Hi All, Good Morning. I am to new mod nss mailing list. I have described the issue I am facing to support TLSv1.2 Currently, our product use Apache 2.2.12 provided by SLES 11sp3. We are doing a securing hardening now by enabling only TLSv1.2 protocol and disabling other protocols. I tried to configure "SSLProtocol TLSv1.2". But after apache restart, it throws an error "invalid protocol". I came to know that mod_ssl refers openssl 0.9.8 version, though we have latest openssl 1.0.1(which supports TLSv1.2). The mod_ssl loads openssl0.9.8 always. It seems the latest Apache version 2.4.x supports TLSv1.2. But this apache version is available in SLES 12 only which wont be available for us for another 6 months.So, we dropped this option. So, the procurement team advised us to use mod_nss which can support TLSv1.2 with Apache 2.2.12. We started the migration from mod_ssl to mod_nss and everything went well, but the directive "SSLVerifyClient optional_no_ca" is not available with mod_nss. It provides only none,optional,require.So, we are blocked on this and could not migrate to mod_nss. If I configure optional, the handshake fails. But in case of none option , I understood from the doc's available from Internet that server won't request or require client certificate. But we have clients who send their certificate and we verify those certificate for authenticity at application level instead of in apache server(no ca at apache server ). So this scenario also fails when the application looks for certificate but not sent by client because of none option . Can you please suggest how to overcome this issue, any other alternatives. Thanks in advance. Regards, Mohan