$OpenBSD$

index ee357b6..3f9baf0 100644
--- security/nss/lib/ssl/sslsock.c.orig	Fri Feb 20 15:40:39 2015
+++ security/nss/lib/ssl/sslsock.c	Fri Feb 20 15:40:39 2015
@@ -80,7 +80,9 @@ static sslOptions ssl_defaults = {
     PR_TRUE,    /* cbcRandomIV        */
     PR_FALSE,   /* enableOCSPStapling */
     PR_TRUE,    /* enableNPN          */
-    PR_FALSE    /* enableALPN         */
+    PR_FALSE,   /* enableALPN         */
+    PR_FALSE,   /* dummy              */
+    PR_FALSE    /* enableFallbackSCSV */
 };
 
 /*
@@ -784,6 +786,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
         ss->opt.enableALPN = on;
         break;
 
+      case SSL_ENABLE_FALLBACK_SCSV:
+        ss->opt.enableFallbackSCSV = on;
+        break;
+
       default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         rv = SECFailure;
@@ -856,6 +862,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
     case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
     case SSL_ENABLE_NPN:          on = ss->opt.enableNPN;          break;
     case SSL_ENABLE_ALPN:         on = ss->opt.enableALPN;         break;
+    case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
 
     default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -919,6 +926,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
        break;
     case SSL_ENABLE_NPN:          on = ssl_defaults.enableNPN;          break;
     case SSL_ENABLE_ALPN:         on = ssl_defaults.enableALPN;         break;
+    case SSL_ENABLE_FALLBACK_SCSV:
+       on = ssl_defaults.enableFallbackSCSV;
+       break;
 
     default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -1094,6 +1104,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
         ssl_defaults.enableALPN = on;
         break;
 
+      case SSL_ENABLE_FALLBACK_SCSV:
+        ssl_defaults.enableFallbackSCSV = on;
+        break;
+
       default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;