337,9 @@
     unsigned int enableOCSPStapling     : 1;  /* 25 */
     unsigned int enableNPN              : 1;  /* 26 */
     unsigned int enableALPN             : 1;  /* 27 */
-    unsigned int enableSignedCertTimestamps : 1;  /* 28 */
+    unsigned int reuseServerECDHEKey    : 1;  /* 28 */
     unsigned int enableFallbackSCSV     : 1;  /* 29 */
+    unsigned int enableSignedCertTimestamps : 1;  /* 30 */
 } sslOptions;
 
 typedef enum { sslHandshakingUndetermined = 0,
@@ -678,9 +679,9 @@
             SSL3KEAType           exchKeyType;
 				  /* key type used in exchange algorithm,
 				   * and to wrap the sym wrapping key. */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	    PRUint32              negotiatedECCurves;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 	    /* The following values are NOT restored from the server's on-disk
 	     * session cache, but are restored from the client's cache.
@@ -935,9 +936,9 @@
 	SSL3Finished      sFinished[2];
 	SSL3Opaque        data[72];
     }                     finishedMsgs;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     PRUint32              negotiatedECCurves; /* bit mask */
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     PRBool                authCertificatePending;
     /* Which function should SSL_RestartHandshake* call if we're blocked?
@@ -1456,8 +1457,6 @@
 
 extern SECStatus   ssl2_HandleClientHelloMessage(sslSocket *ss);
 extern SECStatus   ssl2_HandleServerHelloMessage(sslSocket *ss);
-extern int         ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, 
-                                         unsigned int count);
 
 extern SECStatus   ssl_CreateSecurityInfo(sslSocket *ss);
 extern SECStatus   ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os);
@@ -1612,7 +1611,11 @@
  * runtime to determine which versions are supported by the version of libssl
  * in use.
  */
+#ifdef NSS_ENABLE_TLS_1_3
+#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_3
+#else
 #define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2
+#endif
 
 /* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */
 #define SSL3_ALL_VERSIONS_DISABLED(vrange) \
@@ -1678,7 +1681,7 @@
  */
 extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 extern void      ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
 extern PRBool    ssl3_IsECCEnabled(sslSocket *ss);
 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, 
@@ -1733,7 +1736,7 @@
 ECName	ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits);
 
 
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
@@ -1770,7 +1773,7 @@
 
 extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 /* ECDH functions */
 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, 
 			     SECKEYPublicKey * svrPubKey);
@@ -1855,7 +1858,7 @@
                                         const CERTCertificateList *certChain,
                                         ssl3KeyPair *keyPair, SSLKEAType kea);
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
 			PRBool append, PRUint32 maxBytes);
 extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c
index df7e669..845d9f02 100644
--- a/net/third_party/nss/ssl/sslinfo.c
+++ b/net/third_party/nss/ssl/sslinfo.c
@@ -149,30 +149,30 @@
 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA),      S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA),             S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA),     S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
-{0,CS(SSL_RSA_WITH_RC4_128_SHA),              S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
-{0,CS(SSL_RSA_WITH_RC4_128_MD5),              S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_RC4_128_SHA),              S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_RC4_128_MD5),              S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256),       S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA),          S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
 
-{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA),     S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
-{0,CS(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA),     S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA),     S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA),     S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA),    S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, },
-{0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA),         S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA),         S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
 
-{0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA),          S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
-{0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA),          S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA),          S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA),          S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
 {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA),         S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, },
-{0,CS(SSL_RSA_WITH_DES_CBC_SHA),              S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_DES_CBC_SHA),              S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
 
 {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA),    S_RSA, K_RSA, C_RC4, B_56,  M_SHA, 0, 1, 0, },
 {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA),   S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, },
-{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5),        S_RSA, K_RSA, C_RC4, B_40,  M_MD5, 0, 1, 0, },
-{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5),    S_RSA, K_RSA, C_RC2, B_40,  M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5),        S_RSA, K_RSA, C_RC4, B_40,  M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5),    S_RSA, K_RSA, C_RC2, B_40,  M_MD5, 0, 1, 0, },
 {0,CS(TLS_RSA_WITH_NULL_SHA256),              S_RSA, K_RSA, C_NULL,B_0,   M_SHA256, 0, 1, 0, },
-{0,CS(SSL_RSA_WITH_NULL_SHA),                 S_RSA, K_RSA, C_NULL,B_0,   M_SHA, 0, 1, 0, },
-{0,CS(SSL_RSA_WITH_NULL_MD5),                 S_RSA, K_RSA, C_NULL,B_0,   M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_WITH_NULL_SHA),                 S_RSA, K_RSA, C_NULL,B_0,   M_SHA, 0, 1, 0, },
+{0,CS(TLS_RSA_WITH_NULL_MD5),                 S_RSA, K_RSA, C_NULL,B_0,   M_MD5, 0, 1, 0, },
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 /* ECC cipher suites */
 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
@@ -204,7 +204,7 @@
 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA),    S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
 {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA),    S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 /* SSL 2 table */
 {0,CK(SSL_CK_RC4_128_WITH_MD5),               S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
diff --git a/net/third_party/nss/ssl/sslnonce.c b/net/third_party/nss/ssl/sslnonce.c
index 3e42bed..28ad364 100644
--- a/net/third_party/nss/ssl/sslnonce.c
+++ b/net/third_party/nss/ssl/sslnonce.c
@@ -441,6 +441,8 @@
 {
     PORT_Assert(sid);
     PORT_Assert(newSessionTicket);
+    PORT_Assert(newSessionTicket->ticket.data);
+    PORT_Assert(newSessionTicket->ticket.len != 0);
 
     /* if sid->u.ssl3.lock, we are updating an existing entry that is already
      * cached or was once cached, so we need to acquire and release the write
@@ -449,10 +451,6 @@
      */
     if (sid->u.ssl3.lock) {
 	NSSRWLock_LockWrite(sid->u.ssl3.lock);
-
-	/* A server might have sent us an empty ticket, which has the
-	 * effect of clearing the previously known ticket.
-	 */
 	if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
 	    SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
 			     PR_FALSE);
diff --git a/net/third_party/nss/ssl/sslproto.h b/net/third_party/nss/ssl/sslproto.h
index 621ef37..dc653c91 100644
--- a/net/third_party/nss/ssl/sslproto.h
+++ b/net/third_party/nss/ssl/sslproto.h
@@ -1,5 +1,5 @@
 /*
- * Various and sundry protocol constants. DON'T CHANGE THESE. These values 
+ * Various and sundry protocol constants. DON'T CHANGE THESE. These values
  * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
  * Cipher kinds and ciphersuites are part of the public API.
  *
@@ -11,138 +11,178 @@
 #define __sslproto_h_
 
 /* All versions less than 3_0 are treated as SSL version 2 */
-#define SSL_LIBRARY_VERSION_2			0x0002
-#define SSL_LIBRARY_VERSION_3_0			0x0300
-#define SSL_LIBRARY_VERSION_TLS_1_0		0x0301
-#define SSL_LIBRARY_VERSION_TLS_1_1		0x0302
-#define SSL_LIBRARY_VERSION_TLS_1_2		0x0303
+#define SSL_LIBRARY_VERSION_2                   0x0002
+#define SSL_LIBRARY_VERSION_3_0                 0x0300
+#define SSL_LIBRARY_VERSION_TLS_1_0             0x0301
+#define SSL_LIBRARY_VERSION_TLS_1_1             0x0302
+#define SSL_LIBRARY_VERSION_TLS_1_2             0x0303
+#define SSL_LIBRARY_VERSION_TLS_1_3             0x0304
+
 /* Note: this is the internal format, not the wire format */
-#define SSL_LIBRARY_VERSION_DTLS_1_0		0x0302
+#define SSL_LIBRARY_VERSION_DTLS_1_0            0x0302
+#define SSL_LIBRARY_VERSION_DTLS_1_2            0x0303
+#define SSL_LIBRARY_VERSION_DTLS_1_3            0x0304
 
 /* deprecated old name */
-#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 
+#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
 
-/* The DTLS version used in the spec */
+/* The DTLS versions used in the spec */
 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE       ((~0x0100) & 0xffff)
+#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE       ((~0x0102) & 0xffff)
+#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE       ((~0x0103) & 0xffff)
 
 /* Header lengths of some of the messages */
-#define SSL_HL_ERROR_HBYTES			3
-#define SSL_HL_CLIENT_HELLO_HBYTES		9
-#define SSL_HL_CLIENT_MASTER_KEY_HBYTES		10
-#define SSL_HL_CLIENT_FINISHED_HBYTES		1
-#define SSL_HL_SERVER_HELLO_HBYTES		11
-#define SSL_HL_SERVER_VERIFY_HBYTES		1
-#define SSL_HL_SERVER_FINISHED_HBYTES		1
-#define SSL_HL_REQUEST_CERTIFICATE_HBYTES	2
-#define SSL_HL_CLIENT_CERTIFICATE_HBYTES	6
+#define SSL_HL_ERROR_HBYTES                     3
+#define SSL_HL_CLIENT_HELLO_HBYTES              9
+#define SSL_HL_CLIENT_MASTER_KEY_HBYTES         10
+#define SSL_HL_CLIENT_FINISHED_HBYTES           1
+#define SSL_HL_SERVER_HELLO_HBYTES              11
+#define SSL_HL_SERVER_VERIFY_HBYTES             1
+#define SSL_HL_SERVER_FINISHED_HBYTES           1
+#define SSL_HL_REQUEST_CERTIFICATE_HBYTES       2
+#define SSL_HL_CLIENT_CERTIFICATE_HBYTES        6
 
 /* Security handshake protocol codes */
-#define SSL_MT_ERROR				0
-#define SSL_MT_CLIENT_HELLO			1
-#define SSL_MT_CLIENT_MASTER_KEY		2
-#define SSL_MT_CLIENT_FINISHED			3
-#define SSL_MT_SERVER_HELLO			4
-#define SSL_MT_SERVER_VERIFY			5
-#define SSL_MT_SERVER_FINISHED			6
-#define SSL_MT_REQUEST_CERTIFICATE		7
-#define SSL_MT_CLIENT_CERTIFICATE		8
+#define SSL_MT_ERROR                            0
+#define SSL_MT_CLIENT_HELLO                     1
+#define SSL_MT_CLIENT_MASTER_KEY                2
+#define SSL_MT_CLIENT_FINISHED                  3
+#define SSL_MT_SERVER_HELLO                     4
+#define SSL_MT_SERVER_VERIFY                    5
+#define SSL_MT_SERVER_FINISHED                  6
+#define SSL_MT_REQUEST_CERTIFICATE              7
+#define SSL_MT_CLIENT_CERTIFICATE               8
 
 /* Certificate types */
-#define SSL_CT_X509_CERTIFICATE			0x01
+#define SSL_CT_X509_CERTIFICATE                 0x01
 #if 0 /* XXX Not implemented yet */
-#define SSL_PKCS6_CERTIFICATE			0x02
+#define SSL_PKCS6_CERTIFICATE                   0x02
 #endif
-#define SSL_AT_MD5_WITH_RSA_ENCRYPTION		0x01
+#define SSL_AT_MD5_WITH_RSA_ENCRYPTION          0x01
 
 /* Error codes */
-#define SSL_PE_NO_CYPHERS			0x0001
-#define SSL_PE_NO_CERTIFICATE			0x0002
-#define SSL_PE_BAD_CERTIFICATE			0x0004
-#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE	0x0006
+#define SSL_PE_NO_CYPHERS                       0x0001
+#define SSL_PE_NO_CERTIFICATE                   0x0002
+#define SSL_PE_BAD_CERTIFICATE                  0x0004
+#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE     0x0006
 
 /* Cypher kinds (not the spec version!) */
-#define SSL_CK_RC4_128_WITH_MD5			0x01
-#define SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x02
-#define SSL_CK_RC2_128_CBC_WITH_MD5		0x03
-#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x04
-#define SSL_CK_IDEA_128_CBC_WITH_MD5		0x05
-#define SSL_CK_DES_64_CBC_WITH_MD5		0x06
-#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x07
+#define SSL_CK_RC4_128_WITH_MD5                 0x01
+#define SSL_CK_RC4_128_EXPORT40_WITH_MD5        0x02
+#define SSL_CK_RC2_128_CBC_WITH_MD5             0x03
+#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    0x04
+#define SSL_CK_IDEA_128_CBC_WITH_MD5            0x05
+#define SSL_CK_DES_64_CBC_WITH_MD5              0x06
+#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5        0x07
 
-/* Cipher enables.  These are used only for SSL_EnableCipher 
- * These values define the SSL2 suites, and do not colide with the 
+/* Cipher enables.  These are used only for SSL_EnableCipher
+ * These values define the SSL2 suites, and do not colide with the
  * SSL3 Cipher suites defined below.
  */
-#define SSL_EN_RC4_128_WITH_MD5			0xFF01
-#define SSL_EN_RC4_128_EXPORT40_WITH_MD5	0xFF02
-#define SSL_EN_RC2_128_CBC_WITH_MD5		0xFF03
-#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5	0xFF04
-#define SSL_EN_IDEA_128_CBC_WITH_MD5		0xFF05
-#define SSL_EN_DES_64_CBC_WITH_MD5		0xFF06
-#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5	0xFF07
+#define SSL_EN_RC4_128_WITH_MD5                 0xFF01
+#define SSL_EN_RC4_128_EXPORT40_WITH_MD5        0xFF02
+#define SSL_EN_RC2_128_CBC_WITH_MD5             0xFF03
+#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5    0xFF04
+#define SSL_EN_IDEA_128_CBC_WITH_MD5            0xFF05
+#define SSL_EN_DES_64_CBC_WITH_MD5              0xFF06
+#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5        0xFF07
 
-/* SSL v3 Cipher Suites */
-#define SSL_NULL_WITH_NULL_NULL			0x0000
+/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
+#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
+#define SSL_NULL_WITH_NULL_NULL                TLS_NULL_WITH_NULL_NULL
+#define SSL_RSA_WITH_NULL_MD5                  TLS_RSA_WITH_NULL_MD5
+#define SSL_RSA_WITH_NULL_SHA                  TLS_RSA_WITH_NULL_SHA
+#define SSL_RSA_EXPORT_WITH_RC4_40_MD5         TLS_RSA_EXPORT_WITH_RC4_40_MD5
+#define SSL_RSA_WITH_RC4_128_MD5               TLS_RSA_WITH_RC4_128_MD5
+#define SSL_RSA_WITH_RC4_128_SHA               TLS_RSA_WITH_RC4_128_SHA
+#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5     TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
+#define SSL_RSA_WITH_IDEA_CBC_SHA              TLS_RSA_WITH_IDEA_CBC_SHA
+#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA      TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_RSA_WITH_DES_CBC_SHA               TLS_RSA_WITH_DES_CBC_SHA
+#define SSL_RSA_WITH_3DES_EDE_CBC_SHA          TLS_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_DSS_WITH_DES_CBC_SHA            TLS_DH_DSS_WITH_DES_CBC_SHA
+#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA       TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_RSA_WITH_DES_CBC_SHA            TLS_DH_RSA_WITH_DES_CBC_SHA
+#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA       TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_DSS_WITH_DES_CBC_SHA           TLS_DHE_DSS_WITH_DES_CBC_SHA
+#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA      TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_RSA_WITH_DES_CBC_SHA           TLS_DHE_RSA_WITH_DES_CBC_SHA
+#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_ANON_WITH_RC4_128_MD5           TLS_DH_anon_WITH_RC4_128_MD5
+#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_ANON_WITH_DES_CBC_SHA           TLS_DH_anon_WITH_DES_CBC_SHA
+#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA      TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5     TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
+#define TLS_DH_ANON_WITH_AES_128_CBC_SHA       TLS_DH_anon_WITH_AES_128_CBC_SHA
+#define TLS_DH_ANON_WITH_AES_256_CBC_SHA       TLS_DH_anon_WITH_AES_256_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
+#endif
 
