diff -up nss/lib/ssl/sslsock.c.cbcrandomivoff nss/lib/ssl/sslsock.c --- nss/lib/ssl/sslsock.c.cbcrandomivoff 2014-11-13 12:05:52.056861208 -0800 +++ nss/lib/ssl/sslsock.c 2014-11-13 12:08:58.236028128 -0800 @@ -77,7 +77,7 @@ static sslOptions ssl_defaults = { 3, /* enableRenegotiation (default: transitional) */ PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* enableFalseStart */ - PR_TRUE, /* cbcRandomIV */ + PR_FALSE, /* cbcRandomIV */ /* defaults to off for compatibility */ PR_FALSE, /* enableOCSPStapling */ PR_TRUE, /* enableNPN */ PR_FALSE, /* enableALPN */ @@ -2899,9 +2899,9 @@ ssl_SetDefaultsFromEnvironment(void) PR_TRUE)); } ev = getenv("NSS_SSL_CBC_RANDOM_IV"); - if (ev && ev[0] == '0') { - ssl_defaults.cbcRandomIV = PR_FALSE; - SSL_TRACE(("SSL: cbcRandomIV set to 0")); + if (ev && ev[0] == '1') { + ssl_defaults.cbcRandomIV = PR_TRUE; + SSL_TRACE(("SSL: cbcRandomIV set to 1")); } } #endif /* NSS_HAVE_GETENV */