nss/nss-ssl-cbc-random-iv-off-by-default.patch

diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.770682 ./mozilla/security/nss/lib/ssl/sslsock.c
--- ./mozilla/security/nss/lib/ssl/sslsock.c.770682	2012-11-01 11:10:54.107504267 -0700
+++ ./mozilla/security/nss/lib/ssl/sslsock.c	2012-11-01 11:07:36.758464814 -0700
@@ -153,7 +153,7 @@ static sslOptions ssl_defaults = {
     3,          /* enableRenegotiation (default: transitional) */
     PR_FALSE,   /* requireSafeNegotiation */
     PR_FALSE,   /* enableFalseStart   */
-    PR_FALSE    /* cbcRandomIV        */ /* defaults to off for compatibility */
+    PR_TRUE     /* cbcRandomIV        */
 };
 
 /*
@@ -2833,9 +2833,9 @@ ssl_SetDefaultsFromEnvironment(void)
 	                PR_TRUE));
 	}
 	ev = getenv("NSS_SSL_CBC_RANDOM_IV");
-	if (ev && ev[0] == '1') {
-	    ssl_defaults.cbcRandomIV = PR_TRUE;
-	    SSL_TRACE(("SSL: cbcRandomIV set to 1"));
+	if (ev && ev[0] == '0') {
+	    ssl_defaults.cbcRandomIV = PR_FALSE;
+	    SSL_TRACE(("SSL: cbcRandomIV set to 0"));
 	}
     }
 #endif /* NSS_HAVE_GETENV */