It was found that the parsing of the NSSCipherSuite option of mod24_nss, which accepts OpenSSL-style cipherstrings, is flawed If the option is used to disable insecure ciphersuites using the common "!" syntax, it will actually enable those insecure ciphersuites (CVE-2015-5244) ...