This is a long-standing request from the web server. Customers want to have assurance that their web server stays up, even if their hardware accelerator fails. This is especially the case with network accelerators. The idea is that the certificate and private key live in two tokens - both in the accelerator and in the softoken. If the hardware token fails for any reason, libssl could try to do the operation on the other token that also contains the server's private key. This can apply to client applications as well. For instance, my personal cert lives both in a smartcard and in softoken. I corrupted the smartcard after my tests yesterday. As a result, I could no longer login to our internal bug repository web server that requires client auth. If fail-over was supported, NSS would have noticed that I also had the private key in the softoken, and tried to use it. Instead, I was forced to pull out my corrupted smartcard from the USB port in order to be able to login.