-#define SSL_RSA_WITH_NULL_MD5			0x0001
-#define SSL_RSA_WITH_NULL_SHA			0x0002
-#define SSL_RSA_EXPORT_WITH_RC4_40_MD5		0x0003
-#define SSL_RSA_WITH_RC4_128_MD5		0x0004
-#define SSL_RSA_WITH_RC4_128_SHA		0x0005
-#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006
-#define SSL_RSA_WITH_IDEA_CBC_SHA		0x0007
-#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
-#define SSL_RSA_WITH_DES_CBC_SHA		0x0009
-#define SSL_RSA_WITH_3DES_EDE_CBC_SHA		0x000a
-						       
-#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
-#define SSL_DH_DSS_WITH_DES_CBC_SHA		0x000c
-#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000d
-#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
-#define SSL_DH_RSA_WITH_DES_CBC_SHA		0x000f
-#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010
-						       
-#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
-#define SSL_DHE_DSS_WITH_DES_CBC_SHA		0x0012
-#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
-#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
-#define SSL_DHE_RSA_WITH_DES_CBC_SHA		0x0015
-#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
-						       
-#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5	0x0017
-#define SSL_DH_ANON_WITH_RC4_128_MD5		0x0018
-#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA	0x0019
-#define SSL_DH_ANON_WITH_DES_CBC_SHA		0x001a
-#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA	0x001b
+#define TLS_NULL_WITH_NULL_NULL                 0x0000
 
-#define SSL_FORTEZZA_DMS_WITH_NULL_SHA		0x001c /* deprecated */
-#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA	0x001d /* deprecated */
-#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	0x001e /* deprecated */
+#define TLS_RSA_WITH_NULL_MD5                   0x0001
+#define TLS_RSA_WITH_NULL_SHA                   0x0002
+#define TLS_RSA_EXPORT_WITH_RC4_40_MD5          0x0003
+#define TLS_RSA_WITH_RC4_128_MD5                0x0004
+#define TLS_RSA_WITH_RC4_128_SHA                0x0005
+#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      0x0006
+#define TLS_RSA_WITH_IDEA_CBC_SHA               0x0007
+#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       0x0008
+#define TLS_RSA_WITH_DES_CBC_SHA                0x0009
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA           0x000a
 
-/* New TLS cipher suites */
-#define TLS_RSA_WITH_AES_128_CBC_SHA      	0x002F
-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA   	0x0030
-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA   	0x0031
-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA  	0x0032
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA  	0x0033
-#define TLS_DH_ANON_WITH_AES_128_CBC_SHA  	0x0034
+#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    0x000b
+#define TLS_DH_DSS_WITH_DES_CBC_SHA             0x000c
+#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        0x000d
+#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    0x000e
+#define TLS_DH_RSA_WITH_DES_CBC_SHA             0x000f
+#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        0x0010
 
-#define TLS_RSA_WITH_AES_256_CBC_SHA      	0x0035
-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA   	0x0036
-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA   	0x0037
-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA  	0x0038
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA  	0x0039
-#define TLS_DH_ANON_WITH_AES_256_CBC_SHA  	0x003A
-#define TLS_RSA_WITH_NULL_SHA256		0x003B
-#define TLS_RSA_WITH_AES_128_CBC_SHA256  	0x003C
-#define TLS_RSA_WITH_AES_256_CBC_SHA256  	0x003D
+#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   0x0011
+#define TLS_DHE_DSS_WITH_DES_CBC_SHA            0x0012
+#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       0x0013
+#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   0x0014
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA            0x0015
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       0x0016
 
-#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      	0x0041
-#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   	0x0042
-#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   	0x0043
-#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  	0x0044
-#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  	0x0045
-#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  	0x0046
+#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      0x0017
+#define TLS_DH_anon_WITH_RC4_128_MD5            0x0018
+#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   0x0019
+#define TLS_DH_anon_WITH_DES_CBC_SHA            0x001a
+#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       0x001b
+
+#define SSL_FORTEZZA_DMS_WITH_NULL_SHA          0x001c /* deprecated */
+#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA  0x001d /* deprecated */
+#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA       0x001e /* deprecated */
+
+#define TLS_RSA_WITH_AES_128_CBC_SHA            0x002F
+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA         0x0030
+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA         0x0031
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA        0x0032
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA        0x0033
+#define TLS_DH_anon_WITH_AES_128_CBC_SHA        0x0034
+
+#define TLS_RSA_WITH_AES_256_CBC_SHA            0x0035
+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA         0x0036
+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA         0x0037
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA        0x0038
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA        0x0039
+#define TLS_DH_anon_WITH_AES_256_CBC_SHA        0x003A
+#define TLS_RSA_WITH_NULL_SHA256                0x003B
+#define TLS_RSA_WITH_AES_128_CBC_SHA256         0x003C
+#define TLS_RSA_WITH_AES_256_CBC_SHA256         0x003D
+
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA       0x0041
+#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA    0x0042
+#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA    0x0043
+#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA   0x0044
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA   0x0045
+#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA   0x0046
 
 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062
 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064
@@ -153,14 +193,14 @@
 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067
 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B
 
-#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      	0x0084
-#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   	0x0085
-#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   	0x0086
-#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  	0x0087
-#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  	0x0088
-#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  	0x0089
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA       0x0084
+#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA    0x0085
+#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA    0x0086
+#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA   0x0087
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA   0x0088
+#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA   0x0089
 
-#define TLS_RSA_WITH_SEED_CBC_SHA		0x0096
+#define TLS_RSA_WITH_SEED_CBC_SHA               0x0096
 
 #define TLS_RSA_WITH_AES_128_GCM_SHA256         0x009C
 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256     0x009E
@@ -170,12 +210,12 @@
  * Must NEVER be chosen by server.  SSL 3.0 server acknowledges by sending
  * back an empty Renegotiation Info (RI) server hello extension.
  */
-#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV	0x00FF
+#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV       0x00FF
 
 /* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
- * handshake is the result of TLS version fallback. This value is not IANA
- * assigned. */
-#define TLS_FALLBACK_SCSV			0x5600
+ * handshake is the result of TLS version fallback.
+ */
+#define TLS_FALLBACK_SCSV                       0x5600
 
 /* Cipher Suite Values starting with 0xC000 are defined in informational
  * RFCs.
@@ -222,18 +262,18 @@
 #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305	0xCC14
 
 /* Netscape "experimental" cipher suites. */
-#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA	0xffe0
-#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA	0xffe1
+#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA   0xffe0
+#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA        0xffe1
 
 /* New non-experimental openly spec'ed versions of those cipher suites. */
-#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 	0xfeff
-#define SSL_RSA_FIPS_WITH_DES_CBC_SHA      	0xfefe
+#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA      0xfeff
+#define SSL_RSA_FIPS_WITH_DES_CBC_SHA           0xfefe
 
 /* DTLS-SRTP cipher suites from RFC 5764 */
 /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */
-#define SRTP_AES128_CM_HMAC_SHA1_80		0x0001
-#define SRTP_AES128_CM_HMAC_SHA1_32		0x0002
-#define SRTP_NULL_HMAC_SHA1_80			0x0005
-#define SRTP_NULL_HMAC_SHA1_32			0x0006
+#define SRTP_AES128_CM_HMAC_SHA1_80             0x0001
+#define SRTP_AES128_CM_HMAC_SHA1_32             0x0002
+#define SRTP_NULL_HMAC_SHA1_80                  0x0005
+#define SRTP_NULL_HMAC_SHA1_32                  0x0006
 
 #endif /* __sslproto_h_ */
diff --git a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c
index e03d7f9..00ab455 100644
--- a/net/third_party/nss/ssl/sslsecur.c
+++ b/net/third_party/nss/ssl/sslsecur.c
@@ -696,11 +696,11 @@
   case SEC_OID_X942_DIFFIE_HELMAN_KEY:
     keaType = kt_dh;
     break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
   case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
     keaType = kt_ecdh;
     break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
   default:
     keaType = kt_null;
   }
@@ -968,11 +968,9 @@
 	ss->sec.hashcx 		= NULL;
     }
 
-    SECITEM_CopyItem(0, &ss->sec.sendSecret, &os->sec.sendSecret);
-    if (os->sec.sendSecret.data && !ss->sec.sendSecret.data)
+    if (SECITEM_CopyItem(0, &ss->sec.sendSecret, &os->sec.sendSecret))
     	goto loser;
-    SECITEM_CopyItem(0, &ss->sec.rcvSecret,  &os->sec.rcvSecret);
-    if (os->sec.rcvSecret.data && !ss->sec.rcvSecret.data)
+    if (SECITEM_CopyItem(0, &ss->sec.rcvSecret,  &os->sec.rcvSecret))
     	goto loser;
 
     /* XXX following code is wrong if either cx != 0 */
diff --git a/net/third_party/nss/ssl/sslsnce.c b/net/third_party/nss/ssl/sslsnce.c
index 34e07b00..3279200 100644
--- a/net/third_party/nss/ssl/sslsnce.c
+++ b/net/third_party/nss/ssl/sslsnce.c
@@ -522,7 +522,6 @@
 /*
 ** Convert shared memory cache-entry to local memory based one
 ** This is only called from ServerSessionIDLookup().
-** Caller must hold cache lock when calling this.
 */
 static sslSessionID *
 ConvertToSID(sidCacheEntry *    from,
diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
index 421ba21..13634c60 100644
--- a/net/third_party/nss/ssl/sslsock.c
+++ b/net/third_party/nss/ssl/sslsock.c
@@ -1,5 +1,5 @@
 /*
- * vtables (and methods that call through them) for the 4 types of 
+ * vtables (and methods that call through them) for the 4 types of
  * SSLSockets supported.  Only one type is still supported.
  * Various other functions.
  *
@@ -28,7 +28,7 @@
 
 #define SET_ERROR_CODE   /* reminder */
 
-static const sslSocketOps ssl_default_ops = {	/* No SSL. */
+static const sslSocketOps ssl_default_ops = {   /* No SSL. */
     ssl_DefConnect,
     NULL,
     ssl_DefBind,
@@ -43,7 +43,7 @@
     ssl_DefGetsockname
 };
 
-static const sslSocketOps ssl_secure_ops = {	/* SSL. */
+static const sslSocketOps ssl_secure_ops = {    /* SSL. */
     ssl_SecureConnect,
     NULL,
     ssl_DefBind,
@@ -63,19 +63,19 @@
 */
 static sslOptions ssl_defaults = {
     { siBuffer, NULL, 0 }, /* nextProtoNego */
-    PR_TRUE, 	/* useSecurity        */
-    PR_FALSE,	/* useSocks           */
-    PR_FALSE,	/* requestCertificate */
-    2,	        /* requireCertificate */
-    PR_FALSE,	/* handshakeAsClient  */
-    PR_FALSE,	/* handshakeAsServer  */
-    PR_FALSE,	/* enableSSL2         */ /* now defaults to off in NSS 3.13 */
-    PR_FALSE,	/* unusedBit9         */
-    PR_FALSE, 	/* unusedBit10        */
-    PR_FALSE,	/* noCache            */
-    PR_FALSE,	/* fdx                */
-    PR_FALSE,	/* v2CompatibleHello  */ /* now defaults to off in NSS 3.13 */
-    PR_TRUE,	/* detectRollBack     */
+    PR_TRUE,    /* useSecurity        */
+    PR_FALSE,   /* useSocks           */
+    PR_FALSE,   /* requestCertificate */
+    2,          /* requireCertificate */
+    PR_FALSE,   /* handshakeAsClient  */
+    PR_FALSE,   /* handshakeAsServer  */
+    PR_FALSE,   /* enableSSL2         */ /* now defaults to off in NSS 3.13 */
+    PR_FALSE,   /* unusedBit9         */
+    PR_FALSE,   /* unusedBit10        */
+    PR_FALSE,   /* noCache            */
+    PR_FALSE,   /* fdx                */
+    PR_FALSE,   /* v2CompatibleHello  */ /* now defaults to off in NSS 3.13 */
+    PR_TRUE,    /* detectRollBack     */
     PR_FALSE,   /* noStepDown         */
     PR_FALSE,   /* bypassPKCS11       */
     PR_FALSE,   /* noLocks            */
@@ -88,8 +88,9 @@
     PR_FALSE,   /* enableOCSPStapling */
     PR_TRUE,    /* enableNPN          */
     PR_FALSE,   /* enableALPN         */
+    PR_TRUE,    /* reuseServerECDHEKey */
+    PR_FALSE,   /* enableFallbackSCSV */
     PR_FALSE,   /* enableSignedCertTimestamps */
-    PR_FALSE    /* enableFallbackSCSV */
 };
 
 /*
@@ -97,12 +98,12 @@
  */
 static SSLVersionRange versions_defaults_stream = {
     SSL_LIBRARY_VERSION_3_0,
-    SSL_LIBRARY_VERSION_TLS_1_0
+    SSL_LIBRARY_VERSION_TLS_1_2
 };
 
 static SSLVersionRange versions_defaults_datagram = {
     SSL_LIBRARY_VERSION_TLS_1_1,
-    SSL_LIBRARY_VERSION_TLS_1_1
+    SSL_LIBRARY_VERSION_TLS_1_2
 };
 
 #define VERSIONS_DEFAULTS(variant) \
@@ -116,9 +117,9 @@
 static PRBool ssl_inited = PR_FALSE;
 static PRDescIdentity ssl_layer_id;
 
-PRBool                  locksEverDisabled; 	/* implicitly PR_FALSE */
-PRBool			ssl_force_locks;  	/* implicitly PR_FALSE */
-int                     ssl_lock_readers	= 1;	/* default true. */
+PRBool                  locksEverDisabled;      /* implicitly PR_FALSE */
+PRBool                  ssl_force_locks;        /* implicitly PR_FALSE */
+int                     ssl_lock_readers        = 1;    /* default true. */
 char                    ssl_debug;
 char                    ssl_trace;
 FILE *                  ssl_trace_iob;
@@ -137,7 +138,7 @@
 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
 static SECStatus  ssl_MakeLocks(sslSocket *ss);
 static void       ssl_SetDefaultsFromEnvironment(void);
-static PRStatus   ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, 
+static PRStatus   ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
                                   PRDescIdentity id);
 
 /************************************************************************/
@@ -158,18 +159,23 @@
 
     if (fd->methods->file_type != PR_DESC_LAYERED ||
         fd->identity != ssl_layer_id) {
-	PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
-	return NULL;
+        PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
+        return NULL;
     }
 
     ss = (sslSocket *)fd->secret;
+    /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
+     * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
+     * contents of the PRFileDesc pointed by ss->fd and the new layer.
+     * See bug 807250.
+     */
     ss->fd = fd;
     return ss;
 }
 
-/* This function tries to find the SSL layer in the stack. 
+/* This function tries to find the SSL layer in the stack.
  * It searches for the first SSL layer at or below the argument fd,
- * and failing that, it searches for the nearest SSL layer above the 
+ * and failing that, it searches for the nearest SSL layer above the
  * argument fd.  It returns the private sslSocket from the found layer.
  */
 sslSocket *
@@ -183,11 +189,16 @@
 
     layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
     if (layer == NULL) {
-	PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
-	return NULL;
+        PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
+        return NULL;
     }
 
     ss = (sslSocket *)layer->secret;
+    /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
+     * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
+     * contents of the PRFileDesc pointed by ss->fd and the new layer.
+     * See bug 807250.
+     */
     ss->fd = layer;
     return ss;
 }
@@ -200,100 +211,100 @@
 
     ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant);
     if (ss) {
-	ss->opt                = os->opt;
-	ss->opt.useSocks       = PR_FALSE;
-	ss->vrange             = os->vrange;
+        ss->opt                = os->opt;
+        ss->opt.useSocks       = PR_FALSE;
+        ss->vrange             = os->vrange;
 
-	ss->peerID             = !os->peerID ? NULL : PORT_Strdup(os->peerID);
-	ss->url                = !os->url    ? NULL : PORT_Strdup(os->url);
+        ss->peerID             = !os->peerID ? NULL : PORT_Strdup(os->peerID);
+        ss->url                = !os->url    ? NULL : PORT_Strdup(os->url);
 
-	ss->ops      = os->ops;
-	ss->rTimeout = os->rTimeout;
-	ss->wTimeout = os->wTimeout;
-	ss->cTimeout = os->cTimeout;
-	ss->dbHandle = os->dbHandle;
+        ss->ops      = os->ops;
+        ss->rTimeout = os->rTimeout;
+        ss->wTimeout = os->wTimeout;
+        ss->cTimeout = os->cTimeout;
+        ss->dbHandle = os->dbHandle;
 
-	/* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
-	ss->allowedByPolicy	= os->allowedByPolicy;
-	ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
-	ss->chosenPreference 	= os->chosenPreference;
-	PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
-	PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
-		    sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
-	ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
+        /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
+        ss->allowedByPolicy     = os->allowedByPolicy;
+        ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
+        ss->chosenPreference    = os->chosenPreference;
+        PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
+        PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
+                    sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
+        ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
 
-	if (os->cipherSpecs) {
-	    ss->cipherSpecs  = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
-	    if (ss->cipherSpecs) 
-	    	PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, 
-		            os->sizeCipherSpecs);
-	    ss->sizeCipherSpecs    = os->sizeCipherSpecs;
-	    ss->preferredCipher    = os->preferredCipher;
-	} else {
-	    ss->cipherSpecs        = NULL;  /* produced lazily */
-	    ss->sizeCipherSpecs    = 0;
-	    ss->preferredCipher    = NULL;
-	}
-	if (ss->opt.useSecurity) {
-	    /* This int should be SSLKEAType, but CC on Irix complains,
-	     * during the for loop.
-	     */
-	    int i;
-	    sslServerCerts * oc = os->serverCerts;
-	    sslServerCerts * sc = ss->serverCerts;
-            
-	    for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
-		if (oc->serverCert && oc->serverCertChain) {
-		    sc->serverCert      = CERT_DupCertificate(oc->serverCert);
-		    sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
-		    if (!sc->serverCertChain) 
-		    	goto loser;
-		} else {
-		    sc->serverCert      = NULL;
-		    sc->serverCertChain = NULL;
-		}
-		sc->serverKeyPair = oc->serverKeyPair ?
-				ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL;
-		if (oc->serverKeyPair && !sc->serverKeyPair)
-		    goto loser;
-	        sc->serverKeyBits = oc->serverKeyBits;
-		ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
-				SECITEM_DupArray(NULL, os->certStatusArray[i]);
-	    }
-	    ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
-		                  ssl3_GetKeyPairRef(os->stepDownKeyPair);
-	    ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
-		                  ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
+        if (os->cipherSpecs) {
+            ss->cipherSpecs  = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
+            if (ss->cipherSpecs)
+                PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
+                            os->sizeCipherSpecs);
+            ss->sizeCipherSpecs    = os->sizeCipherSpecs;
+            ss->preferredCipher    = os->preferredCipher;
+        } else {
+            ss->cipherSpecs        = NULL;  /* produced lazily */
+            ss->sizeCipherSpecs    = 0;
+            ss->preferredCipher    = NULL;
+        }
+        if (ss->opt.useSecurity) {
+            /* This int should be SSLKEAType, but CC on Irix complains,
+             * during the for loop.
+             */
+            int i;
+            sslServerCerts * oc = os->serverCerts;
+            sslServerCerts * sc = ss->serverCerts;
+
+            for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
+                if (oc->serverCert && oc->serverCertChain) {
+                    sc->serverCert      = CERT_DupCertificate(oc->serverCert);
+                    sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
+                    if (!sc->serverCertChain)
+                        goto loser;
+                } else {
+                    sc->serverCert      = NULL;
+                    sc->serverCertChain = NULL;
+                }
+                sc->serverKeyPair = oc->serverKeyPair ?
+                                ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL;
+                if (oc->serverKeyPair && !sc->serverKeyPair)
+                    goto loser;
+                sc->serverKeyBits = oc->serverKeyBits;
+                ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
+                                SECITEM_DupArray(NULL, os->certStatusArray[i]);
+            }
+            ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
+                                  ssl3_GetKeyPairRef(os->stepDownKeyPair);
+            ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
+                                  ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
 /*
  * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
  * XXX We should detect this, and not just march on with NULL pointers.
  */
-	    ss->authCertificate       = os->authCertificate;
-	    ss->authCertificateArg    = os->authCertificateArg;
-	    ss->getClientAuthData     = os->getClientAuthData;
-	    ss->getClientAuthDataArg  = os->getClientAuthDataArg;
+            ss->authCertificate       = os->authCertificate;
+            ss->authCertificateArg    = os->authCertificateArg;
+            ss->getClientAuthData     = os->getClientAuthData;
+            ss->getClientAuthDataArg  = os->getClientAuthDataArg;
 #ifdef NSS_PLATFORM_CLIENT_AUTH
-	    ss->getPlatformClientAuthData    = os->getPlatformClientAuthData;
-	    ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
+            ss->getPlatformClientAuthData    = os->getPlatformClientAuthData;
+            ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
 #endif
             ss->sniSocketConfig       = os->sniSocketConfig;
             ss->sniSocketConfigArg    = os->sniSocketConfigArg;
-	    ss->handleBadCert         = os->handleBadCert;
-	    ss->badCertArg            = os->badCertArg;
-	    ss->handshakeCallback     = os->handshakeCallback;
-	    ss->handshakeCallbackData = os->handshakeCallbackData;
-	    ss->canFalseStartCallback = os->canFalseStartCallback;
-	    ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
-	    ss->pkcs11PinArg          = os->pkcs11PinArg;
-	    ss->getChannelID          = os->getChannelID;
-	    ss->getChannelIDArg       = os->getChannelIDArg;
-    
-	    /* Create security data */
-	    rv = ssl_CopySecurityInfo(ss, os);
-	    if (rv != SECSuccess) {
-		goto loser;
-	    }
-	}
+            ss->handleBadCert         = os->handleBadCert;
+            ss->badCertArg            = os->badCertArg;
+            ss->handshakeCallback     = os->handshakeCallback;
+            ss->handshakeCallbackData = os->handshakeCallbackData;
+            ss->canFalseStartCallback = os->canFalseStartCallback;
+            ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
+            ss->pkcs11PinArg          = os->pkcs11PinArg;
+            ss->getChannelID          = os->getChannelID;
+            ss->getChannelIDArg       = os->getChannelIDArg;
+
+            /* Create security data */
+            rv = ssl_CopySecurityInfo(ss, os);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+        }
     }
     return ss;
 
@@ -307,33 +318,33 @@
 {
     /* Destroy locks. */
     if (ss->firstHandshakeLock) {
-    	PZ_DestroyMonitor(ss->firstHandshakeLock);
-	ss->firstHandshakeLock = NULL;
+        PZ_DestroyMonitor(ss->firstHandshakeLock);
+        ss->firstHandshakeLock = NULL;
     }
     if (ss->ssl3HandshakeLock) {
-    	PZ_DestroyMonitor(ss->ssl3HandshakeLock);
-	ss->ssl3HandshakeLock = NULL;
+        PZ_DestroyMonitor(ss->ssl3HandshakeLock);
+        ss->ssl3HandshakeLock = NULL;
     }
     if (ss->specLock) {
-    	NSSRWLock_Destroy(ss->specLock);
-	ss->specLock = NULL;
+        NSSRWLock_Destroy(ss->specLock);
+        ss->specLock = NULL;
     }
 
     if (ss->recvLock) {
-    	PZ_DestroyLock(ss->recvLock);
-	ss->recvLock = NULL;
+        PZ_DestroyLock(ss->recvLock);
+        ss->recvLock = NULL;
     }
     if (ss->sendLock) {
-    	PZ_DestroyLock(ss->sendLock);
-	ss->sendLock = NULL;
+        PZ_DestroyLock(ss->sendLock);
+        ss->sendLock = NULL;
     }
     if (ss->xmitBufLock) {
-    	PZ_DestroyMonitor(ss->xmitBufLock);
-	ss->xmitBufLock = NULL;
+        PZ_DestroyMonitor(ss->xmitBufLock);
+        ss->xmitBufLock = NULL;
     }
     if (ss->recvBufLock) {
-    	PZ_DestroyMonitor(ss->recvBufLock);
-	ss->recvBufLock = NULL;
+        PZ_DestroyMonitor(ss->recvBufLock);
+        ss->recvBufLock = NULL;
     }
 }
 
@@ -356,36 +367,36 @@
     ssl_DestroyGather(&ss->gs);
 
     if (ss->peerID != NULL)
-	PORT_Free(ss->peerID);
+        PORT_Free(ss->peerID);
     if (ss->url != NULL)
-	PORT_Free((void *)ss->url);	/* CONST */
+        PORT_Free((void *)ss->url);     /* CONST */
     if (ss->cipherSpecs) {
-	PORT_Free(ss->cipherSpecs);
-	ss->cipherSpecs     = NULL;
-	ss->sizeCipherSpecs = 0;
+        PORT_Free(ss->cipherSpecs);
+        ss->cipherSpecs     = NULL;
+        ss->sizeCipherSpecs = 0;
     }
 
     /* Clean up server configuration */
     for (i=kt_null; i < kt_kea_size; i++) {
-	sslServerCerts * sc = ss->serverCerts + i;
-	if (sc->serverCert != NULL)
-	    CERT_DestroyCertificate(sc->serverCert);
-	if (sc->serverCertChain != NULL)
-	    CERT_DestroyCertificateList(sc->serverCertChain);
-	if (sc->serverKeyPair != NULL)
-	    ssl3_FreeKeyPair(sc->serverKeyPair);
-	if (ss->certStatusArray[i] != NULL) {
-	    SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
-	    ss->certStatusArray[i] = NULL;
-	}
+        sslServerCerts * sc = ss->serverCerts + i;
+        if (sc->serverCert != NULL)
+            CERT_DestroyCertificate(sc->serverCert);
+        if (sc->serverCertChain != NULL)
+            CERT_DestroyCertificateList(sc->serverCertChain);
+        if (sc->serverKeyPair != NULL)
+            ssl3_FreeKeyPair(sc->serverKeyPair);
+        if (ss->certStatusArray[i] != NULL) {
+            SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
+            ss->certStatusArray[i] = NULL;
+        }
     }
     if (ss->stepDownKeyPair) {
-	ssl3_FreeKeyPair(ss->stepDownKeyPair);
-	ss->stepDownKeyPair = NULL;
+        ssl3_FreeKeyPair(ss->stepDownKeyPair);
+        ss->stepDownKeyPair = NULL;
     }
     if (ss->ephemeralECDHKeyPair) {
-	ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
-	ss->ephemeralECDHKeyPair = NULL;
+        ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
+        ss->ephemeralECDHKeyPair = NULL;
     }
     SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
     PORT_Assert(!ss->xtnData.sniNameArr);
@@ -433,7 +444,7 @@
 }
 
 /************************************************************************/
-SECStatus 
+SECStatus
 ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
 {
     PRFileDesc *       osfd = ss->fd->lower;
@@ -511,26 +522,26 @@
 ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
 {
     if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
-	if (on) {
-	    vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
-	    vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
-	} /* else don't change anything */
-	return;
+        if (on) {
+            vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
+            vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
+        } /* else don't change anything */
+        return;
     }
 
     if (on) {
-	/* Expand the range of enabled version to include TLS 1.0 */
-	vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
-	vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
+        /* Expand the range of enabled version to include TLS 1.0 */
+        vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
+        vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
     } else {
-	/* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
-	if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
-	    vrange->max = SSL_LIBRARY_VERSION_3_0;
-	} else {
-	    /* Only TLS was enabled, so now no versions are. */
-	    vrange->min = SSL_LIBRARY_VERSION_NONE;
-	    vrange->max = SSL_LIBRARY_VERSION_NONE;
-	}
+        /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
+        if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
+            vrange->max = SSL_LIBRARY_VERSION_3_0;
+        } else {
+            /* Only TLS was enabled, so now no versions are. */
+            vrange->min = SSL_LIBRARY_VERSION_NONE;
+            vrange->max = SSL_LIBRARY_VERSION_NONE;
+        }
     }
 }
 
@@ -541,28 +552,28 @@
 ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
 {
    if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
-	if (on) {
-	    vrange->min = SSL_LIBRARY_VERSION_3_0;
-	    vrange->max = SSL_LIBRARY_VERSION_3_0;
-	} /* else don't change anything */
-	return;
+        if (on) {
+            vrange->min = SSL_LIBRARY_VERSION_3_0;
+            vrange->max = SSL_LIBRARY_VERSION_3_0;
+        } /* else don't change anything */
+        return;
     }
 
    if (on) {
-	/* Expand the range of enabled versions to include SSL 3.0. We know
-	 * SSL 3.0 or some version of TLS is already enabled at this point, so
-	 * we don't need to change vrange->max.
-	 */
-	vrange->min = SSL_LIBRARY_VERSION_3_0;
+        /* Expand the range of enabled versions to include SSL 3.0. We know
+         * SSL 3.0 or some version of TLS is already enabled at this point, so
+         * we don't need to change vrange->max.
+         */
+        vrange->min = SSL_LIBRARY_VERSION_3_0;
    } else {
-	/* Disable SSL 3.0, leaving TLS unaffected. */
-	if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
-	    vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
-	} else {
-	    /* Only SSL 3.0 was enabled, so now no versions are. */
-	    vrange->min = SSL_LIBRARY_VERSION_NONE;
-	    vrange->max = SSL_LIBRARY_VERSION_NONE;
-	}
+        /* Disable SSL 3.0, leaving TLS unaffected. */
+        if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
+            vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
+        } else {
+            /* Only SSL 3.0 was enabled, so now no versions are. */
+            vrange->min = SSL_LIBRARY_VERSION_NONE;
+            vrange->max = SSL_LIBRARY_VERSION_NONE;
+        }
     }
 }
 
