One thing we definatly need to do if we upgrade NSS or otherwise update the security for the N900 is to make sure it passes this test page https://www.ssllabs.com/ssltest/viewMyClient.html and doesn't bring up any red flags on there. Right now it shows a bunch of red flags. Bringing in a newer version of NSS would probably solve a lot of this (since it would have SSL3 turned off and TLS1.2 support and not support weak ciphers and etc)