cvs should be ported to use NSS library for cryptography.
See the tracking bug for details and links on how it could be done.
CVS uses md5 for checking if patched files in remote repository matches local
copies, so there is no need to switch to NSS, as it would be unnecessary
should this bug remain open per comment #1?