@@ -574,8 +585,8 @@
     PRBool     holdingLocks;
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     holdingLocks = (!ss->opt.noLocks);
@@ -584,140 +595,140 @@
 
     switch (which) {
       case SSL_SOCKS:
-	ss->opt.useSocks = PR_FALSE;
-	rv = PrepareSocket(ss);
-	if (on) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    rv = SECFailure;
-	}
-	break;
+        ss->opt.useSocks = PR_FALSE;
+        rv = PrepareSocket(ss);
+        if (on) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+        }
+        break;
 
       case SSL_SECURITY:
-	ss->opt.useSecurity = on;
-	rv = PrepareSocket(ss);
-	break;
+        ss->opt.useSecurity = on;
+        rv = PrepareSocket(ss);
+        break;
 
       case SSL_REQUEST_CERTIFICATE:
-	ss->opt.requestCertificate = on;
-	break;
+        ss->opt.requestCertificate = on;
+        break;
 
       case SSL_REQUIRE_CERTIFICATE:
-	ss->opt.requireCertificate = on;
-	break;
+        ss->opt.requireCertificate = on;
+        break;
 
       case SSL_HANDSHAKE_AS_CLIENT:
-	if ( ss->opt.handshakeAsServer && on ) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    rv = SECFailure;
-	    break;
-	}
-	ss->opt.handshakeAsClient = on;
-	break;
+        if ( ss->opt.handshakeAsServer && on ) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+            break;
+        }
+        ss->opt.handshakeAsClient = on;
+        break;
 
       case SSL_HANDSHAKE_AS_SERVER:
-	if ( ss->opt.handshakeAsClient && on ) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    rv = SECFailure;
-	    break;
-	}
-	ss->opt.handshakeAsServer = on;
-	break;
+        if ( ss->opt.handshakeAsClient && on ) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+            break;
+        }
+        ss->opt.handshakeAsServer = on;
+        break;
 
       case SSL_ENABLE_TLS:
         if (IS_DTLS(ss)) {
-	    if (on) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		rv = SECFailure; /* not allowed */
-	    }
-	    break;
-	}
-	ssl_EnableTLS(&ss->vrange, on);
-	ss->preferredCipher     = NULL;
-	if (ss->cipherSpecs) {
-	    PORT_Free(ss->cipherSpecs);
-	    ss->cipherSpecs     = NULL;
-	    ss->sizeCipherSpecs = 0;
-	}
-	break;
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure; /* not allowed */
+            }
+            break;
+        }
+        ssl_EnableTLS(&ss->vrange, on);
+        ss->preferredCipher     = NULL;
+        if (ss->cipherSpecs) {
+            PORT_Free(ss->cipherSpecs);
+            ss->cipherSpecs     = NULL;
+            ss->sizeCipherSpecs = 0;
+        }
+        break;
 
       case SSL_ENABLE_SSL3:
         if (IS_DTLS(ss)) {
-	    if (on) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		rv = SECFailure; /* not allowed */
-	    }
-	    break;
-	}
-	ssl_EnableSSL3(&ss->vrange, on);
-	ss->preferredCipher     = NULL;
-	if (ss->cipherSpecs) {
-	    PORT_Free(ss->cipherSpecs);
-	    ss->cipherSpecs     = NULL;
-	    ss->sizeCipherSpecs = 0;
-	}
-	break;
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure; /* not allowed */
+            }
+            break;
+        }
+        ssl_EnableSSL3(&ss->vrange, on);
+        ss->preferredCipher     = NULL;
+        if (ss->cipherSpecs) {
+            PORT_Free(ss->cipherSpecs);
+            ss->cipherSpecs     = NULL;
+            ss->sizeCipherSpecs = 0;
+        }
+        break;
 
       case SSL_ENABLE_SSL2:
         if (IS_DTLS(ss)) {
-	    if (on) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		rv = SECFailure; /* not allowed */
-	    }
-	    break;
-	}
-	ss->opt.enableSSL2       = on;
-	if (on) {
-	    ss->opt.v2CompatibleHello = on;
-	}
-	ss->preferredCipher     = NULL;
-	if (ss->cipherSpecs) {
-	    PORT_Free(ss->cipherSpecs);
-	    ss->cipherSpecs     = NULL;
-	    ss->sizeCipherSpecs = 0;
-	}
-	break;
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure; /* not allowed */
+            }
+            break;
+        }
+        ss->opt.enableSSL2       = on;
+        if (on) {
+            ss->opt.v2CompatibleHello = on;
+        }
+        ss->preferredCipher     = NULL;
+        if (ss->cipherSpecs) {
+            PORT_Free(ss->cipherSpecs);
+            ss->cipherSpecs     = NULL;
+            ss->sizeCipherSpecs = 0;
+        }
+        break;
 
       case SSL_NO_CACHE:
-	ss->opt.noCache = on;
-	break;
+        ss->opt.noCache = on;
+        break;
 
       case SSL_ENABLE_FDX:
-	if (on && ss->opt.noLocks) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    rv = SECFailure;
-	}
-      	ss->opt.fdx = on;
-	break;
+        if (on && ss->opt.noLocks) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+        }
+        ss->opt.fdx = on;
+        break;
 
       case SSL_V2_COMPATIBLE_HELLO:
         if (IS_DTLS(ss)) {
-	    if (on) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		rv = SECFailure; /* not allowed */
-	    }
-	    break;
-	}
-      	ss->opt.v2CompatibleHello = on;
-	if (!on) {
-	    ss->opt.enableSSL2    = on;
-	}
-	break;
-
-      case SSL_ROLLBACK_DETECTION:  
-	ss->opt.detectRollBack = on;
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure; /* not allowed */
+            }
+            break;
+        }
+        ss->opt.v2CompatibleHello = on;
+        if (!on) {
+            ss->opt.enableSSL2    = on;
+        }
         break;
 
-      case SSL_NO_STEP_DOWN:        
-	ss->opt.noStepDown     = on;         
-	if (on) 
-	    SSL_DisableExportCipherSuites(fd);
-	break;
+      case SSL_ROLLBACK_DETECTION:
+        ss->opt.detectRollBack = on;
+        break;
+
+      case SSL_NO_STEP_DOWN:
+        ss->opt.noStepDown     = on;
+        if (on)
+            SSL_DisableExportCipherSuites(fd);
+        break;
 
       case SSL_BYPASS_PKCS11:
-	if (ss->handshakeBegun) {
-	    PORT_SetError(PR_INVALID_STATE_ERROR);
-	    rv = SECFailure;
-	} else {
+        if (ss->handshakeBegun) {
+            PORT_SetError(PR_INVALID_STATE_ERROR);
+            rv = SECFailure;
+        } else {
             if (PR_FALSE != on) {
                 if (PR_SUCCESS == SSL_BypassSetup() ) {
 #ifdef NO_PKCS11_BYPASS
@@ -731,75 +742,79 @@
             } else {
                 ss->opt.bypassPKCS11 = PR_FALSE;
             }
-	}
-	break;
+        }
+        break;
 
       case SSL_NO_LOCKS:
-	if (on && ss->opt.fdx) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    rv = SECFailure;
-	}
-	if (on && ssl_force_locks) 
-	    on = PR_FALSE;	/* silent override */
-	ss->opt.noLocks   = on;
-	if (on) {
-	    locksEverDisabled = PR_TRUE;
-	    strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
-	} else if (!holdingLocks) {
-	    rv = ssl_MakeLocks(ss);
-	    if (rv != SECSuccess) {
-		ss->opt.noLocks   = PR_TRUE;
-	    }
-	}
-	break;
+        if (on && ss->opt.fdx) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+        }
+        if (on && ssl_force_locks)
+            on = PR_FALSE;      /* silent override */
+        ss->opt.noLocks   = on;
+        if (on) {
+            locksEverDisabled = PR_TRUE;
+            strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
+        } else if (!holdingLocks) {
+            rv = ssl_MakeLocks(ss);
+            if (rv != SECSuccess) {
+                ss->opt.noLocks   = PR_TRUE;
+            }
+        }
+        break;
 
       case SSL_ENABLE_SESSION_TICKETS:
-	ss->opt.enableSessionTickets = on;
-	break;
+        ss->opt.enableSessionTickets = on;
+        break;
 
       case SSL_ENABLE_DEFLATE:
-	ss->opt.enableDeflate = on;
-	break;
+        ss->opt.enableDeflate = on;
+        break;
 
       case SSL_ENABLE_RENEGOTIATION:
-	ss->opt.enableRenegotiation = on;
-	break;
+        ss->opt.enableRenegotiation = on;
+        break;
 
       case SSL_REQUIRE_SAFE_NEGOTIATION:
-	ss->opt.requireSafeNegotiation = on;
-	break;
+        ss->opt.requireSafeNegotiation = on;
+        break;
 
       case SSL_ENABLE_FALSE_START:
-	ss->opt.enableFalseStart = on;
-	break;
+        ss->opt.enableFalseStart = on;
+        break;
 
       case SSL_CBC_RANDOM_IV:
-	ss->opt.cbcRandomIV = on;
-	break;
+        ss->opt.cbcRandomIV = on;
+        break;
 
       case SSL_ENABLE_OCSP_STAPLING:
        ss->opt.enableOCSPStapling = on;
        break;
 
       case SSL_ENABLE_NPN:
-	ss->opt.enableNPN = on;
-	break;
+        ss->opt.enableNPN = on;
+        break;
 
       case SSL_ENABLE_ALPN:
-	ss->opt.enableALPN = on;
-	break;
+        ss->opt.enableALPN = on;
+        break;
 
-      case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-	ss->opt.enableSignedCertTimestamps = on;
-	break;
+      case SSL_REUSE_SERVER_ECDHE_KEY:
+        ss->opt.reuseServerECDHEKey = on;
+        break;
 
       case SSL_ENABLE_FALLBACK_SCSV:
-       ss->opt.enableFallbackSCSV = on;
-       break;
+        ss->opt.enableFallbackSCSV = on;
+        break;
+
+      case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+        ss->opt.enableSignedCertTimestamps = on;
+        break;
 
       default:
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	rv = SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        rv = SECFailure;
     }
 
     /* We can't use the macros for releasing the locks here,
@@ -808,8 +823,8 @@
      * regardless of the current value of ss->opt.noLocks.
      */
     if (holdingLocks) {
-	PZ_ExitMonitor((ss)->ssl3HandshakeLock);
-	PZ_ExitMonitor((ss)->firstHandshakeLock);
+        PZ_ExitMonitor((ss)->ssl3HandshakeLock);
+        PZ_ExitMonitor((ss)->firstHandshakeLock);
     }
 
     return rv;
@@ -823,13 +838,13 @@
     PRBool     on = PR_FALSE;
 
     if (!pOn) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
-	*pOn = PR_FALSE;
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
+        *pOn = PR_FALSE;
+        return SECFailure;
     }
 
     ssl_Get1stHandshakeLock(ss);
@@ -843,11 +858,11 @@
     case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient;  break;
     case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer;  break;
     case SSL_ENABLE_TLS:
-	on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
-	break;
+        on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+        break;
     case SSL_ENABLE_SSL3:
-	on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
-	break;
+        on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
+        break;
     case SSL_ENABLE_SSL2:         on = ss->opt.enableSSL2;         break;
     case SSL_NO_CACHE:            on = ss->opt.noCache;            break;
     case SSL_ENABLE_FDX:          on = ss->opt.fdx;                break;
@@ -857,26 +872,28 @@
     case SSL_BYPASS_PKCS11:       on = ss->opt.bypassPKCS11;       break;
     case SSL_NO_LOCKS:            on = ss->opt.noLocks;            break;
     case SSL_ENABLE_SESSION_TICKETS:
-	on = ss->opt.enableSessionTickets;
-	break;
+        on = ss->opt.enableSessionTickets;
+        break;
     case SSL_ENABLE_DEFLATE:      on = ss->opt.enableDeflate;      break;
-    case SSL_ENABLE_RENEGOTIATION:     
+    case SSL_ENABLE_RENEGOTIATION:
                                   on = ss->opt.enableRenegotiation; break;
-    case SSL_REQUIRE_SAFE_NEGOTIATION: 
+    case SSL_REQUIRE_SAFE_NEGOTIATION:
                                   on = ss->opt.requireSafeNegotiation; break;
     case SSL_ENABLE_FALSE_START:  on = ss->opt.enableFalseStart;   break;
     case SSL_CBC_RANDOM_IV:       on = ss->opt.cbcRandomIV;        break;
     case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
     case SSL_ENABLE_NPN:          on = ss->opt.enableNPN;          break;
     case SSL_ENABLE_ALPN:         on = ss->opt.enableALPN;         break;
-    case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-	on = ss->opt.enableSignedCertTimestamps;
-	break;
+    case SSL_REUSE_SERVER_ECDHE_KEY:
+                                  on = ss->opt.reuseServerECDHEKey; break;
     case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
+    case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+        on = ss->opt.enableSignedCertTimestamps;
+        break;
 
     default:
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	rv = SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        rv = SECFailure;
     }
 
     ssl_ReleaseSSL3HandshakeLock(ss);
@@ -893,8 +910,8 @@
     PRBool     on = PR_FALSE;
 
     if (!pOn) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     ssl_SetDefaultsFromEnvironment();
@@ -907,13 +924,13 @@
     case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient;  break;
     case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer;  break;
     case SSL_ENABLE_TLS:
-	on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
-	break;
+        on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+        break;
     case SSL_ENABLE_SSL3:
-	on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
-	break;
+        on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
+        break;
     case SSL_ENABLE_SSL2:         on = ssl_defaults.enableSSL2;         break;
-    case SSL_NO_CACHE:            on = ssl_defaults.noCache;		break;
+    case SSL_NO_CACHE:            on = ssl_defaults.noCache;            break;
     case SSL_ENABLE_FDX:          on = ssl_defaults.fdx;                break;
     case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello;  break;
     case SSL_ROLLBACK_DETECTION:  on = ssl_defaults.detectRollBack;     break;
@@ -921,14 +938,14 @@
     case SSL_BYPASS_PKCS11:       on = ssl_defaults.bypassPKCS11;       break;
     case SSL_NO_LOCKS:            on = ssl_defaults.noLocks;            break;
     case SSL_ENABLE_SESSION_TICKETS:
-	on = ssl_defaults.enableSessionTickets;
-	break;
+        on = ssl_defaults.enableSessionTickets;
+        break;
     case SSL_ENABLE_DEFLATE:      on = ssl_defaults.enableDeflate;      break;
-    case SSL_ENABLE_RENEGOTIATION:     
+    case SSL_ENABLE_RENEGOTIATION:
                                   on = ssl_defaults.enableRenegotiation; break;
-    case SSL_REQUIRE_SAFE_NEGOTIATION: 
-                                  on = ssl_defaults.requireSafeNegotiation; 
-				  break;
+    case SSL_REQUIRE_SAFE_NEGOTIATION:
+                                  on = ssl_defaults.requireSafeNegotiation;
+                                  break;
     case SSL_ENABLE_FALSE_START:  on = ssl_defaults.enableFalseStart;   break;
     case SSL_CBC_RANDOM_IV:       on = ssl_defaults.cbcRandomIV;        break;
     case SSL_ENABLE_OCSP_STAPLING:
@@ -936,16 +953,19 @@
        break;
     case SSL_ENABLE_NPN:          on = ssl_defaults.enableNPN;          break;
     case SSL_ENABLE_ALPN:         on = ssl_defaults.enableALPN;         break;
-    case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-	on = ssl_defaults.enableSignedCertTimestamps;
-	break;
+    case SSL_REUSE_SERVER_ECDHE_KEY:
+       on = ssl_defaults.reuseServerECDHEKey;
+       break;
     case SSL_ENABLE_FALLBACK_SCSV:
-	on = ssl_defaults.enableFallbackSCSV;
-	break;
+       on = ssl_defaults.enableFallbackSCSV;
+       break;
+    case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+       on = ssl_defaults.enableSignedCertTimestamps;
+       break;
 
     default:
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	rv = SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        rv = SECFailure;
     }
 
