Bug 770419 - ssl https slowness login problems
ssl https slowness login problems
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: nss (Show other bugs)
16
x86_64 Linux
unspecified Severity urgent
: ---
: ---
Assigned To: Elio Maldonado Batiz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-26 07:18 EST by Frank Murphy
Modified: 2012-01-11 01:18 EST (History)
6 users (show)

See Also:
Fixed In Version: nss-softokn-3.13.1-15.fc16
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-01-11 01:18:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
yum update c&p (9.46 KB, text/plain)
2011-12-26 07:19 EST, Frank Murphy
no flags Details

  None (edit)
Description Frank Murphy 2011-12-26 07:18:35 EST
Description of problem: ssl\https either fails or takes many retries


Version-Release number of selected component (if applicable):
rpm -qa nss\*
nss-3.13.1-9.fc16.x86_64
nss-util-3.13.1-3.fc16.x86_64
nss-softokn-3.13.1-14.fc16.x86_64
nss-myhostname-0.3-1.fc16.x86_64
nss-softokn-freebl-3.13.1-14.fc16.x86_64
nss-sysinit-3.13.1-9.fc16.x86_64
nss-mdns-0.10-9.fc15.x86_64
nss-gui-0.3.10-1.fc16.x86_64



How reproducible: Always about two weeks
Across 32\64 bit F15\F16\F17(Rawhide)


Steps to Reproduce:
1. try yum update with http\https
2. bugzilla from sealert
3.
  
Actual results: slow or fail


Expected results: sucess


Additional info:
http://lists.fedoraproject.org/pipermail/users/2011-December/411025.html
Comment 1 Frank Murphy 2011-12-26 07:19:59 EST
Created attachment 549585 [details]
yum update c&p
Comment 2 Kamil Dudka 2011-12-26 12:20:27 EST
libcurl does not work with nss-3.13, see bug 760060, pushing nss-3.13 to stable Fedora without having this major issue fixed was a big mistake.  I would suggest to downgrade to nss-3.12 until a proper fix is available.
Comment 3 Frank Murphy 2011-12-26 12:47:36 EST
Will downgrade + cc'd on #760060

Will check if the new curl in F17 changes things tomorrow.
Comment 4 Kamil Dudka 2011-12-26 13:04:03 EST
As of yet, there is no fix in curl.  I tried curl from RHEL-6, F-15, F-16, and rawhide.  All of them were broken when running on top of nss-3.13, but I have not had enough time to look further what exactly changed in nss.
Comment 5 Elio Maldonado Batiz 2011-12-26 19:37:06 EST
A big change in nss 3.13 is that the default value of SSL_ENABLE_SSL2 changed to FALSE. See https://bugzilla.mozilla.org/show_bug.cgi?id=593080
Could that have any bearing on this slowdown?
Comment 6 Kamil Dudka 2011-12-27 08:50:31 EST
Frank, please try this prior to running yum update:

export NSS_SSL_CBC_RANDOM_IV=0

Does it make any difference?
Comment 7 Frank Murphy 2011-12-27 09:03:02 EST
Will test in morning on after bootup.
Comment 8 Frank Murphy 2011-12-28 01:27:35 EST
(In reply to comment #6)
> Frank, please try this prior to running yum update:
> 
> export NSS_SSL_CBC_RANDOM_IV=0
> 
> Does it make any difference?

It appears to work,
have been able to:
sealert > bugzilla successfully.
No (28,0) on yum update
No snacks required for logging into gmail.

Appreciate the extra mile.
Comment 9 Elio Maldonado Batiz 2012-01-07 12:34:01 EST
See the discussion in https://bugzilla.redhat.com/show_bug.cgi?id=770682
Comment 10 Fedora Update System 2012-01-07 12:46:19 EST
nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/FEDORA-2012-0004/nss-3.13.1-10.fc16,nss-softokn-3.13.1-15.fc16
Comment 11 Fedora Update System 2012-01-07 18:07:50 EST
Package nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nss-softokn-3.13.1-15.fc16 nss-3.13.1-10.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-0004/nss-3.13.1-10.fc16,nss-softokn-3.13.1-15.fc16
then log in and leave karma (feedback).
Comment 12 Fedora Update System 2012-01-11 01:18:41 EST
nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.