Red Hat Bugzilla – Bug 770419
ssl https slowness login problems
Last modified: 2012-01-11 01:18:41 EST
Description of problem: ssl\https either fails or takes many retries
Version-Release number of selected component (if applicable):
rpm -qa nss\*
How reproducible: Always about two weeks
Across 32\64 bit F15\F16\F17(Rawhide)
Steps to Reproduce:
1. try yum update with http\https
2. bugzilla from sealert
Actual results: slow or fail
Expected results: sucess
Created attachment 549585 [details]
yum update c&p
libcurl does not work with nss-3.13, see bug 760060, pushing nss-3.13 to stable Fedora without having this major issue fixed was a big mistake. I would suggest to downgrade to nss-3.12 until a proper fix is available.
Will downgrade + cc'd on #760060
Will check if the new curl in F17 changes things tomorrow.
As of yet, there is no fix in curl. I tried curl from RHEL-6, F-15, F-16, and rawhide. All of them were broken when running on top of nss-3.13, but I have not had enough time to look further what exactly changed in nss.
A big change in nss 3.13 is that the default value of SSL_ENABLE_SSL2 changed to FALSE. See https://bugzilla.mozilla.org/show_bug.cgi?id=593080
Could that have any bearing on this slowdown?
Frank, please try this prior to running yum update:
Does it make any difference?
Will test in morning on after bootup.
(In reply to comment #6)
> Frank, please try this prior to running yum update:
> export NSS_SSL_CBC_RANDOM_IV=0
> Does it make any difference?
It appears to work,
have been able to:
sealert > bugzilla successfully.
No (28,0) on yum update
No snacks required for logging into gmail.
Appreciate the extra mile.
See the discussion in https://bugzilla.redhat.com/show_bug.cgi?id=770682
nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16 has been submitted as an update for Fedora 16.
Package nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nss-softokn-3.13.1-15.fc16 nss-3.13.1-10.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.