     *pOn = on;
@@ -965,91 +985,91 @@
     SECStatus status = ssl_Init();
 
     if (status != SECSuccess) {
-	return status;
+        return status;
     }
 
     ssl_SetDefaultsFromEnvironment();
 
     switch (which) {
       case SSL_SOCKS:
-	ssl_defaults.useSocks = PR_FALSE;
-	if (on) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return SECFailure;
-	}
-	break;
+        ssl_defaults.useSocks = PR_FALSE;
+        if (on) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        break;
 
       case SSL_SECURITY:
-	ssl_defaults.useSecurity = on;
-	break;
+        ssl_defaults.useSecurity = on;
+        break;
 
       case SSL_REQUEST_CERTIFICATE:
-	ssl_defaults.requestCertificate = on;
-	break;
+        ssl_defaults.requestCertificate = on;
+        break;
 
       case SSL_REQUIRE_CERTIFICATE:
-	ssl_defaults.requireCertificate = on;
-	break;
+        ssl_defaults.requireCertificate = on;
+        break;
 
       case SSL_HANDSHAKE_AS_CLIENT:
-	if ( ssl_defaults.handshakeAsServer && on ) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return SECFailure;
-	}
-	ssl_defaults.handshakeAsClient = on;
-	break;
+        if ( ssl_defaults.handshakeAsServer && on ) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        ssl_defaults.handshakeAsClient = on;
+        break;
 
       case SSL_HANDSHAKE_AS_SERVER:
-	if ( ssl_defaults.handshakeAsClient && on ) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return SECFailure;
-	}
-	ssl_defaults.handshakeAsServer = on;
-	break;
+        if ( ssl_defaults.handshakeAsClient && on ) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        ssl_defaults.handshakeAsServer = on;
+        break;
 
       case SSL_ENABLE_TLS:
-	ssl_EnableTLS(&versions_defaults_stream, on);
-	break;
+        ssl_EnableTLS(&versions_defaults_stream, on);
+        break;
 
       case SSL_ENABLE_SSL3:
-	ssl_EnableSSL3(&versions_defaults_stream, on);
-	break;
+        ssl_EnableSSL3(&versions_defaults_stream, on);
+        break;
 
       case SSL_ENABLE_SSL2:
-	ssl_defaults.enableSSL2 = on;
-	if (on) {
-	    ssl_defaults.v2CompatibleHello = on;
-	}
-	break;
+        ssl_defaults.enableSSL2 = on;
+        if (on) {
+            ssl_defaults.v2CompatibleHello = on;
+        }
+        break;
 
       case SSL_NO_CACHE:
-	ssl_defaults.noCache = on;
-	break;
+        ssl_defaults.noCache = on;
+        break;
 
       case SSL_ENABLE_FDX:
-	if (on && ssl_defaults.noLocks) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return SECFailure;
-	}
-      	ssl_defaults.fdx = on;
-	break;
+        if (on && ssl_defaults.noLocks) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        ssl_defaults.fdx = on;
+        break;
 
       case SSL_V2_COMPATIBLE_HELLO:
-      	ssl_defaults.v2CompatibleHello = on;
-	if (!on) {
-	    ssl_defaults.enableSSL2    = on;
-	}
-	break;
+        ssl_defaults.v2CompatibleHello = on;
+        if (!on) {
+            ssl_defaults.enableSSL2    = on;
+        }
+        break;
 
-      case SSL_ROLLBACK_DETECTION:  
-	ssl_defaults.detectRollBack = on;
-	break;
+      case SSL_ROLLBACK_DETECTION:
+        ssl_defaults.detectRollBack = on;
+        break;
 
-      case SSL_NO_STEP_DOWN:        
-	ssl_defaults.noStepDown     = on;         
-	if (on)
-	    SSL_DisableDefaultExportCipherSuites();
-	break;
+      case SSL_NO_STEP_DOWN:
+        ssl_defaults.noStepDown     = on;
+        if (on)
+            SSL_DisableDefaultExportCipherSuites();
+        break;
 
       case SSL_BYPASS_PKCS11:
         if (PR_FALSE != on) {
@@ -1065,84 +1085,88 @@
         } else {
             ssl_defaults.bypassPKCS11   = PR_FALSE;
         }
-	break;
+        break;
 
       case SSL_NO_LOCKS:
-	if (on && ssl_defaults.fdx) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return SECFailure;
-	}
-	if (on && ssl_force_locks) 
-	    on = PR_FALSE;		/* silent override */
-	ssl_defaults.noLocks        = on;
-	if (on) {
-	    locksEverDisabled = PR_TRUE;
-	    strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
-	}
-	break;
+        if (on && ssl_defaults.fdx) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        if (on && ssl_force_locks)
+            on = PR_FALSE;              /* silent override */
+        ssl_defaults.noLocks        = on;
+        if (on) {
+            locksEverDisabled = PR_TRUE;
+            strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
+        }
+        break;
 
       case SSL_ENABLE_SESSION_TICKETS:
-	ssl_defaults.enableSessionTickets = on;
-	break;
+        ssl_defaults.enableSessionTickets = on;
+        break;
 
       case SSL_ENABLE_DEFLATE:
-	ssl_defaults.enableDeflate = on;
-	break;
+        ssl_defaults.enableDeflate = on;
+        break;
 
       case SSL_ENABLE_RENEGOTIATION:
-	ssl_defaults.enableRenegotiation = on;
-	break;
+        ssl_defaults.enableRenegotiation = on;
+        break;
 
       case SSL_REQUIRE_SAFE_NEGOTIATION:
-	ssl_defaults.requireSafeNegotiation = on;
-	break;
+        ssl_defaults.requireSafeNegotiation = on;
+        break;
 
       case SSL_ENABLE_FALSE_START:
-	ssl_defaults.enableFalseStart = on;
-	break;
+        ssl_defaults.enableFalseStart = on;
+        break;
 
       case SSL_CBC_RANDOM_IV:
-	ssl_defaults.cbcRandomIV = on;
-	break;
+        ssl_defaults.cbcRandomIV = on;
+        break;
 
       case SSL_ENABLE_OCSP_STAPLING:
        ssl_defaults.enableOCSPStapling = on;
        break;
 
       case SSL_ENABLE_NPN:
-	ssl_defaults.enableNPN = on;
-	break;
+        ssl_defaults.enableNPN = on;
+        break;
 
       case SSL_ENABLE_ALPN:
-	ssl_defaults.enableALPN = on;
-	break;
+        ssl_defaults.enableALPN = on;
+        break;
 
-      case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-	ssl_defaults.enableSignedCertTimestamps = on;
-	break;
+      case SSL_REUSE_SERVER_ECDHE_KEY:
+        ssl_defaults.reuseServerECDHEKey = on;
+        break;
 
       case SSL_ENABLE_FALLBACK_SCSV:
-       ssl_defaults.enableFallbackSCSV = on;
-       break;
+        ssl_defaults.enableFallbackSCSV = on;
+        break;
+
+      case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+        ssl_defaults.enableSignedCertTimestamps = on;
+        break;
 
       default:
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
     return SECSuccess;
 }
 
 /* function tells us if the cipher suite is one that we no longer support. */
-static PRBool 
+static PRBool
 ssl_IsRemovedCipherSuite(PRInt32 suite)
 {
     switch (suite) {
     case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
     case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
     case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
-    	return PR_TRUE;
+        return PR_TRUE;
     default:
-    	return PR_FALSE;
+        return PR_FALSE;
     }
 }
 
@@ -1154,14 +1178,14 @@
 SSL_SetPolicy(long which, int policy)
 {
     if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
-    	/* one of the two old FIPS ciphers */
-	if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) 
-	    which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
-	else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
-	    which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
+        /* one of the two old FIPS ciphers */
+        if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
+            which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
+        else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
+            which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
     }
     if (ssl_IsRemovedCipherSuite(which))
-    	return SECSuccess;
+        return SECSuccess;
     return SSL_CipherPolicySet(which, policy);
 }
 
@@ -1171,15 +1195,15 @@
     SECStatus rv = ssl_Init();
 
     if (rv != SECSuccess) {
-	return rv;
+        return rv;
     }
 
     if (ssl_IsRemovedCipherSuite(which)) {
-    	rv = SECSuccess;
+        rv = SECSuccess;
     } else if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_SetPolicy(which, policy);
+        rv = ssl2_SetPolicy(which, policy);
     } else {
-	rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
+        rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
     }
     return rv;
 }
@@ -1190,16 +1214,16 @@
     SECStatus rv;
 
     if (!oPolicy) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
     if (ssl_IsRemovedCipherSuite(which)) {
-	*oPolicy = SSL_NOT_ALLOWED;
-    	rv = SECSuccess;
+        *oPolicy = SSL_NOT_ALLOWED;
+        rv = SECSuccess;
     } else if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_GetPolicy(which, oPolicy);
+        rv = ssl2_GetPolicy(which, oPolicy);
     } else {
-	rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
+        rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
     }
     return rv;
 }
@@ -1207,20 +1231,20 @@
 /* Part of the public NSS API.
  * Since this is a global (not per-socket) setting, we cannot use the
  * HandshakeLock to protect this.  Probably want a global lock.
- * These changes have no effect on any sslSockets already created. 
+ * These changes have no effect on any sslSockets already created.
  */
 SECStatus
 SSL_EnableCipher(long which, PRBool enabled)
 {
     if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
-    	/* one of the two old FIPS ciphers */
-	if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) 
-	    which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
-	else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
-	    which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
+        /* one of the two old FIPS ciphers */
+        if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
+            which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
+        else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
+            which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
     }
     if (ssl_IsRemovedCipherSuite(which))
-    	return SECSuccess;
+        return SECSuccess;
     return SSL_CipherPrefSetDefault(which, enabled);
 }
 
@@ -1230,39 +1254,39 @@
     SECStatus rv = ssl_Init();
 
     if (rv != SECSuccess) {
-	return rv;
+        return rv;
     }
 
     if (ssl_IsRemovedCipherSuite(which))
-    	return SECSuccess;
+        return SECSuccess;
     if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
-    	PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
     }
     if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_CipherPrefSetDefault(which, enabled);
+        rv = ssl2_CipherPrefSetDefault(which, enabled);
     } else {
-	rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
+        rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
     }
     return rv;
 }
 
-SECStatus 
+SECStatus
 SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
 {
     SECStatus  rv;
-    
+
     if (!enabled) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
     if (ssl_IsRemovedCipherSuite(which)) {
-	*enabled = PR_FALSE;
-    	rv = SECSuccess;
+        *enabled = PR_FALSE;
+        rv = SECSuccess;
     } else if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_CipherPrefGetDefault(which, enabled);
+        rv = ssl2_CipherPrefGetDefault(which, enabled);
     } else {
-	rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
+        rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
     }
     return rv;
 }
@@ -1272,21 +1296,21 @@
 {
     SECStatus rv;
     sslSocket *ss = ssl_FindSocket(fd);
-    
+
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
+        return SECFailure;
     }
     if (ssl_IsRemovedCipherSuite(which))
-    	return SECSuccess;
+        return SECSuccess;
     if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
-    	PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
     }
     if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_CipherPrefSet(ss, which, enabled);
+        rv = ssl2_CipherPrefSet(ss, which, enabled);
     } else {
-	rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
+        rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
     }
     return rv;
 }
@@ -1304,28 +1328,28 @@
     return ssl3_CipherOrderSet(ss, ciphers, len);
 }
 
-SECStatus 
+SECStatus
 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
 {
     SECStatus  rv;
     sslSocket *ss = ssl_FindSocket(fd);
-    
+
     if (!enabled) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
-	*enabled = PR_FALSE;
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
+        *enabled = PR_FALSE;
+        return SECFailure;
     }
     if (ssl_IsRemovedCipherSuite(which)) {
-	*enabled = PR_FALSE;
-    	rv = SECSuccess;
+        *enabled = PR_FALSE;
+        rv = SECSuccess;
     } else if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_CipherPrefGet(ss, which, enabled);
+        rv = ssl2_CipherPrefGet(ss, which, enabled);
     } else {
-	rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
+        rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
     }
     return rv;
 }
@@ -1337,9 +1361,9 @@
     const PRUint16 *cipher;
 
     for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
-	status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
-	if (status != SECSuccess)
-	    break;
+        status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
+        if (status != SECSuccess)
+            break;
     }
     return status;
 }
@@ -1386,37 +1410,40 @@
     sslSocket * ns = NULL;
     PRStatus    rv;
     PRNetAddr   addr;
-    SECStatus	status = ssl_Init();
+    SECStatus   status = ssl_Init();
 
     if (status != SECSuccess) {
-	return NULL;
+        return NULL;
     }
 
     if (model == NULL) {
-	/* Just create a default socket if we're given NULL for the model */
-	ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
+        /* Just create a default socket if we're given NULL for the model */
+        ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
     } else {
-	sslSocket * ss = ssl_FindSocket(model);
-	if (ss == NULL || ss->protocolVariant != variant) {
-	    SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", 
-	    	      SSL_GETPID(), model));
-	    return NULL;
-	}
-	ns = ssl_DupSocket(ss);
+        sslSocket * ss = ssl_FindSocket(model);
+        if (ss == NULL || ss->protocolVariant != variant) {
+            SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
+                      SSL_GETPID(), model));
+            return NULL;
+        }
+        ns = ssl_DupSocket(ss);
     }
     if (ns == NULL)
-    	return NULL;
+        return NULL;
 
     rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
     if (rv != PR_SUCCESS) {
-	ssl_FreeSocket(ns);
-	SET_ERROR_CODE
-	return NULL;
+        ssl_FreeSocket(ns);
+        SET_ERROR_CODE
+        return NULL;
     }
-    ns = ssl_FindSocket(fd);
-    PORT_Assert(ns);
-    if (ns)
-	ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
+#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
+    {
+        sslSocket * ss = ssl_FindSocket(fd);
+        PORT_Assert(ss == ns);
+    }
+#endif
+    ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
     return fd;
 }
 
@@ -1439,14 +1466,14 @@
  * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */
 SECStatus
 SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
-			 void *arg)
+                         void *arg)
 {
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
-		 fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
+                 fd));
+        return SECFailure;
     }
 
     ssl_GetSSL3HandshakeLock(ss);
@@ -1462,34 +1489,34 @@
  */
 static SECStatus
 ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
-			  const unsigned char *protos, unsigned int protos_len,
-			  unsigned char *protoOut, unsigned int *protoOutLen,
-			  unsigned int protoMaxLen)
+                          const unsigned char *protos, unsigned int protos_len,
+                          unsigned char *protoOut, unsigned int *protoOutLen,
+                          unsigned int protoMaxLen)
 {
     unsigned int i, j;
     const unsigned char *result;
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
-		 SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
+                 SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     /* For each protocol in server preference, see if we support it. */
     for (i = 0; i < protos_len; ) {
-	for (j = 0; j < ss->opt.nextProtoNego.len; ) {
-	    if (protos[i] == ss->opt.nextProtoNego.data[j] &&
-		PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
-			     protos[i]) == 0) {
-		/* We found a match. */
-		ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
-		result = &protos[i];
-		goto found;
-	    }
-	    j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
-	}
-	i += 1 + (unsigned int)protos[i];
+        for (j = 0; j < ss->opt.nextProtoNego.len; ) {
+            if (protos[i] == ss->opt.nextProtoNego.data[j] &&
+                PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
+                             protos[i]) == 0) {
+                /* We found a match. */
+                ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
+                result = &protos[i];
+                goto found;
+            }
+            j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
+        }
+        i += 1 + (unsigned int)protos[i];
     }
 
     /* The other side supports the extension, and either doesn't have any
@@ -1501,8 +1528,8 @@
 
 found:
     if (protoMaxLen < result[0]) {
-	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
     }
     memcpy(protoOut, result + 1, result[0]);
     *protoOutLen = result[0];
@@ -1511,7 +1538,7 @@
 
