1diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c 2--- a/nss/lib/ssl/ssl3con.c 2014-01-17 19:00:52.843413560 -0800 3+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 19:01:36.374129696 -0800 4@@ -11318,7 +11318,7 @@ ssl3_FinishHandshake(sslSocket * ss) 5 ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE; 6 } 7 8- if (ss->ssl3.hs.cacheSID) { 9+ if (ss->ssl3.hs.cacheSID && ss->sec.isServer) { 10 PORT_Assert(ss->sec.ci.sid->cached == never_cached); 11 (*ss->sec.cache)(ss->sec.ci.sid); 12 ss->ssl3.hs.cacheSID = PR_FALSE; 13diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h 14--- a/nss/lib/ssl/ssl.h 2014-01-17 19:00:52.843413560 -0800 15+++ b/nss/lib/ssl/ssl.h 2014-01-17 19:01:36.374129696 -0800 16@@ -892,6 +892,18 @@ SSL_IMPORT int SSL_DataPending(PRFileDes 17 SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd); 18 19 /* 20+** Cache the SSL session associated with fd, if it has not already been cached. 21+*/ 22+SSL_IMPORT SECStatus SSL_CacheSession(PRFileDesc *fd); 23+ 24+/* 25+** Cache the SSL session associated with fd, if it has not already been cached. 26+** This function may only be called when processing within a callback assigned 27+** via SSL_HandshakeCallback 28+*/ 29+SSL_IMPORT SECStatus SSL_CacheSessionUnlocked(PRFileDesc *fd); 30+ 31+/* 32 ** Return a SECItem containing the SSL session ID associated with the fd. 33 */ 34 SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd); 35diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c 36--- a/nss/lib/ssl/sslsecur.c 2014-01-17 17:59:03.242109996 -0800 37+++ b/nss/lib/ssl/sslsecur.c 2014-01-17 19:01:36.374129696 -0800 38@@ -1469,6 +1469,49 @@ SSL_InvalidateSession(PRFileDesc *fd) 39 return rv; 40 } 41 42+static void 43+ssl3_CacheSessionUnlocked(sslSocket *ss) 44+{ 45+ PORT_Assert(!ss->sec.isServer); 46+ 47+ if (ss->ssl3.hs.cacheSID) { 48+ ss->sec.cache(ss->sec.ci.sid); 49+ ss->ssl3.hs.cacheSID = PR_FALSE; 50+ } 51+} 52+ 53+SECStatus 54+SSL_CacheSession(PRFileDesc *fd) 55+{ 56+ sslSocket * ss = ssl_FindSocket(fd); 57+ SECStatus rv = SECFailure; 58+ 59+ if (ss) { 60+ ssl_Get1stHandshakeLock(ss); 61+ ssl_GetSSL3HandshakeLock(ss); 62+ 63+ ssl3_CacheSessionUnlocked(ss); 64+ rv = SECSuccess; 65+ 66+ ssl_ReleaseSSL3HandshakeLock(ss); 67+ ssl_Release1stHandshakeLock(ss); 68+ } 69+ return rv; 70+} 71+ 72+SECStatus 73+SSL_CacheSessionUnlocked(PRFileDesc *fd) 74+{ 75+ sslSocket * ss = ssl_FindSocket(fd); 76+ SECStatus rv = SECFailure; 77+ 78+ if (ss) { 79+ ssl3_CacheSessionUnlocked(ss); 80+ rv = SECSuccess; 81+ } 82+ return rv; 83+} 84+ 85 SECItem * 86 SSL_GetSessionID(PRFileDesc *fd) 87 { 88