Bug 1277611
Summary: | nss 3.19-1 is unable to connect to SSL servers using a public key starting with more than two leading 0 bits | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Felix Dewaleyne <fdewaley> | ||||
Component: | nss | Assignee: | nss-nspr-maint <nss-nspr-maint> | ||||
Status: | CLOSED ERRATA | QA Contact: | Hubert Kario <hkario> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 7.1 | CC: | cboitel, emaldona, fdewaley, hkario, kengert, nmavrogi, pvrabec, rrelyea, tfonteyn | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Fixed In Version: | nss-3.21.0-5.el7 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-11-04 03:56:11 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1203710, 1295396, 1296594, 1313485 | ||||||
Attachments: |
|
Description
Felix Dewaleyne
2015-11-03 16:20:50 UTC
Backport to 3.21, given that are likely to rebase, the upstream fix at https://bug1211403.bmoattachments.org/attachment.cgi?id=8695104 which was for https://bugzilla.mozilla.org/show_bug.cgi?id=1211403 and is targeted for the upstream nss-3.22 release. It should should be included. This issue can be solved using a rebase to nss-3.22. Created attachment 1127664 [details] Calculate DSA and DH key sizes based on prime, not public key Backport to nss-3.21 of https://hg.mozilla.org/projects/nss/rev/075e80f679d1 Comment on attachment 1127664 [details]
Calculate DSA and DH key sizes based on prime, not public key
r+ rrelyea
This is also more correct. A small public key is just as secure as any other public key as long as the private key is long enough (g is 2 and the public key is 8, then it's pretty obvious the private key is 3, which is too short).
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2335.html |