Tor with NSS must not claim to support LinkAuth=1
LinkAuth=1 is the older one that pokes inside the world of TLS master secrets. NSS sensibly doesn't let us do that, and makes us use RFC5705 like sensible people.
We shouldn't claim to support it, though.
I'm making this a separate ticket from the rest of NSS-TLS, though, since once we merge this, Tor clients and servers will stop working with NSS until #27286 (moved) is merged to update the list of required protocols.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information