diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
--- a/nss/lib/ssl/ssl3con.c	2013-07-31 14:12:19.414856329 -0700
+++ b/nss/lib/ssl/ssl3con.c	2013-07-31 14:13:56.916288878 -0700
@@ -31,6 +31,15 @@
 #include "blapi.h"
 #endif
 
+/* This is a bodge to allow this code to be compiled against older NSS headers
+ * that don't contain the TLS 1.2 changes. */
+#ifndef CKM_NSS_TLS_PRF_GENERAL_SHA256
+#define CKM_NSS_TLS_PRF_GENERAL_SHA256          (CKM_NSS + 21)
+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256    (CKM_NSS + 22)
+#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256   (CKM_NSS + 23)
+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
+#endif
+
 #include <stdio.h>
 #ifdef NSS_ENABLE_ZLIB
 #include "zlib.h"
diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
--- a/nss/lib/ssl/ssl3ecc.c	2013-07-31 14:13:15.115674638 -0700
+++ b/nss/lib/ssl/ssl3ecc.c	2013-07-31 14:13:56.916288878 -0700
@@ -30,6 +30,12 @@
 
 #include <stdio.h>
 
+/* This is a bodge to allow this code to be compiled against older NSS headers
+ * that don't contain the TLS 1.2 changes. */
+#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
+#endif
+
 #ifdef NSS_ENABLE_ECC
 
 /*
diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
--- a/nss/lib/ssl/sslsock.c	2013-07-31 14:10:35.113325316 -0700
+++ b/nss/lib/ssl/sslsock.c	2013-07-31 14:16:39.538677991 -0700
@@ -17,8 +17,15 @@
 #ifndef NO_PKCS11_BYPASS
 #include "blapi.h"
 #endif
+#include "pk11pub.h"
 #include "nss.h"
 
+/* This is a bodge to allow this code to be compiled against older NSS headers
+ * that don't contain the TLS 1.2 changes. */
+#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
+#endif
+
 #define SET_ERROR_CODE   /* reminder */
 
 struct cipherPolicyStr {
@@ -1900,6 +1907,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLV
     return SECSuccess;
 }
 
+static PRCallOnceType checkTLS12TokenOnce;
+static PRBool tls12TokenExists;
+
+static PRStatus  
+ssl_CheckTLS12Token(void)
+{
+    tls12TokenExists =
+	PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256);
+    return PR_SUCCESS;
+}
+
+static PRBool
+ssl_TLS12TokenExists(void)
+{
+    (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token);
+    return tls12TokenExists;
+}
+
 SECStatus
 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
 {
@@ -1920,6 +1945,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons
     ssl_GetSSL3HandshakeLock(ss);
 
     ss->vrange = *vrange;
+    /* If we don't have a sufficiently up-to-date softoken then we cannot do
+     * TLS 1.2. */
+    if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 &&
+        !ssl_TLS12TokenExists()) {
+	/* If the user requested a minimum version of 1.2, then we don't
+	 * silently downgrade. */
+	if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) {
+	    ssl_ReleaseSSL3HandshakeLock(ss);
+	    ssl_Release1stHandshakeLock(ss);
+	    PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+	    return SECFailure;
+	}
+	ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1;
+    }
 
     ssl_ReleaseSSL3HandshakeLock(ss);
     ssl_Release1stHandshakeLock(ss);