Bug 800676

Summary: Need nss workaround for freebl bug that causes openswan to drop connections
Product: [Fedora] Fedora Reporter: Elio Maldonado Batiz <emaldona>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: rawhideCC: amarecek, avagarwa, emaldona, jpallich, jwest, kdudka, kengert, ksrot, rrelyea
Target Milestone: ---Keywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-3.13.3-2.fc18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 783315 Environment:
Last Closed: 2013-03-11 23:03:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 783315, 855809    
Bug Blocks: 768162, 786436    

Comment 1 Elio Maldonado Batiz 2012-03-25 19:52:18 UTC
From http://rhn.redhat.com/errata/RHBA-2012-0337.html

Previously, due to a bug in the FreeBL library, Openswan could generate a Key
Exchange payload that was one byte shorter than what was required by the Diffie
Hellman (DH) protocol. As a consequence, Openswan dropped connections during
such payloads. With this update, the size of the payload is set to zero by
default, and the Softoken module is queried for the size. Connections are no
longer dropped by Openswan in the described scenario.

Comment 2 Elio Maldonado Batiz 2013-03-11 23:03:27 UTC
This was fixed with a patch that has seen been applied upstream and we have updated nss past that version. I'm closing this bug.