Description of problem: ssl\https either fails or takes many retries Version-Release number of selected component (if applicable): rpm -qa nss\* nss-3.13.1-9.fc16.x86_64 nss-util-3.13.1-3.fc16.x86_64 nss-softokn-3.13.1-14.fc16.x86_64 nss-myhostname-0.3-1.fc16.x86_64 nss-softokn-freebl-3.13.1-14.fc16.x86_64 nss-sysinit-3.13.1-9.fc16.x86_64 nss-mdns-0.10-9.fc15.x86_64 nss-gui-0.3.10-1.fc16.x86_64 How reproducible: Always about two weeks Across 32\64 bit F15\F16\F17(Rawhide) Steps to Reproduce: 1. try yum update with http\https 2. bugzilla from sealert 3. Actual results: slow or fail Expected results: sucess Additional info: http://lists.fedoraproject.org/pipermail/users/2011-December/411025.html
Created attachment 549585 [details] yum update c&p
libcurl does not work with nss-3.13, see bug 760060, pushing nss-3.13 to stable Fedora without having this major issue fixed was a big mistake. I would suggest to downgrade to nss-3.12 until a proper fix is available.
Will downgrade + cc'd on #760060 Will check if the new curl in F17 changes things tomorrow.
As of yet, there is no fix in curl. I tried curl from RHEL-6, F-15, F-16, and rawhide. All of them were broken when running on top of nss-3.13, but I have not had enough time to look further what exactly changed in nss.
A big change in nss 3.13 is that the default value of SSL_ENABLE_SSL2 changed to FALSE. See https://bugzilla.mozilla.org/show_bug.cgi?id=593080 Could that have any bearing on this slowdown?
Frank, please try this prior to running yum update: export NSS_SSL_CBC_RANDOM_IV=0 Does it make any difference?
Will test in morning on after bootup.
(In reply to comment #6) > Frank, please try this prior to running yum update: > > export NSS_SSL_CBC_RANDOM_IV=0 > > Does it make any difference? It appears to work, have been able to: sealert > bugzilla successfully. No (28,0) on yum update No snacks required for logging into gmail. Appreciate the extra mile.
See the discussion in https://bugzilla.redhat.com/show_bug.cgi?id=770682
nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/FEDORA-2012-0004/nss-3.13.1-10.fc16,nss-softokn-3.13.1-15.fc16
Package nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing nss-softokn-3.13.1-15.fc16 nss-3.13.1-10.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-0004/nss-3.13.1-10.fc16,nss-softokn-3.13.1-15.fc16 then log in and leave karma (feedback).
nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.