diff --git a/apache2-mod_nss.changes b/apache2-mod_nss.changes
index d321d44..ed15adc 100644
--- a/apache2-mod_nss.changes
+++ b/apache2-mod_nss.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Aug 21 07:50:57 UTC 2014 - meissner@suse.com
+
+- mod_nss-cipherlist_update_for_tls12-doc.diff,
+ mod_nss-cipherlist_update_for_tls12.diff,
+ mod_nss.conf.in: Added more TLS 1.2 ciphers, the CBC with SHA256.
+
-------------------------------------------------------------------
Thu Jul 24 12:49:29 CEST 2014 - draht@suse.de
diff --git a/mod_nss-cipherlist_update_for_tls12-doc.diff b/mod_nss-cipherlist_update_for_tls12-doc.diff
index eed96d7..0b132b0 100644
--- a/mod_nss-cipherlist_update_for_tls12-doc.diff
+++ b/mod_nss-cipherlist_update_for_tls12-doc.diff
@@ -1,7 +1,7 @@
diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
--- ../mod_nss-1.0.8-o/docs/mod_nss.html 2014-02-18 16:30:19.000000000 +0100
+++ ./docs/mod_nss.html 2014-02-18 16:48:18.000000000 +0100
-@@ -632,100 +632,121 @@
+@@ -632,100 +632,135 @@
| SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 |
@@ -53,11 +53,18 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 |
+
++ rsa_aes_128_sha256
++ |
++ TLS_RSA_WITH_AES_128_CBC_SHA256
++ |
++ TLSv1.2 |
++
++
+ rsa_aes_128_gcm_sha
+ |
+ TLS_RSA_WITH_AES_128_GCM_SHA256
+ |
-+ TLSv1.0/TLSv1.1/TLSv1.2 |
++ TLSv1.2 |
+
+
+ rsa_camellia_128_sha
@@ -72,6 +79,13 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
+ | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ |
+ TLSv1.0/TLSv1.1/TLSv1.2 |
++
++
++ rsa_aes_256_sha256
++ |
++ TLS_RSA_WITH_AES_256_CBC_SHA256
++ |
++ TLSv1.2 |
+
@@ -123,7 +137,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
ecdhe_ecdsa_rc4_128_sha |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
TLSv1.0/TLSv1.1/TLSv1.2 |
-@@ -773,100 +794,120 @@
+@@ -773,100 +794,130 @@
| echde_rsa_null |
TLS_ECDHE_RSA_WITH_NULL_SHA |
@@ -175,6 +189,16 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
TLSv1.0/TLSv1.1/TLSv1.2 |
+
++ | ecdh_ecdsa_aes_128_sha256 |
++ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
++ TLSv1.2 |
++
++
++ | ecdh_rsa_aes_128_sha256 |
++ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
++ TLSv1.2 |
++
++
+ | ecdh_ecdsa_aes_128_gcm_sha |
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
+ TLSv1.0/TLSv1.1/TLSv1.2 |
diff --git a/mod_nss-cipherlist_update_for_tls12.diff b/mod_nss-cipherlist_update_for_tls12.diff
index fb3e1ed..7bee592 100644
--- a/mod_nss-cipherlist_update_for_tls12.diff
+++ b/mod_nss-cipherlist_update_for_tls12.diff
@@ -53,10 +53,10 @@ diff -rNU 50 ../mod_nss-1.0.8-o/mod_nss.h ./mod_nss.h
/* the table itself is defined in nss_engine_init.c */
#ifdef NSS_ENABLE_ECC
-#define ciphernum 48
-+#define ciphernum 55
++#define ciphernum 59
#else
-#define ciphernum 23
-+#define ciphernum 26
++#define ciphernum 28
#endif
/*
@@ -110,7 +110,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/mod_nss.h ./mod_nss.h
diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
--- ../mod_nss-1.0.8-o/nss_engine_init.c 2014-02-18 16:30:19.000000000 +0100
+++ ./nss_engine_init.c 2014-02-18 16:30:51.000000000 +0100
-@@ -15,122 +15,130 @@
+@@ -15,122 +15,134 @@
#include "mod_nss.h"
#include "apr_thread_proc.h"
@@ -161,9 +161,11 @@ diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
{"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, 0, SSL3 | TLS},
/* AES ciphers.*/
{"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA, 0, SSL3 | TLS},
++ {"rsa_aes_128_sha256", TLS_RSA_WITH_AES_128_CBC_SHA256, 0, TLS},
+ {"rsa_aes_128_gcm_sha", TLS_RSA_WITH_AES_128_GCM_SHA256, 0, TLS},
+ {"rsa_camellia_128_sha", TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 0, TLS},
{"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA, 0, SSL3 | TLS},
++ {"rsa_aes_256_sha256", TLS_RSA_WITH_AES_256_CBC_SHA256, 0, TLS},
+ {"rsa_camellia_256_sha", TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 0, TLS},
+
#ifdef NSS_ENABLE_ECC
@@ -178,6 +180,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
{"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0, TLS},
{"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 0, TLS},
{"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 0, TLS},
++ {"ecdhe_ecdsa_aes_128_sha256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0, TLS},
+ {"ecdhe_ecdsa_aes_128_gcm_sha", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0, TLS},
{"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 0, TLS},
{"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA, 0, TLS},
@@ -190,6 +193,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
{"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0, TLS},
{"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 0, TLS},
{"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0, TLS},
++ {"ecdhe_rsa_aes_128_sha256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0, TLS},
+ {"ecdhe_rsa_aes_128_gcm_sha", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0, TLS},
{"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0, TLS},
{"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA, 0, TLS},
diff --git a/mod_nss.conf.in b/mod_nss.conf.in
index 2a980bf..ad35f30 100644
--- a/mod_nss.conf.in
+++ b/mod_nss.conf.in
@@ -216,7 +216,7 @@ NSSRequireSafeNegotiation off
# * no rc4, no 3des, no des
# * ephemeral is what you want (PFS).
# * EC has precedence over RSA
-NSSCipherSuite +ecdhe_ecdsa_aes_128_gcm_sha,+ecdh_ecdsa_aes_128_gcm_sha,+ecdhe_rsa_aes_256_sha,+ecdh_rsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha,+ecdh_rsa_aes_128_gcm_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_128_sha,+rsa_aes_128_gcm_sha,+rsa_aes_256_sha,+rsa_aes_128_sha
+NSSCipherSuite +ecdhe_ecdsa_aes_128_gcm_sha,+ecdh_ecdsa_aes_128_gcm_sha,+ecdhe_rsa_aes_256_sha,+ecdh_rsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha,+ecdh_rsa_aes_128_gcm_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_128_sha,+rsa_aes_128_gcm_sha,+rsa_aes_256_sha,+rsa_aes_128_sha,+rsa_aes_128_sha256,+ecdhe_rsa_aes_256_sha256,+rsa_aes_256_sha256,+ecdhe_rsa_aes_256_sha256
# SSL Protocol:
# Cryptographic protocols that provide communication security.