1diff -pu a/nss/lib/ssl/sslreveal.c b/nss/lib/ssl/sslreveal.c 2--- a/nss/lib/ssl/sslreveal.c 2013-07-31 12:07:10.974699609 -0700 3+++ b/nss/lib/ssl/sslreveal.c 2013-07-31 12:41:08.684380521 -0700 4@@ -77,7 +77,6 @@ SSL_HandshakeNegotiatedExtension(PRFileD 5 { 6 /* some decisions derived from SSL_GetChannelInfo */ 7 sslSocket * sslsocket = NULL; 8- PRBool enoughFirstHsDone = PR_FALSE; 9 10 if (!pYes) { 11 PORT_SetError(SEC_ERROR_INVALID_ARGS); 12@@ -93,14 +92,8 @@ SSL_HandshakeNegotiatedExtension(PRFileD 13 14 *pYes = PR_FALSE; 15 16- if (sslsocket->firstHsDone) { 17- enoughFirstHsDone = PR_TRUE; 18- } else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) { 19- enoughFirstHsDone = PR_TRUE; 20- } 21- 22 /* according to public API SSL_GetChannelInfo, this doesn't need a lock */ 23- if (sslsocket->opt.useSecurity && enoughFirstHsDone) { 24+ if (sslsocket->opt.useSecurity) { 25 if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */ 26 /* now we know this socket went through ssl3_InitState() and 27 * ss->xtnData got initialized, which is the only member accessed by 28