https://bugzilla.mozilla.org/show_bug.cgi?id=583337 List TLS_DHE_RSA_WITH_AES_256_CBC_SHA after TLS_RSA_WITH_AES_256_CBC_SHA in SSL ClientHello to communicate securely with some servers that use 256-bit DH keys. Index: nss/mozilla/security/nss/lib/ssl/ssl3con.c =================================================================== --- nss.orig/mozilla/security/nss/lib/ssl/ssl3con.c 2012-10-05 14:46:07.000000000 +0200 +++ nss/mozilla/security/nss/lib/ssl/ssl3con.c 2012-10-05 14:50:36.387931139 +0200 @@ -82,7 +82,6 @@ #endif /* NSS_ENABLE_ECC */ { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, #ifdef NSS_ENABLE_ECC { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, @@ -90,6 +89,7 @@ #endif /* NSS_ENABLE_ECC */ { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, + { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, #ifdef NSS_ENABLE_ECC { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, Index: nss/mozilla/security/nss/lib/ssl/sslenum.c =================================================================== --- nss.orig/mozilla/security/nss/lib/ssl/sslenum.c 2012-10-05 14:46:07.000000000 +0200 +++ nss/mozilla/security/nss/lib/ssl/sslenum.c 2012-10-05 14:48:39.701727613 +0200 @@ -35,7 +35,6 @@ #endif /* NSS_ENABLE_ECC */ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, #ifdef NSS_ENABLE_ECC TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, @@ -43,6 +42,7 @@ #endif /* NSS_ENABLE_ECC */ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* 128-bit */ #ifdef NSS_ENABLE_ECC