It was reported that cipherstring parsing code incorrectly implements the multi-keyword mode in nss_compat_ossl. As a consequence anyone using a combination like ECDH+SHA will not get the expected set of ciphers ECDH-RSA-RC4-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-AES128-SHA ECDH-RSA-AES256-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-AES256-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA but instead will match DES-CBC-SHA DES-CBC3-SHA RC4-SHA EDH-RSA-DES-CBC-SHA EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC-SHA EDH-DSS-DES-CBC3-SHA EXP1024-DES-CBC-SHA EXP1024-RC4-SHA SEED-SHA AES128-SHA AES256-SHA CAMELLIA256-SHA CAMELLIA128-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-CAMELLIA256-SHA DHE-DSS-RC4-SHA DHE-DSS-AES128-SHA DHE-DSS-AES256-SHA DHE-DSS-CAMELLIA128-SHA DHE-DSS-CAMELLIA256-SHA ECDH-RSA-RC4-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-AES128-SHA ECDH-RSA-AES256-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-AES256-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA Acknowledgements: Red Hat would like to thank Martin Poole of Software Maintenance Engineering group for reporting this issue.