 SECStatus
 SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
-		     unsigned int length)
+                     unsigned int length)
 {
     sslSocket *ss;
     SECStatus rv;
@@ -1519,13 +1546,13 @@
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
-		 SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
+                 SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
-	return SECFailure;
+        return SECFailure;
 
     ssl_GetSSL3HandshakeLock(ss);
     SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
@@ -1533,87 +1560,87 @@
     ssl_ReleaseSSL3HandshakeLock(ss);
 
     if (rv != SECSuccess)
-	return rv;
+        return rv;
 
     return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
 }
 
 SECStatus
 SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
-		 unsigned int *bufLen, unsigned int bufLenMax)
+                 unsigned int *bufLen, unsigned int bufLenMax)
 {
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
-		 fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
+                 fd));
+        return SECFailure;
     }
 
     if (!state || !buf || !bufLen) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     *state = ss->ssl3.nextProtoState;
 
     if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
-	ss->ssl3.nextProto.data) {
-	if (ss->ssl3.nextProto.len > bufLenMax) {
-	    PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-	    return SECFailure;
-	}
-	PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
-	*bufLen = ss->ssl3.nextProto.len;
+        ss->ssl3.nextProto.data) {
+        if (ss->ssl3.nextProto.len > bufLenMax) {
+            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+            return SECFailure;
+        }
+        PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
+        *bufLen = ss->ssl3.nextProto.len;
     } else {
-	*bufLen = 0;
+        *bufLen = 0;
     }
 
     return SECSuccess;
 }
 
 SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
-			     const PRUint16 *ciphers,
-			     unsigned int numCiphers)
+                             const PRUint16 *ciphers,
+                             unsigned int numCiphers)
 {
     sslSocket *ss;
     unsigned int i;
 
     ss = ssl_FindSocket(fd);
     if (!ss || !IS_DTLS(ss)) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
-		 SSL_GETPID(), fd));
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
+                 SSL_GETPID(), fd));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     ss->ssl3.dtlsSRTPCipherCount = 0;
     for (i = 0; i < numCiphers; i++) {
-	const PRUint16 *srtpCipher = srtpCiphers;
+        const PRUint16 *srtpCipher = srtpCiphers;
 
-	while (*srtpCipher) {
-	    if (ciphers[i] == *srtpCipher)
-		break;
-	    srtpCipher++;
-	}
-	if (*srtpCipher) {
-	    ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
-		ciphers[i];
-	} else {
-	    SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
-		    "suite specified: 0x%04hx", SSL_GETPID(), fd,
-		    ciphers[i]));
-	}
+        while (*srtpCipher) {
+            if (ciphers[i] == *srtpCipher)
+                break;
+            srtpCipher++;
+        }
+        if (*srtpCipher) {
+            ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
+                ciphers[i];
+        } else {
+            SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
+                    "suite specified: 0x%04hx", SSL_GETPID(), fd,
+                    ciphers[i]));
+        }
     }
 
     if (ss->ssl3.dtlsSRTPCipherCount == 0) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     return SECSuccess;
@@ -1626,15 +1653,15 @@
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
-		 SSL_GETPID(), fd));
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
+                 SSL_GETPID(), fd));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     if (!ss->ssl3.dtlsSRTPCipherSuite) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     *cipher = ss->ssl3.dtlsSRTPCipherSuite;
@@ -1655,7 +1682,7 @@
     }
     sm = ssl_FindSocket(model);
     if (sm == NULL) {
-        SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD", 
+        SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
                  SSL_GETPID(), model));
         return NULL;
     }
@@ -1665,7 +1692,7 @@
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
-    
+
     ss->opt  = sm->opt;
     ss->vrange = sm->vrange;
     PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
@@ -1694,15 +1721,15 @@
             sc->serverCertChain = CERT_DupCertList(mc->serverCertChain);
             if (!sc->serverCertChain)
                 goto loser;
-	    if (sm->certStatusArray[i]) {
-		if (ss->certStatusArray[i]) {
-		    SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
-		    ss->certStatusArray[i] = NULL;
-		}
-		ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
-		if (!ss->certStatusArray[i])
-		    goto loser;
-	    }
+            if (sm->certStatusArray[i]) {
+                if (ss->certStatusArray[i]) {
+                    SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
+                    ss->certStatusArray[i] = NULL;
+                }
+                ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
+                if (!ss->certStatusArray[i])
+                    goto loser;
+            }
         }
         if (mc->serverKeyPair) {
             if (sc->serverKeyPair) {
@@ -1735,7 +1762,7 @@
             goto loser;
         }
     }
-    
+
     if (sm->authCertificate)
         ss->authCertificate       = sm->authCertificate;
     if (sm->authCertificateArg)
@@ -1775,19 +1802,19 @@
 
 PRBool
 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
-			SSL3ProtocolVersion version)
+                        SSL3ProtocolVersion version)
 {
     switch (protocolVariant) {
     case ssl_variant_stream:
-	return (version >= SSL_LIBRARY_VERSION_3_0 &&
-		version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
+        return (version >= SSL_LIBRARY_VERSION_3_0 &&
+                version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
     case ssl_variant_datagram:
-	return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
-		version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
+        return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
+                version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
     default:
-	/* Can't get here */
-	PORT_Assert(PR_FALSE);
-	return PR_FALSE;
+        /* Can't get here */
+        PORT_Assert(PR_FALSE);
+        return PR_FALSE;
     }
 }
 
@@ -1796,35 +1823,35 @@
 */
 static PRBool
 ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
-			 const SSLVersionRange *vrange)
+                         const SSLVersionRange *vrange)
 {
     return vrange &&
-	   vrange->min <= vrange->max &&
-	   ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
-	   ssl3_VersionIsSupported(protocolVariant, vrange->max);
+           vrange->min <= vrange->max &&
+           ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
+           ssl3_VersionIsSupported(protocolVariant, vrange->max);
 }
 
 SECStatus
 SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
-			     SSLVersionRange *vrange)
+                             SSLVersionRange *vrange)
 {
     if (!vrange) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     switch (protocolVariant) {
     case ssl_variant_stream:
-	vrange->min = SSL_LIBRARY_VERSION_3_0;
-	vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
-	break;
+        vrange->min = SSL_LIBRARY_VERSION_3_0;
+        vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
+        break;
     case ssl_variant_datagram:
-	vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
-	vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
-	break;
+        vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
+        vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
+        break;
     default:
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     return SECSuccess;
@@ -1832,12 +1859,12 @@
 
 SECStatus
 SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
-			   SSLVersionRange *vrange)
+                           SSLVersionRange *vrange)
 {
     if ((protocolVariant != ssl_variant_stream &&
-	 protocolVariant != ssl_variant_datagram) || !vrange) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+         protocolVariant != ssl_variant_datagram) || !vrange) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     *vrange = *VERSIONS_DEFAULTS(protocolVariant);
@@ -1847,11 +1874,11 @@
 
 SECStatus
 SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
-			   const SSLVersionRange *vrange)
+                           const SSLVersionRange *vrange)
 {
     if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
-	PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
-	return SECFailure;
+        PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+        return SECFailure;
     }
 
     *VERSIONS_DEFAULTS(protocolVariant) = *vrange;
@@ -1865,14 +1892,14 @@
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
-		SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
+                SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if (!vrange) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     ssl_Get1stHandshakeLock(ss);
@@ -1910,14 +1937,14 @@
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
-		SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
+                SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
-	PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
-	return SECFailure;
+        PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+        return SECFailure;
     }
 
     ssl_Get1stHandshakeLock(ss);
@@ -1960,7 +1987,7 @@
        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
        return NULL;
     }
-    
+
     return &ss->sec.ci.sid->peerCertStatus;
 }
 
@@ -2024,15 +2051,15 @@
 ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
 {
     sslSocket  *ss;
-    sslSocket  *ns 	= NULL;
-    PRFileDesc *newfd 	= NULL;
+    sslSocket  *ns      = NULL;
+    PRFileDesc *newfd   = NULL;
     PRFileDesc *osfd;
     PRStatus    status;
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
-	return NULL;
+        SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
+        return NULL;
     }
 
     /* IF this is a listen socket, there shouldn't be any I/O going on */
@@ -2048,46 +2075,46 @@
     /* First accept connection */
     newfd = osfd->methods->accept(osfd, sockaddr, timeout);
     if (newfd == NULL) {
-	SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
-		 SSL_GETPID(), ss->fd, PORT_GetError()));
+        SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
+                 SSL_GETPID(), ss->fd, PORT_GetError()));
     } else {
-	/* Create ssl module */
-	ns = ssl_DupSocket(ss);
+        /* Create ssl module */
+        ns = ssl_DupSocket(ss);
     }
 
     ssl_ReleaseSSL3HandshakeLock(ss);
     ssl_Release1stHandshakeLock(ss);
     SSL_UNLOCK_WRITER(ss);
-    SSL_UNLOCK_READER(ss);			/* ss isn't used below here. */
+    SSL_UNLOCK_READER(ss);                      /* ss isn't used below here. */
 
     if (ns == NULL)
-	goto loser;
+        goto loser;
 
     /* push ssl module onto the new socket */
     status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
     if (status != PR_SUCCESS)
-	goto loser;
+        goto loser;
 
     /* Now start server connection handshake with client.
     ** Don't need locks here because nobody else has a reference to ns yet.
     */
     if ( ns->opt.useSecurity ) {
-	if ( ns->opt.handshakeAsClient ) {
-	    ns->handshake = ssl2_BeginClientHandshake;
-	    ss->handshaking = sslHandshakingAsClient;
-	} else {
-	    ns->handshake = ssl2_BeginServerHandshake;
-	    ss->handshaking = sslHandshakingAsServer;
-	}
+        if ( ns->opt.handshakeAsClient ) {
+            ns->handshake = ssl2_BeginClientHandshake;
+            ss->handshaking = sslHandshakingAsClient;
+        } else {
+            ns->handshake = ssl2_BeginServerHandshake;
+            ss->handshaking = sslHandshakingAsServer;
+        }
     }
     ns->TCPconnected = 1;
     return newfd;
 
 loser:
     if (ns != NULL)
-	ssl_FreeSocket(ns);
+        ssl_FreeSocket(ns);
     if (newfd != NULL)
-	PR_Close(newfd);
+        PR_Close(newfd);
     return NULL;
 }
 
@@ -2099,8 +2126,8 @@
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
 
     /* IF this is a listen socket, there shouldn't be any I/O going on */
@@ -2123,8 +2150,8 @@
     PRStatus    rv;
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
     SSL_LOCK_READER(ss);
     SSL_LOCK_WRITER(ss);
@@ -2143,8 +2170,8 @@
     PRStatus    rv;
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
     SSL_LOCK_READER(ss);
     SSL_LOCK_WRITER(ss);
@@ -2163,23 +2190,23 @@
     PRStatus    rv;
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
     if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
-    	SSL_LOCK_READER(ss);
+        SSL_LOCK_READER(ss);
     }
     if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
-    	SSL_LOCK_WRITER(ss);
+        SSL_LOCK_WRITER(ss);
     }
 
     rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
 
     if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
-    	SSL_UNLOCK_WRITER(ss);
+        SSL_UNLOCK_WRITER(ss);
     }
     if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
-    	SSL_UNLOCK_READER(ss);
+        SSL_UNLOCK_READER(ss);
     }
     return rv;
 }
@@ -2192,16 +2219,16 @@
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
 
     /* There must not be any I/O going on */
     SSL_LOCK_READER(ss);
     SSL_LOCK_WRITER(ss);
 
-    /* By the time this function returns, 
-    ** ss is an invalid pointer, and the locks to which it points have 
+    /* By the time this function returns,
+    ** ss is an invalid pointer, and the locks to which it points have
     ** been unlocked and freed.  So, this is the ONE PLACE in all of SSL
     ** where the LOCK calls and the corresponding UNLOCK calls are not in
     ** the same function scope.  The unlock calls are in ssl_FreeSocket().
@@ -2213,20 +2240,20 @@
 
 static int PR_CALLBACK
 ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
-	 PRIntervalTime timeout)
+         PRIntervalTime timeout)
 {
     sslSocket *ss;
     int        rv;
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
+        return SECFailure;
     }
     SSL_LOCK_READER(ss);
     ss->rTimeout = timeout;
     if (!ss->opt.fdx)
-	ss->wTimeout = timeout;
+        ss->wTimeout = timeout;
     rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags);
     SSL_UNLOCK_READER(ss);
     return rv;
@@ -2234,20 +2261,20 @@
 
 static int PR_CALLBACK
 ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
-	 PRIntervalTime timeout)
+         PRIntervalTime timeout)
 {
     sslSocket *ss;
     int        rv;
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
+        return SECFailure;
     }
     SSL_LOCK_WRITER(ss);
     ss->wTimeout = timeout;
     if (!ss->opt.fdx)
-	ss->rTimeout = timeout;
+        ss->rTimeout = timeout;
     rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags);
     SSL_UNLOCK_WRITER(ss);
     return rv;
@@ -2261,13 +2288,13 @@
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
+        return SECFailure;
     }
     SSL_LOCK_READER(ss);
     ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
     if (!ss->opt.fdx)
-	ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
+        ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
     rv = (*ss->ops->read)(ss, (unsigned char*)buf, len);
     SSL_UNLOCK_READER(ss);
     return rv;
@@ -2281,13 +2308,13 @@
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
+        return SECFailure;
     }
     SSL_LOCK_WRITER(ss);
     ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
     if (!ss->opt.fdx)
-	ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
+        ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
     rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len);
     SSL_UNLOCK_WRITER(ss);
     return rv;
@@ -2300,8 +2327,8 @@
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
     return (PRStatus)(*ss->ops->getpeername)(ss, addr);
 }
@@ -2320,18 +2347,18 @@
     PORT_Memset(&sin, 0, sizeof(sin));
     rv = osfd->methods->getpeername(osfd, &sin);
     if (rv < 0) {
-	return SECFailure;
+        return SECFailure;
     }
     ss->TCPconnected = 1;
     if (sin.inet.family == PR_AF_INET) {
         PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
-	ss->sec.ci.port = sin.inet.port;
+        ss->sec.ci.port = sin.inet.port;
     } else if (sin.ipv6.family == PR_AF_INET6) {
-	ss->sec.ci.peer = sin.ipv6.ip;
-	ss->sec.ci.port = sin.ipv6.port;
+        ss->sec.ci.peer = sin.ipv6.ip;
+        ss->sec.ci.port = sin.ipv6.port;
     } else {
-	PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
-    	return SECFailure;
+        PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
+        return SECFailure;
     }
     return SECSuccess;
 }
@@ -2343,29 +2370,29 @@
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
     return (PRStatus)(*ss->ops->getsockname)(ss, name);
 }
 
 SECStatus
 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
-			    SSLKEAType kea)
+                            SSLKEAType kea)
 {
     sslSocket *ss;
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
-		 SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
+                 SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if ( kea <= 0 || kea >= kt_kea_size) {
-	SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses",
-		 SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses",
+                 SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if (ss->certStatusArray[kea]) {
@@ -2373,7 +2400,7 @@
         ss->certStatusArray[kea] = NULL;
     }
     if (responses) {
-	ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
+        ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
     }
     return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure;
 }
@@ -2385,17 +2412,17 @@
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
-		 SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
+                 SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if (ss->peerID) {
-    	PORT_Free(ss->peerID);
-	ss->peerID = NULL;
+        PORT_Free(ss->peerID);
+        ss->peerID = NULL;
     }
     if (peerID)
-	ss->peerID = PORT_Strdup(peerID);
+        ss->peerID = PORT_Strdup(peerID);
     return (ss->peerID || !peerID) ? SECSuccess : SECFailure;
 }
 
