Red Hat Bugzilla – Bug 500877
Unable to start/run JAVA applications using NSS-3.12.3
Last modified: 2011-03-03 15:17:51 EST
Description of problem:
I updated to nss-3.12.3 packages on RHEL5.3, along with the nspr-4.7.4 packages. All my JAVA based servers/tools that use nss stops to work.
The following error was observed across all applications I tried:
CryptoManager.iitialize() failed:java.lang.SecurityException: Unable to set security policy
Another issue is:
when ECC keys are genearted for SSL server cert, it fails to connect.
So, run a RHCS CA with nss with the first issue fixed. Select ECC to be generated for all certs (including the SSL server cert). After that, clients (like browser) fails to connect to https port backed by the ECC SSL server.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
cfu, RHEL 5.3 does not yet have nss 3.12.3
Is part of your request that you need nss 3.12.3 delivered to your existing RHEL 5.3 based customers (can't wait for RHEL 5.4)
Scott, do you know why we can't request 5.3.z? flag in this bug?
In my understanding cfu wants this for 5.3 customers.
Hey Kai, no reason we can't. Setting 5.3.z and 5.4 to '?'.
Setting devel_ack to '+'. Fix critical to the delivery of Certificate System v8 in June.
*** Bug 504057 has been marked as a duplicate of this bug. ***
With the nss build thats part of the errata nss-188.8.131.52, RHCS QE has verified the following to work ok:
1 - All sanity tests documented in the RHCS QE test plans - OK
2 - Starting up RHCS on RHEL 5.3(up2date) - OK
3 - Functional/Load tests on RHCS on RHEL 5.3 with nss-184.108.40.206 with keys
stored on netHSM 2000 - OK
4 - Setting up RHCS on RHEL 5.3 with nss-220.127.116.11 with ECC on nethsm2000 - OK
5 - Setting up RHCS on RHEL 5.3 with nss-18.104.22.168 with ECC via certicom - OK.
Since the above mentioned tests have PASSED, I consider this bug as VERIFIED.
Chandrasekar, could you please re-test with the 5.5 version, nss-3.12.3-5.el5 from