Bug 500877 - Unable to start/run JAVA applications using NSS-3.12.3
Unable to start/run JAVA applications using NSS-3.12.3
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss (Show other bugs)
All Linux
urgent Severity high
: rc
: 5.3.z
Assigned To: Elio Maldonado Batiz
: ZStream
: 504057 (view as bug list)
Depends On: 500454
Blocks: 223279 455305 499052 502201 506973
  Show dependency treegraph
Reported: 2009-05-14 12:06 EDT by Christina Fu
Modified: 2011-03-03 15:17 EST (History)
8 users (show)

See Also:
Fixed In Version: nss-3.12.7-2.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-03-03 15:17:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Christina Fu 2009-05-14 12:06:25 EDT
Description of problem:
I updated to nss-3.12.3 packages on RHEL5.3, along with the nspr-4.7.4 packages.  All my JAVA based servers/tools that use nss stops to work.

The following error was observed across all applications I tried:

CryptoManager.iitialize() failed:java.lang.SecurityException: Unable to set security policy 

Another issue is:
 when ECC keys are genearted for SSL server cert, it fails to connect.

So, run a RHCS CA with nss with the first issue fixed.  Select ECC to be generated for all certs (including the SSL server cert).  After that, clients (like browser) fails to connect to https port backed by the ECC SSL server.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Kai Engert (:kaie) 2009-05-14 12:53:24 EDT
cfu, RHEL 5.3 does not yet have nss 3.12.3

Is part of your request that you need nss 3.12.3 delivered to your existing RHEL 5.3 based customers (can't wait for RHEL 5.4)
Comment 2 Kai Engert (:kaie) 2009-05-14 12:55:46 EDT
Scott, do you know why we can't request 5.3.z? flag in this bug?
In my understanding cfu wants this for 5.3 customers.
Comment 3 Scott Haines 2009-05-14 14:36:23 EDT
Hey Kai, no reason we can't.  Setting 5.3.z and 5.4 to '?'.
Comment 4 Scott Haines 2009-05-18 11:42:24 EDT
Setting devel_ack to '+'.  Fix critical to the delivery of Certificate System v8 in June.
Comment 12 Kai Engert (:kaie) 2009-06-04 18:28:48 EDT
*** Bug 504057 has been marked as a duplicate of this bug. ***
Comment 13 Chandrasekar Kannan 2009-07-13 09:34:44 EDT
With the nss build thats part of the errata nss-, RHCS QE has verified the following to work ok:

1 - All sanity tests documented in the RHCS QE test plans - OK
2 - Starting up RHCS on RHEL 5.3(up2date) - OK
3 - Functional/Load tests on RHCS on RHEL 5.3 with nss- with keys
    stored on netHSM 2000 - OK
4 - Setting up RHCS on RHEL 5.3 with nss- with ECC on nethsm2000 - OK
5 - Setting up RHCS on RHEL 5.3 with nss- with ECC via certicom - OK.

Since the above mentioned tests have PASSED, I consider this bug as VERIFIED.
Comment 16 Chris Ward 2010-01-27 05:07:41 EST
Chandrasekar, could you please re-test with the 5.5 version, nss-3.12.3-5.el5 from 

https://errata.devel.redhat.com/errata/show/8598 ?

Note You need to log in before you can comment on or make changes to this bug.