@@ -2405,117 +2432,117 @@
 ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
 {
     sslSocket *ss;
-    PRInt16    new_flags = how_flags;	/* should select on these flags. */
+    PRInt16    new_flags = how_flags;   /* should select on these flags. */
     PRNetAddr  addr;
 
     *p_out_flags = 0;
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
-		 SSL_GETPID(), fd));
-	return 0;	/* don't poll on this socket */
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
+                 SSL_GETPID(), fd));
+        return 0;       /* don't poll on this socket */
     }
 
-    if (ss->opt.useSecurity && 
-	ss->handshaking != sslHandshakingUndetermined &&
+    if (ss->opt.useSecurity &&
+        ss->handshaking != sslHandshakingUndetermined &&
         !ss->firstHsDone &&
-	(how_flags & PR_POLL_RW)) {
-	if (!ss->TCPconnected) {
-	    ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
-	}
-	/* If it's not connected, then presumably the application is polling
-	** on read or write appropriately, so don't change it. 
-	*/
-	if (ss->TCPconnected) {
-	    if (!ss->handshakeBegun) {
-		/* If the handshake has not begun, poll on read or write 
-		** based on the local application's role in the handshake,
-		** not based on what the application requested.
-		*/
-		new_flags &= ~PR_POLL_RW;
-		if (ss->handshaking == sslHandshakingAsClient) {
-		    new_flags |= PR_POLL_WRITE;
-		} else { /* handshaking as server */
-		    new_flags |= PR_POLL_READ;
-		}
-	    } else 
-	    /* First handshake is in progress */
-	    if (ss->lastWriteBlocked) {
-		if (new_flags & PR_POLL_READ) {
-		    /* The caller is waiting for data to be received, 
-		    ** but the initial handshake is blocked on write, or the 
-		    ** client's first handshake record has not been written.
-		    ** The code should select on write, not read.
-		    */
-		    new_flags ^=  PR_POLL_READ;	   /* don't select on read. */
-		    new_flags |=  PR_POLL_WRITE;   /* do    select on write. */
-		}
-	    } else if (new_flags & PR_POLL_WRITE) {
-		    /* The caller is trying to write, but the handshake is 
-		    ** blocked waiting for data to read, and the first 
-		    ** handshake has been sent.  So do NOT to poll on write
-		    ** unless we did false start.
-		    */
-		    if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
-			ss->ssl3.hs.canFalseStart)) {
-			new_flags ^= PR_POLL_WRITE; /* don't select on write. */
-		    }
-		    new_flags |= PR_POLL_READ;      /* do    select on read. */
-	    }
-	}
+        (how_flags & PR_POLL_RW)) {
+        if (!ss->TCPconnected) {
+            ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
+        }
+        /* If it's not connected, then presumably the application is polling
+        ** on read or write appropriately, so don't change it.
+        */
+        if (ss->TCPconnected) {
+            if (!ss->handshakeBegun) {
+                /* If the handshake has not begun, poll on read or write
+                ** based on the local application's role in the handshake,
+                ** not based on what the application requested.
+                */
+                new_flags &= ~PR_POLL_RW;
+                if (ss->handshaking == sslHandshakingAsClient) {
+                    new_flags |= PR_POLL_WRITE;
+                } else { /* handshaking as server */
+                    new_flags |= PR_POLL_READ;
+                }
+            } else
+            /* First handshake is in progress */
+            if (ss->lastWriteBlocked) {
+                if (new_flags & PR_POLL_READ) {
+                    /* The caller is waiting for data to be received,
+                    ** but the initial handshake is blocked on write, or the
+                    ** client's first handshake record has not been written.
+                    ** The code should select on write, not read.
+                    */
+                    new_flags ^=  PR_POLL_READ;    /* don't select on read. */
+                    new_flags |=  PR_POLL_WRITE;   /* do    select on write. */
+                }
+            } else if (new_flags & PR_POLL_WRITE) {
+                    /* The caller is trying to write, but the handshake is
+                    ** blocked waiting for data to read, and the first
+                    ** handshake has been sent.  So do NOT to poll on write
+                    ** unless we did false start.
+                    */
+                    if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
+                        ss->ssl3.hs.canFalseStart)) {
+                        new_flags ^= PR_POLL_WRITE; /* don't select on write. */
+                    }
+                    new_flags |= PR_POLL_READ;      /* do    select on read. */
+            }
+        }
     } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
-	*p_out_flags = PR_POLL_READ;	/* it's ready already. */
-	return new_flags;
+        *p_out_flags = PR_POLL_READ;    /* it's ready already. */
+        return new_flags;
     } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
-	       (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
-	new_flags |=  PR_POLL_WRITE;   /* also select on write. */
+               (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
+        new_flags |=  PR_POLL_WRITE;   /* also select on write. */
     }
 
     if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
-	ss->ssl3.hs.restartTarget != NULL) {
-	/* Read and write will block until the asynchronous callback completes
-	 * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
-	 * the caller to poll the socket unless there is pending write data.
-	 */
-	if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
-	    /* Ignore any newly-received data on the socket, but do wait for
-	     * the socket to become writable again. Here, it is OK for an error
-	     * to be detected, because our logic for sending pending write data
-	     * will allow us to report the error to the caller without the risk
-	     * of the application spinning.
-	     */
-	    new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
-	} else {
-	    /* Unfortunately, clearing new_flags will make it impossible for
-	     * the application to detect errors that it would otherwise be
-	     * able to detect with PR_POLL_EXCEPT, until the asynchronous
-	     * callback completes. However, we must clear all the flags to
-	     * prevent the application from spinning (alternating between
-	     * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
-	     * which won't actually report the I/O error while we are waiting
-	     * for the asynchronous callback to complete).
-	     */
-	    new_flags = 0;
-	}
+        ss->ssl3.hs.restartTarget != NULL) {
+        /* Read and write will block until the asynchronous callback completes
+         * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
+         * the caller to poll the socket unless there is pending write data.
+         */
+        if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
+            /* Ignore any newly-received data on the socket, but do wait for
+             * the socket to become writable again. Here, it is OK for an error
+             * to be detected, because our logic for sending pending write data
+             * will allow us to report the error to the caller without the risk
+             * of the application spinning.
+             */
+            new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
+        } else {
+            /* Unfortunately, clearing new_flags will make it impossible for
+             * the application to detect errors that it would otherwise be
+             * able to detect with PR_POLL_EXCEPT, until the asynchronous
+             * callback completes. However, we must clear all the flags to
+             * prevent the application from spinning (alternating between
+             * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
+             * which won't actually report the I/O error while we are waiting
+             * for the asynchronous callback to complete).
+             */
+            new_flags = 0;
+        }
     }
 
     if (new_flags && (fd->lower->methods->poll != NULL)) {
-	PRInt16    lower_out_flags = 0;
-	PRInt16    lower_new_flags;
-        lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags, 
-					           &lower_out_flags);
-	if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
-	    PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
-	    if (lower_out_flags & PR_POLL_READ) 
-		out_flags |= PR_POLL_WRITE;
-	    if (lower_out_flags & PR_POLL_WRITE) 
-		out_flags |= PR_POLL_READ;
-	    *p_out_flags = out_flags;
-	    new_flags = how_flags;
-	} else {
-	    *p_out_flags = lower_out_flags;
-	    new_flags    = lower_new_flags;
-	}
+        PRInt16    lower_out_flags = 0;
+        PRInt16    lower_new_flags;
+        lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
+                                                   &lower_out_flags);
+        if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
+            PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
+            if (lower_out_flags & PR_POLL_READ)
+                out_flags |= PR_POLL_WRITE;
+            if (lower_out_flags & PR_POLL_WRITE)
+                out_flags |= PR_POLL_READ;
+            *p_out_flags = out_flags;
+            new_flags = how_flags;
+        } else {
+            *p_out_flags = lower_out_flags;
+            new_flags    = lower_new_flags;
+        }
     }
 
     return new_flags;
@@ -2523,8 +2550,8 @@
 
 static PRInt32 PR_CALLBACK
 ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd,
-		 const void *headers, PRInt32 hlen,
-		 PRTransmitFileFlags flags, PRIntervalTime timeout)
+                 const void *headers, PRInt32 hlen,
+                 PRTransmitFileFlags flags, PRIntervalTime timeout)
 {
     PRSendFileData sfd;
 
@@ -2550,7 +2577,7 @@
     opt.value.non_blocking = PR_FALSE;
     status = PR_GetSocketOption(fd, &opt);
     if (status != PR_SUCCESS)
-	return PR_FALSE;
+        return PR_FALSE;
     return (PRBool)!opt.value.non_blocking;
 }
 
@@ -2564,9 +2591,10 @@
 PRInt32  sslCopyLimit    = 1024;
 
 static PRInt32 PR_CALLBACK
-ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, 
+ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
            PRIntervalTime timeout)
 {
+    PRInt32            i;
     PRInt32            bufLen;
     PRInt32            left;
     PRInt32            rv;
@@ -2574,12 +2602,22 @@
     const PRInt32      first_len = sslFirstBufSize;
     const PRInt32      limit     = sslCopyLimit;
     PRBool             blocking;
-    PRIOVec            myIov	 = { 0, 0 };
+    PRIOVec            myIov     = { 0, 0 };
     char               buf[MAX_FRAGMENT_LENGTH];
 
+    if (vectors < 0) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return -1;
+    }
     if (vectors > PR_MAX_IOVECTOR_SIZE) {
-    	PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
-	return -1;
+        PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
+        return -1;
+    }
+    for (i = 0; i < vectors; i++) {
+        if (iov[i].iov_len < 0) {
+            PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+            return -1;
+        }
     }
     blocking = ssl_FdIsBlocking(fd);
 
@@ -2588,105 +2626,105 @@
 #define GET_VECTOR   do { myIov = *iov++; --vectors; KILL_VECTORS } while (0)
 #define HANDLE_ERR(rv, len) \
     if (rv != len) { \
-	if (rv < 0) { \
-	    if (!blocking \
-		&& (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
-		&& (sent > 0)) { \
-		return sent; \
-	    } else { \
-		return -1; \
-	    } \
-	} \
-	/* Only a nonblocking socket can have partial sends */ \
-	PR_ASSERT(!blocking); \
-	return sent + rv; \
-    } 
+        if (rv < 0) { \
+            if (!blocking \
+                && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
+                && (sent > 0)) { \
+                return sent; \
+            } else { \
+                return -1; \
+            } \
+        } \
+        /* Only a nonblocking socket can have partial sends */ \
+        PR_ASSERT(!blocking); \
+        return sent + rv; \
+    }
 #define SEND(bfr, len) \
     do { \
-	rv = ssl_Send(fd, bfr, len, 0, timeout); \
-	HANDLE_ERR(rv, len) \
-	sent += len; \
+        rv = ssl_Send(fd, bfr, len, 0, timeout); \
+        HANDLE_ERR(rv, len) \
+        sent += len; \
     } while (0)
 
     /* Make sure the first write is at least 8 KB, if possible. */
     KILL_VECTORS
     if (!vectors)
-	return ssl_Send(fd, 0, 0, 0, timeout);
+        return ssl_Send(fd, 0, 0, 0, timeout);
     GET_VECTOR;
     if (!vectors) {
-	return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
+        return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
     }
     if (myIov.iov_len < first_len) {
-	PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
-	bufLen = myIov.iov_len;
-	left = first_len - bufLen;
-	while (vectors && left) {
-	    int toCopy;
-	    GET_VECTOR;
-	    toCopy = PR_MIN(left, myIov.iov_len);
-	    PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
-	    bufLen         += toCopy;
-	    left           -= toCopy;
-	    myIov.iov_base += toCopy;
-	    myIov.iov_len  -= toCopy;
-	}
-	SEND( buf, bufLen );
+        PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
+        bufLen = myIov.iov_len;
+        left = first_len - bufLen;
+        while (vectors && left) {
+            int toCopy;
+            GET_VECTOR;
+            toCopy = PR_MIN(left, myIov.iov_len);
+            PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
+            bufLen         += toCopy;
+            left           -= toCopy;
+            myIov.iov_base += toCopy;
+            myIov.iov_len  -= toCopy;
+        }
+        SEND( buf, bufLen );
     }
 
     while (vectors || myIov.iov_len) {
-	PRInt32   addLen;
-	if (!myIov.iov_len) {
-	    GET_VECTOR;
-	}
-	while (myIov.iov_len >= K16) {
-	    SEND(myIov.iov_base, K16);
-	    myIov.iov_base += K16;
-	    myIov.iov_len  -= K16;
-	}
-	if (!myIov.iov_len)
-	    continue;
+        PRInt32   addLen;
+        if (!myIov.iov_len) {
+            GET_VECTOR;
+        }
+        while (myIov.iov_len >= K16) {
+            SEND(myIov.iov_base, K16);
+            myIov.iov_base += K16;
+            myIov.iov_len  -= K16;
+        }
+        if (!myIov.iov_len)
+            continue;
 
-	if (!vectors || myIov.iov_len > limit) {
-	    addLen = 0;
-	} else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
-	    /* Addlen is already computed. */;
-	} else if (vectors > 1 && 
-	     iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
-	     addLen = limit - myIov.iov_len;
-	} else 
-	    addLen = 0;
+        if (!vectors || myIov.iov_len > limit) {
+            addLen = 0;
+        } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
+            /* Addlen is already computed. */;
+        } else if (vectors > 1 &&
+             iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
+             addLen = limit - myIov.iov_len;
+        } else
+            addLen = 0;
 
-	if (!addLen) {
-	    SEND( myIov.iov_base, myIov.iov_len );
-	    myIov.iov_len = 0;
-	    continue;
-	}
-	PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
-	bufLen = myIov.iov_len;
-	do {
-	    GET_VECTOR;
-	    PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
-	    myIov.iov_base += addLen;
-	    myIov.iov_len  -= addLen;
-	    bufLen         += addLen;
+        if (!addLen) {
+            SEND( myIov.iov_base, myIov.iov_len );
+            myIov.iov_len = 0;
+            continue;
+        }
+        PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
+        bufLen = myIov.iov_len;
+        do {
+            GET_VECTOR;
+            PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
+            myIov.iov_base += addLen;
+            myIov.iov_len  -= addLen;
+            bufLen         += addLen;
 
-	    left = PR_MIN( limit, K16 - bufLen);
-	    if (!vectors 		/* no more left */
-	    ||  myIov.iov_len > 0	/* we didn't use that one all up */
-	    ||  bufLen >= K16		/* it's full. */
-	    ) {
-		addLen = 0;
-	    } else if ((addLen = iov->iov_len % K16) <= left) {
-		/* Addlen is already computed. */;
-	    } else if (vectors > 1 && 
-		 iov[1].iov_len % K16 + addLen <= left + limit) {
-		 addLen = left;
-	    } else 
-		addLen = 0;
+            left = PR_MIN( limit, K16 - bufLen);
+            if (!vectors                /* no more left */
+            ||  myIov.iov_len > 0       /* we didn't use that one all up */
+            ||  bufLen >= K16           /* it's full. */
+            ) {
+                addLen = 0;
+            } else if ((addLen = iov->iov_len % K16) <= left) {
+                /* Addlen is already computed. */;
+            } else if (vectors > 1 &&
+                 iov[1].iov_len % K16 + addLen <= left + limit) {
+                 addLen = left;
+            } else
+                addLen = 0;
 
-	} while (addLen);
-	SEND( buf, bufLen );
-    } 
+        } while (addLen);
+        SEND( buf, bufLen );
+    }
     return sent;
 }
 
@@ -2756,7 +2794,7 @@
 
 static PRInt32 PR_CALLBACK
 ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
-	     PRNetAddr *addr, PRIntervalTime timeout)
+             PRNetAddr *addr, PRIntervalTime timeout)
 {
     PORT_Assert(0);
     PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
@@ -2765,7 +2803,7 @@
 
 static PRInt32 PR_CALLBACK
 ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
-	   const PRNetAddr *addr, PRIntervalTime timeout)
+           const PRNetAddr *addr, PRIntervalTime timeout)
 {
     PORT_Assert(0);
     PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
@@ -2774,41 +2812,41 @@
 
 static const PRIOMethods ssl_methods = {
     PR_DESC_LAYERED,
-    ssl_Close,           	/* close        */
-    ssl_Read,            	/* read         */
-    ssl_Write,           	/* write        */
-    ssl_Available,       	/* available    */
-    ssl_Available64,     	/* available64  */
-    ssl_FSync,           	/* fsync        */
-    ssl_Seek,            	/* seek         */
-    ssl_Seek64,          	/* seek64       */
-    ssl_FileInfo,        	/* fileInfo     */
-    ssl_FileInfo64,      	/* fileInfo64   */
-    ssl_WriteV,          	/* writev       */
-    ssl_Connect,         	/* connect      */
-    ssl_Accept,          	/* accept       */
-    ssl_Bind,            	/* bind         */
-    ssl_Listen,          	/* listen       */
-    ssl_Shutdown,        	/* shutdown     */
-    ssl_Recv,            	/* recv         */
-    ssl_Send,            	/* send         */
-    ssl_RecvFrom,        	/* recvfrom     */
-    ssl_SendTo,          	/* sendto       */
-    ssl_Poll,            	/* poll         */
+    ssl_Close,                  /* close        */
+    ssl_Read,                   /* read         */
+    ssl_Write,                  /* write        */
+    ssl_Available,              /* available    */
+    ssl_Available64,            /* available64  */
+    ssl_FSync,                  /* fsync        */
+    ssl_Seek,                   /* seek         */
+    ssl_Seek64,                 /* seek64       */
+    ssl_FileInfo,               /* fileInfo     */
+    ssl_FileInfo64,             /* fileInfo64   */
+    ssl_WriteV,                 /* writev       */
+    ssl_Connect,                /* connect      */
+    ssl_Accept,                 /* accept       */
+    ssl_Bind,                   /* bind         */
+    ssl_Listen,                 /* listen       */
+    ssl_Shutdown,               /* shutdown     */
+    ssl_Recv,                   /* recv         */
+    ssl_Send,                   /* send         */
+    ssl_RecvFrom,               /* recvfrom     */
+    ssl_SendTo,                 /* sendto       */
+    ssl_Poll,                   /* poll         */
     PR_EmulateAcceptRead,       /* acceptread   */
     ssl_TransmitFile,           /* transmitfile */
-    ssl_GetSockName,     	/* getsockname  */
-    ssl_GetPeerName,     	/* getpeername  */
-    NULL,                	/* getsockopt   OBSOLETE */
-    NULL,                	/* setsockopt   OBSOLETE */
-    NULL,                	/* getsocketoption   */
-    NULL,                	/* setsocketoption   */
-    PR_EmulateSendFile, 	/* Send a (partial) file with header/trailer*/
-    NULL,                	/* reserved for future use */
-    NULL,                	/* reserved for future use */
-    NULL,                	/* reserved for future use */
-    NULL,                	/* reserved for future use */
-    NULL                 	/* reserved for future use */
+    ssl_GetSockName,            /* getsockname  */
+    ssl_GetPeerName,            /* getpeername  */
+    NULL,                       /* getsockopt   OBSOLETE */
+    NULL,                       /* setsockopt   OBSOLETE */
+    NULL,                       /* getsocketoption   */
+    NULL,                       /* setsocketoption   */
+    PR_EmulateSendFile,         /* Send a (partial) file with header/trailer*/
+    NULL,                       /* reserved for future use */
+    NULL,                       /* reserved for future use */
+    NULL,                       /* reserved for future use */
+    NULL,                       /* reserved for future use */
+    NULL                        /* reserved for future use */
 };
 
 
@@ -2849,15 +2887,15 @@
     new_methods->transmitfile      = my_methods->transmitfile;
     new_methods->getsockname       = my_methods->getsockname;
     new_methods->getpeername       = my_methods->getpeername;
-/*  new_methods->getsocketoption   = my_methods->getsocketoption;	*/
-/*  new_methods->setsocketoption   = my_methods->setsocketoption;	*/
+/*  new_methods->getsocketoption   = my_methods->getsocketoption;       */
+/*  new_methods->setsocketoption   = my_methods->setsocketoption;       */
     new_methods->sendfile          = my_methods->sendfile;
 
 }
 
 static PRCallOnceType initIoLayerOnce;
 
-static PRStatus  
+static PRStatus
 ssl_InitIOLayer(void)
 {
     ssl_layer_id = PR_GetUniqueIdentity("SSL");
@@ -2869,44 +2907,44 @@
 static PRStatus
 ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
 {
-    PRFileDesc *layer	= NULL;
+    PRFileDesc *layer   = NULL;
     PRStatus    status;
 
     if (!ssl_inited) {
-	status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
-	if (status != PR_SUCCESS)
-	    goto loser;
+        status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
+        if (status != PR_SUCCESS)
+            goto loser;
     }
 
     if (ns == NULL)
-	goto loser;
+        goto loser;
 
     layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
     if (layer == NULL)
-	goto loser;
+        goto loser;
     layer->secret = (PRFilePrivate *)ns;
 
     /* Here, "stack" points to the PRFileDesc on the top of the stack.
     ** "layer" points to a new FD that is to be inserted into the stack.
-    ** If layer is being pushed onto the top of the stack, then 
+    ** If layer is being pushed onto the top of the stack, then
     ** PR_PushIOLayer switches the contents of stack and layer, and then
-    ** puts stack on top of layer, so that after it is done, the top of 
-    ** stack is the same "stack" as it was before, and layer is now the 
+    ** puts stack on top of layer, so that after it is done, the top of
+    ** stack is the same "stack" as it was before, and layer is now the
     ** FD for the former top of stack.
     ** After this call, stack always points to the top PRFD on the stack.
-    ** If this function fails, the contents of stack and layer are as 
+    ** If this function fails, the contents of stack and layer are as
     ** they were before the call.
     */
     status = PR_PushIOLayer(stack, id, layer);
     if (status != PR_SUCCESS)
-	goto loser;
+        goto loser;
 
     ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
     return PR_SUCCESS;
 
 loser:
     if (layer) {
-	layer->dtor(layer); /* free layer */
+        layer->dtor(layer); /* free layer */
     }
     return PR_FAILURE;
 }
@@ -2916,28 +2954,28 @@
 ssl_MakeLocks(sslSocket *ss)
 {
     ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL);
-    if (!ss->firstHandshakeLock) 
-	goto loser;
+    if (!ss->firstHandshakeLock)
+        goto loser;
     ss->ssl3HandshakeLock  = PZ_NewMonitor(nssILockSSL);
-    if (!ss->ssl3HandshakeLock) 
-	goto loser;
+    if (!ss->ssl3HandshakeLock)
+        goto loser;
     ss->specLock           = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
-    if (!ss->specLock) 
-	goto loser;
+    if (!ss->specLock)
+        goto loser;
     ss->recvBufLock        = PZ_NewMonitor(nssILockSSL);
-    if (!ss->recvBufLock) 
-	goto loser;
+    if (!ss->recvBufLock)
+        goto loser;
     ss->xmitBufLock        = PZ_NewMonitor(nssILockSSL);
-    if (!ss->xmitBufLock) 
-	goto loser;
+    if (!ss->xmitBufLock)
+        goto loser;
     ss->writerThread       = NULL;
     if (ssl_lock_readers) {
-	ss->recvLock       = PZ_NewLock(nssILockSSL);
-	if (!ss->recvLock) 
-	    goto loser;
-	ss->sendLock       = PZ_NewLock(nssILockSSL);
-	if (!ss->sendLock) 
-	    goto loser;
+        ss->recvLock       = PZ_NewLock(nssILockSSL);
+        if (!ss->recvLock)
+            goto loser;
+        ss->sendLock       = PZ_NewLock(nssILockSSL);
+        if (!ss->sendLock)
+            goto loser;
     }
     return SECSuccess;
 loser:
@@ -2958,81 +2996,81 @@
     static int firsttime = 1;
 
     if (firsttime) {
-	char * ev;
-	firsttime = 0;
+        char * ev;
+        firsttime = 0;
 #ifdef DEBUG
-	ev = getenv("SSLDEBUGFILE");
-	if (ev && ev[0]) {
-	    ssl_trace_iob = fopen(ev, "w");
-	}
-	if (!ssl_trace_iob) {
-	    ssl_trace_iob = stderr;
-	}
+        ev = getenv("SSLDEBUGFILE");
+        if (ev && ev[0]) {
+            ssl_trace_iob = fopen(ev, "w");
+        }
+        if (!ssl_trace_iob) {
+            ssl_trace_iob = stderr;
+        }
 #ifdef TRACE
-	ev = getenv("SSLTRACE");
-	if (ev && ev[0]) {
-	    ssl_trace = atoi(ev);
-	    SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
-	}
+        ev = getenv("SSLTRACE");
+        if (ev && ev[0]) {
+            ssl_trace = atoi(ev);
+            SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
+        }
 #endif /* TRACE */
-	ev = getenv("SSLDEBUG");
-	if (ev && ev[0]) {
-	    ssl_debug = atoi(ev);
-	    SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
-	}
+        ev = getenv("SSLDEBUG");
+        if (ev && ev[0]) {
+            ssl_debug = atoi(ev);
+            SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
+        }
 #endif /* DEBUG */
-	ev = getenv("SSLKEYLOGFILE");
-	if (ev && ev[0]) {
-	    ssl_keylog_iob = fopen(ev, "a");
-	    if (!ssl_keylog_iob) {
-		SSL_TRACE(("SSL: failed to open key log file"));
-	    } else {
-		if (ftell(ssl_keylog_iob) == 0) {
-		    fputs("# SSL/TLS secrets log file, generated by NSS\n",
-			  ssl_keylog_iob);
-		}
-		SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
-	    }
-	}
+        ev = getenv("SSLKEYLOGFILE");
+        if (ev && ev[0]) {
+            ssl_keylog_iob = fopen(ev, "a");
+            if (!ssl_keylog_iob) {
+                SSL_TRACE(("SSL: failed to open key log file"));
+            } else {
+                if (ftell(ssl_keylog_iob) == 0) {
+                    fputs("# SSL/TLS secrets log file, generated by NSS\n",
+                          ssl_keylog_iob);
+                }
+                SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
+            }
+        }
 #ifndef NO_PKCS11_BYPASS
-	ev = getenv("SSLBYPASS");
-	if (ev && ev[0]) {
-	    ssl_defaults.bypassPKCS11 = (ev[0] == '1');
-	    SSL_TRACE(("SSL: bypass default set to %d", \
-		      ssl_defaults.bypassPKCS11));
-	}
+        ev = getenv("SSLBYPASS");
+        if (ev && ev[0]) {
+            ssl_defaults.bypassPKCS11 = (ev[0] == '1');
+            SSL_TRACE(("SSL: bypass default set to %d", \
+                      ssl_defaults.bypassPKCS11));
+        }
 #endif /* NO_PKCS11_BYPASS */
-	ev = getenv("SSLFORCELOCKS");
-	if (ev && ev[0] == '1') {
-	    ssl_force_locks = PR_TRUE;
-	    ssl_defaults.noLocks = 0;
-	    strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED.  ");
-	    SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
-	}
-	ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
-	if (ev) {
-	    if (ev[0] == '1' || LOWER(ev[0]) == 'u')
-	    	ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
-	    else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
-	    	ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
-	    else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
-		ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
-	    else if (ev[0] == '3' || LOWER(ev[0]) == 't')
-	    	ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
-	    SSL_TRACE(("SSL: enableRenegotiation set to %d", 
-	               ssl_defaults.enableRenegotiation));
-	}
-	ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
-	if (ev && ev[0] == '1') {
-	    ssl_defaults.requireSafeNegotiation = PR_TRUE;
-	    SSL_TRACE(("SSL: requireSafeNegotiation set to %d", 
-	                PR_TRUE));
-	}
-	ev = getenv("NSS_SSL_CBC_RANDOM_IV");
-	if (ev && ev[0] == '0') {
-	    ssl_defaults.cbcRandomIV = PR_FALSE;
-	    SSL_TRACE(("SSL: cbcRandomIV set to 0"));
-	}
+        ev = getenv("SSLFORCELOCKS");
+        if (ev && ev[0] == '1') {
+            ssl_force_locks = PR_TRUE;
+            ssl_defaults.noLocks = 0;
+            strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED.  ");
+            SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
+        }
+        ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
+        if (ev) {
+            if (ev[0] == '1' || LOWER(ev[0]) == 'u')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
+            else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
+            else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
+            else if (ev[0] == '3' || LOWER(ev[0]) == 't')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
+            SSL_TRACE(("SSL: enableRenegotiation set to %d",
+                       ssl_defaults.enableRenegotiation));
+        }
+        ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
+        if (ev && ev[0] == '1') {
+            ssl_defaults.requireSafeNegotiation = PR_TRUE;
+            SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
+                        PR_TRUE));
+        }
+        ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+        if (ev && ev[0] == '0') {
+            ssl_defaults.cbcRandomIV = PR_FALSE;
+            SSL_TRACE(("SSL: cbcRandomIV set to 0"));
+        }
     }
 #endif /* NSS_HAVE_GETENV */
 }
@@ -3048,83 +3086,82 @@
     ssl_SetDefaultsFromEnvironment();
 
     if (ssl_force_locks)
-	makeLocks = PR_TRUE;
+        makeLocks = PR_TRUE;
 
     /* Make a new socket and get it ready */
     ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket));
     if (ss) {
         /* This should be of type SSLKEAType, but CC on IRIX
-	 * complains during the for loop.
-	 */
-	int i;
-	SECStatus status;
- 
-	ss->opt                = ssl_defaults;
-	ss->opt.useSocks       = PR_FALSE;
-	ss->opt.noLocks        = !makeLocks;
-	ss->vrange             = *VERSIONS_DEFAULTS(protocolVariant);
-	ss->protocolVariant    = protocolVariant;
+         * complains during the for loop.
+         */
+        int i;
+        SECStatus status;
 
-	ss->peerID             = NULL;
-	ss->rTimeout	       = PR_INTERVAL_NO_TIMEOUT;
-	ss->wTimeout	       = PR_INTERVAL_NO_TIMEOUT;
-	ss->cTimeout	       = PR_INTERVAL_NO_TIMEOUT;
-	ss->cipherSpecs        = NULL;
+        ss->opt                = ssl_defaults;
+        ss->opt.useSocks       = PR_FALSE;
+        ss->opt.noLocks        = !makeLocks;
+        ss->vrange             = *VERSIONS_DEFAULTS(protocolVariant);
+        ss->protocolVariant    = protocolVariant;
+
+        ss->peerID             = NULL;
+        ss->rTimeout           = PR_INTERVAL_NO_TIMEOUT;
+        ss->wTimeout           = PR_INTERVAL_NO_TIMEOUT;
+        ss->cTimeout           = PR_INTERVAL_NO_TIMEOUT;
+        ss->cipherSpecs        = NULL;
         ss->sizeCipherSpecs    = 0;  /* produced lazily */