Description of problem:
When trying to connect to a server which does not require client authentication and therefore no private keys should be in play, NSS still requires PIN for the database.
Version-Release number of selected component (if applicable):
The easiest way to reproduce this without having to implement own SSL-based client:
1. Have an Apache server with HTTPS access allowed.
2. Have the CA cert which was used to sign the Apache server cert in an NSS database
3. # /usr/lib64/nss/unsupported-tools/tstclnt -h apache.server.com -p 443 -d /path/to/nssdb/ -V tls1.0:tls1.2
Prompt saying 'Enter Password or Pin for "NSS FIPS 140-2 Certificate DB":'
Connect if the Apache server cert is valid.
In our case, we have an Apache server which we try to connect to using the HTTPS protocol, we use NSS to store the CA cert in and python-nss bindings to create the HTTPS connection.
I was debugging this and found out that the password prompt pops out during SSL handshake in ClientHello during ssl3_SendSupportedCurvesXtn() -> ssl3_IsECCEnabled(). This leads to our password_callback().
I guess this cannot be avoided, because NSS can produce temporary secret keys.
FIPS mode requires a password for the database, and I guess NSS enforces it, even when nothing is saved to disk. It might be difficult to distinguish whether any private key operations are memory-only or involve the disk, so NSS probably uses the safer approach.
I think it's by design that NSS always requires a database with a password in FIPS mode.
I assume this isn't causing any problems, rather than the inconvenience of having to set and use a database password.
I do not think that you are right.
While FIPS mode does require a password for the database and you can remove this requirement with --empty-password when setting the database up, this is a different issue.
Try setting up an NSS database, store a CA certificate there (you will need password, that's correct) and do `$ certutil -d /path/to/nssdb -L -n "My CA cert"'. You will not be prompted for password and that is I believe the correct behavior.
If you are performing an SSL connection as a client and you only need to perform server certificate verification, you should not be required to be doing anything more than listing the CA certificate as shown above. Any secrets between client and server should indeed be temporary and should not require being stored to the database. Also, no private keys are in play.
This was causing huge problems in FreeIPA when trying to run in FIPS mode. FreeIPA stores a CA certificate in an NSS database and uses it just for the server certificate verification during HTTPS connection. This means that any user trying to access any information in FreeIPA via our RPC interface would have to know the password to the NSS database which we can no way allow. We are moving from NSS to OpenSSL for this purpose because of this.
A client SSL/TLS connection to a server might require the creation of an ephemeral private key, depending on the cipher suite being used.
Thank you for the explanation.