Bug 1215751

Summary: Need to support SHA384 TLS cipher suites
Product: Red Hat Enterprise Linux 7 Reporter: Elio Maldonado Batiz <emaldona>
Component: nss-utilAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED ERRATA QA Contact: Alicja Kario <hkario>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.2CC: arubin, emaldona, hkario, jherrman, jrieden, ksrot, rrelyea
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-util-3.19.1-3.el7 Doc Type: Enhancement
Doc Text:
The upgraded versions of nss, nss-util, and nss-softokn packages add support for the SHA384 TLS cipher suites according to PKCS #11 v2.40.
 Story Points: ---
Clone Of:
: 1216063 (view as bug list) Environment:
Last Closed: 2015-11-19 12:26:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 717785, 1212106, 1215760, 1216063    
Attachments:
Description Flags
Add to pkcs11t.h support SHA384 TLS cipher suites - nss-util none

Description Elio Maldonado Batiz 2015-04-27 16:23:24 UTC 
Description of problem:

In order to get on the CSfC approved list for TLS protected server, we need to select the following cipher suites in our CC security target:

* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289

Support needs to be added in nss-softokn and nss-util packages. nss-util owns the pkcs11t.h headers that nss-softokn needs.
Comment 3 Elio Maldonado Batiz 2015-04-28 12:04:41 UTC 
Created attachment 1019642 [details]
Add to pkcs11t.h support SHA384 TLS cipher suites - nss-util

Patch already approved as part of the review for Bug 1212106.
Comment 10 errata-xmlrpc 2015-11-19 12:26:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2121.html