diff -up ./lib/ssl/sslsock.c.disable-ems ./lib/ssl/sslsock.c --- ./lib/ssl/sslsock.c.disable-ems 2016-01-25 17:16:37.870186322 +0100 +++ ./lib/ssl/sslsock.c 2016-01-25 17:15:58.628815533 +0100 @@ -85,6 +85,7 @@ static sslOptions ssl_defaults = { PR_TRUE, /* reuseServerECDHEKey */ PR_FALSE, /* enableFallbackSCSV */ PR_TRUE, /* enableServerDhe */ +/* Keep extended-master-secret disabled until we have a compatible softokn. */ PR_FALSE /* enableExtendedMS */ }; @@ -827,7 +828,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh break; case SSL_ENABLE_EXTENDED_MASTER_SECRET: +#if 0 +/* No-Op until we have a compatible softokn. */ ss->opt.enableExtendedMS = on; +#endif break; default: @@ -1171,7 +1175,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo break; case SSL_ENABLE_EXTENDED_MASTER_SECRET: +#if 0 +/* No-Op until we have a compatible softokn. */ ssl_defaults.enableExtendedMS = on; +#endif break; default: