Bug 1342720

Summary: Apache doesn't start since nss 3.24.0
Product: [Fedora] Fedora Reporter: Remi Collet <fedora>
Component: mod_nssAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: mharmsen, rcritten
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-06 12:29:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1342158    
Bug Blocks:    

Description Remi Collet 2016-06-04 05:29:38 UTC 
Description of problem:
[Sat Jun 04 06:14:39.506300 2016] [:error] [pid 1512] NSSProtocol:  SSL/TLS protocol initialization failed.
[Sat Jun 04 06:14:39.506311 2016] [:error] [pid 1512] SSL Library Error: -8187 Security library: invalid arguments


Version-Release number of selected component (if applicable):
mod_nss-1.0.12-4.fc23
nss-3.24.0-1.1.fc23

Removing mod_ssl allow to start apache, but is of course not wanted.
Comment 1 Rob Crittenden 2016-06-05 02:08:54 UTC 
See the upstream NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1277569 . It is fixed but unreleased.

There are no published security fixes in NSS 3.24.0 so backing down to 3.23.0 is a short-term workaround until either the fix is released upstream in NSS or patched in Fedora.

Leaving as mod_nss bug for now since it can be worked around by requiring >= NSS 3.24.0 and not explicitly disabling SSL v2.
Comment 2 Rob Crittenden 2016-06-06 12:29:31 UTC 
Fixed in NSS package nss-3.24.0-1.2, closing.