$PROTOCOL seems to refer prefix "TLS" or "SSL" of cipher suites.
However, these prefix does not correspond to actual protocol.
ex. TLS 1.0 connection (security.tls.version.max = 1 and security.tls.version.min = 1) to github.com shows "SSL_RSA_WITH_RC4_128_SHA".
Difference between prefix "SSL" and "TLS" is just the definition in NSS, not actual TLS/SSL connection.
http://hg.mozilla.org/mozilla-central/file/70f21fad60a4/security/nss/lib/ssl/ssl3con.c#l291
Old cipher suites which defined in SSL 3.0 (RSA key exchange with RC4, 3DES etc.) have "SSL" prefix even used in TLS connection.
ex.
{SSL_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa},
{SSL_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa},
{SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa},
New cipher suites which added with TLS 1.0 or later (AES, ECC key exchange, forward secrecy etc.) have "TLS" prefix.
ex.
{TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa}
{TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa}
{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa}