Bug 979799

Summary: current nss support TLS 1.1 so mod_nss should pick it up
Product: Red Hat Enterprise Linux 6 Reporter: David Jaša <djasa>
Component: mod_nssAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED DUPLICATE QA Contact: Kaleem <ksiddiqu>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.5CC: dpal, mharmsen, nkinder
Target Milestone: beta   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 979798 Environment:
Last Closed: 2013-10-29 18:05:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 979719    

Description David Jaša 2013-06-30 17:59:58 UTC
+++ This bug was initially created as a clone of Bug #979798 +++

Description of problem:
nss >= 3.14 supports TLS 1.1 so mod_tls should support it automatically

Version-Release number of selected component (if applicable):
mod_nss-1.0.8-20.1.fc19.armv7hl
nss-3.14.3-13.0.fc19.armv7hl

How reproducible:
always

Steps to Reproduce:
1. specify NSSProtocol TLSv1.1 in /etc/apache/conf.d/nss.conf
2. connect to the server with client that supports just TLS >= 1.1
3.

Actual results:
connection fails

Expected results:
connection is established

Additional info:
TLSv1.2 should be picked up automatically once nss supports it, too

Comment 1 Matthew Harmsen 2013-10-29 18:05:39 UTC
(In reply to David Jaša from comment #0)
> +++ This bug was initially created as a clone of Bug #979798 +++
> 
> Description of problem:
> nss >= 3.14 supports TLS 1.1 so mod_tls should support it automatically
> 
> Version-Release number of selected component (if applicable):
> mod_nss-1.0.8-20.1.fc19.armv7hl
> nss-3.14.3-13.0.fc19.armv7hl
> 

Support for TLS v1.1 in RHEL 6 has been provided since mod_nss-1.0.8-17.el6, so I am marking this bug as a DUPLICATE of 'Bugzilla Bug #816394 - [RFE] Provide Apache 2.2 support for TLS v1.1 via NSS through mod_nss . . .'.

The patch which supported this has now been ported upstream and is available in the following Brew builds which are awaiting karma in Bodhi:

* mod_nss-1.0.8-24.fc18
* mod_nss-1.0.8-24.fc19
* mod_nss-1.0.8-24.fc20

Please feel free to provide karma for these builds.

Finally, I noticed that since the packages referenced must be customized builds for the 'armv7hl' architecture, please try using the appropriate Fedora SRPM to reproduce your packages.

> How reproducible:
> always
> 
> Steps to Reproduce:
> 1. specify NSSProtocol TLSv1.1 in /etc/apache/conf.d/nss.conf
> 2. connect to the server with client that supports just TLS >= 1.1
> 3.
> 
> Actual results:
> connection fails
> 
> Expected results:
> connection is established
> 
> Additional info:
> TLSv1.2 should be picked up automatically once nss supports it, too

*** This bug has been marked as a duplicate of bug 816394 ***