1342720 – Apache doesn't start since nss 3.24.0

Bug 1342720 - Apache doesn't start since nss 3.24.0

Summary: Apache doesn't start since nss 3.24.0

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mod_nss
Sub Component:
Version:	23
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Matthew Harmsen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	1342158
Blocks:
TreeView+	depends on / blocked

Reported:	2016-06-04 05:29 UTC by Remi Collet
Modified:	2016-06-06 12:29 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-06-06 12:29:31 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Remi Collet 2016-06-04 05:29:38 UTC

Description of problem:
[Sat Jun 04 06:14:39.506300 2016] [:error] [pid 1512] NSSProtocol:  SSL/TLS protocol initialization failed.
[Sat Jun 04 06:14:39.506311 2016] [:error] [pid 1512] SSL Library Error: -8187 Security library: invalid arguments


Version-Release number of selected component (if applicable):
mod_nss-1.0.12-4.fc23
nss-3.24.0-1.1.fc23

Removing mod_ssl allow to start apache, but is of course not wanted.

Comment 1 Rob Crittenden 2016-06-05 02:08:54 UTC

See the upstream NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1277569 . It is fixed but unreleased.

There are no published security fixes in NSS 3.24.0 so backing down to 3.23.0 is a short-term workaround until either the fix is released upstream in NSS or patched in Fedora.

Leaving as mod_nss bug for now since it can be worked around by requiring >= NSS 3.24.0 and not explicitly disabling SSL v2.

Comment 2 Rob Crittenden 2016-06-06 12:29:31 UTC

Fixed in NSS package nss-3.24.0-1.2, closing.

Note You need to log in before you can comment on or make changes to this bug.