Red Hat Bugzilla – Bug 1259216
CVE-2015-5244 mod_nss: incorrect ciphersuite parsing
Last modified: 2016-06-10 02:54:20 EDT
The NSSCipherSuite option of mod_nss accepts OpenSSL-styled cipherstrings. It was found that the parsing of such cipherstrings is flawed. If this option is used to disable insecure ciphersuites using the common "!" syntax, e.g.:
it will actually enable those insecure ciphersuites.
This issue was discovered Hubert Kario of Red Hat.
Created mod_nss tracking bugs for this issue:
Affects: fedora-all [bug 1263070]
mod_nss-1.0.12-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
This issue was fixed upstream via the following commit: