When renegotiating, continue to use the client_version used in the initial ClientHello

net/third_party/nss/README.chromium

 Name: Network Security Services (NSS)
 URL: http://www.mozilla.org/projects/security/pki/nss/
 Version: 3.13.4 pre-release snapshot 20120319
 Security Critical: Yes
 License: MPL 1.1/GPL 2.0/LGPL 2.1
 License FILE: NOT_SHIPPED
 
 This directory includes a copy of NSS's libssl from the CVS repo at:
   :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
 
@@ skipping 72 matching lines @@
     instead of crSpec to support False Start.
     https://bugzilla.mozilla.org/show_bug.cgi?id=766137
     patches/getchannelinfo.patch
 
   * Add support for extracting the tls-unique channel binding value
     patches/tlsunique.patch
 
   * Don't crash when the SSL keylog file cannot be opened.
     patches/sslkeylogerror.patch
 
-  * Set the record layer version number of ClientHello to at most TLS 1.0
-    if we don't know what protocol version the server supports.
+  * Set the record layer version number of the initial ClientHello to at
+    most TLS 1.0 if we don't know what protocol version the server supports.
     https://bugzilla.mozilla.org/show_bug.cgi?id=774547
     patches/recordlayerversion.patch
 
   * Replace hardcoded ssl_variant_stream by ss->protocolVariant.
     https://bugzilla.mozilla.org/show_bug.cgi?id=681065
     patches/sslprotocolvariant.patch
 
+  * When renegotiating, continue to use the client_version used in the
+    initial ClientHello to work around a Windows SChannel bug.
+    https://bugzilla.mozilla.org/show_bug.cgi?id=783448
+    patches/renegoclientversion.patch
+
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
 
 The ssl/bodge directory contains files taken from the NSS repo that we required
 for building libssl outside of its usual build environment.