Bug 1222665

Summary: Cipher ecdhe-ecdsa-aes128-sha use with curl and NSSCipherSuite
Product: Red Hat Enterprise Linux 6 Reporter: Ryan Howe <rhowe>
Component: curlAssignee: Kamil Dudka <kdudka>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.6CC: kdudka
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: curl-7.19.7-43.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-05-22 15:56:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ryan Howe 2015-05-18 18:51:05 UTC 
Description of problem:  Use to ecdhe-ecdsa-aes128-sha cipher with Curl which is using NSSCipherSuite


Version-Release number of selected component (if applicable):

- nss-sysinit-3.18.0-5.3.el6_6.x86_64

- nss-3.18.0-5.3.el6_6.x86_64
- curl-7.19.7-40.el6_6.4.x86_64
- libcurl-7.19.7-40.el6_6.4.x86_64


How reproducible: Every time trying to use 


Steps to Reproduce: 

 # curl -1ISv --ciphers ecdhe_ecdsa_aes_128_sha https://cleverbot.io

Actual results:

* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unknown cipher in list: ecdhe_ecdsa_aes_128_sha
* NSS error -5978
* Closing connection #0
curl: (59) Unknown cipher in list: ecdhe_ecdsa_aes_128_sha

Expected results:


* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA


Additional info:
Attaching cloned bug for updated documentation on list of ciphers in NSSCipherSuite.
Comment 2 Kamil Dudka 2015-05-22 15:56:40 UTC 
I believe this is fixed in curl-7.19.7-43.el6.

*** This bug has been marked as a duplicate of bug 1058767 ***