The problem is that the "ecdhe_rsa_aes_256_sha256" cipher was enabled in the configuration file (mod_nss.conf.in) but it wasn't added to the nss_engine_init.c file that causes an "Unknown cipher ecdhe_rsa_aes_256_sha256" error. I talked with Marcus who submitted these changes and he said: "I think it should not be in the config example. In nss_engine_init.c I added every useful cipher that Mozilla NSS has available currently. There is however no TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256, so "ecdhe_rsa_aes_256_sha256" should currently not be listed I think." It means that we don't support "ecdhe_rsa_aes_256_sha256" cipher now in mod_nss and it should be removed from the configuration example file.