This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements: - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Drop mod_nss_migrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at startup. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Don"t ignore NSSProtocol when NSSFIPS is enabled. - Use proper shell syntax to avoid creating /0 in gencert. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env. - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets . - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against. - Add the SECURE_RENEG environment variable. - Add some hints when NSS database cannot be initialized. - Code cleanup including trailing whitespace and compiler warnings. - Modernize autotools configuration slightly, add config.h. - Add small test suite for SNI. - Add compatibility for mod_ssl-style cipher definitions. - Add Camelia ciphers. - Remove Fortezza ciphers. - Add TLSv1.2-specific ciphers. - Initialize cipher list when re-negotiating handshake. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don"t enable SSL 3 by default. - Improve protocol testing. - Add nss_pcache man page. - Fix argument handling in nss_pcache. - Support httpd 2.4+. - Allow users to configure a helper to ask for certificate passphrases via NSSPassPhraseDialog