It was found that the parsing of the NSSCipherSuite option of mod24_nss, which accepts OpenSSL-style cipherstrings, is flawed. If the option is used to disable insecure ciphersuites using the common "!" syntax, it will actually enable those insecure ciphersuites