Bug 770419 - ssl https slowness login problems
Summary: ssl https slowness login problems
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: nss
Version: 16
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Elio Maldonado Batiz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-12-26 12:18 UTC by Frank Murphy
Modified: 2012-01-11 06:18 UTC (History)
6 users (show)

Fixed In Version: nss-softokn-3.13.1-15.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-01-11 06:18:41 UTC


Attachments (Terms of Use)
yum update c&p (9.46 KB, text/plain)
2011-12-26 12:19 UTC, Frank Murphy
no flags Details

Description Frank Murphy 2011-12-26 12:18:35 UTC
Description of problem: ssl\https either fails or takes many retries


Version-Release number of selected component (if applicable):
rpm -qa nss\*
nss-3.13.1-9.fc16.x86_64
nss-util-3.13.1-3.fc16.x86_64
nss-softokn-3.13.1-14.fc16.x86_64
nss-myhostname-0.3-1.fc16.x86_64
nss-softokn-freebl-3.13.1-14.fc16.x86_64
nss-sysinit-3.13.1-9.fc16.x86_64
nss-mdns-0.10-9.fc15.x86_64
nss-gui-0.3.10-1.fc16.x86_64



How reproducible: Always about two weeks
Across 32\64 bit F15\F16\F17(Rawhide)


Steps to Reproduce:
1. try yum update with http\https
2. bugzilla from sealert
3.
  
Actual results: slow or fail


Expected results: sucess


Additional info:
http://lists.fedoraproject.org/pipermail/users/2011-December/411025.html

Comment 1 Frank Murphy 2011-12-26 12:19:59 UTC
Created attachment 549585 [details]
yum update c&p

Comment 2 Kamil Dudka 2011-12-26 17:20:27 UTC
libcurl does not work with nss-3.13, see bug 760060, pushing nss-3.13 to stable Fedora without having this major issue fixed was a big mistake.  I would suggest to downgrade to nss-3.12 until a proper fix is available.

Comment 3 Frank Murphy 2011-12-26 17:47:36 UTC
Will downgrade + cc'd on #760060

Will check if the new curl in F17 changes things tomorrow.

Comment 4 Kamil Dudka 2011-12-26 18:04:03 UTC
As of yet, there is no fix in curl.  I tried curl from RHEL-6, F-15, F-16, and rawhide.  All of them were broken when running on top of nss-3.13, but I have not had enough time to look further what exactly changed in nss.

Comment 5 Elio Maldonado Batiz 2011-12-27 00:37:06 UTC
A big change in nss 3.13 is that the default value of SSL_ENABLE_SSL2 changed to FALSE. See https://bugzilla.mozilla.org/show_bug.cgi?id=593080
Could that have any bearing on this slowdown?

Comment 6 Kamil Dudka 2011-12-27 13:50:31 UTC
Frank, please try this prior to running yum update:

export NSS_SSL_CBC_RANDOM_IV=0

Does it make any difference?

Comment 7 Frank Murphy 2011-12-27 14:03:02 UTC
Will test in morning on after bootup.

Comment 8 Frank Murphy 2011-12-28 06:27:35 UTC
(In reply to comment #6)
> Frank, please try this prior to running yum update:
> 
> export NSS_SSL_CBC_RANDOM_IV=0
> 
> Does it make any difference?

It appears to work,
have been able to:
sealert > bugzilla successfully.
No (28,0) on yum update
No snacks required for logging into gmail.

Appreciate the extra mile.

Comment 9 Elio Maldonado Batiz 2012-01-07 17:34:01 UTC
See the discussion in https://bugzilla.redhat.com/show_bug.cgi?id=770682

Comment 10 Fedora Update System 2012-01-07 17:46:19 UTC
nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/FEDORA-2012-0004/nss-3.13.1-10.fc16,nss-softokn-3.13.1-15.fc16

Comment 11 Fedora Update System 2012-01-07 23:07:50 UTC
Package nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nss-softokn-3.13.1-15.fc16 nss-3.13.1-10.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-0004/nss-3.13.1-10.fc16,nss-softokn-3.13.1-15.fc16
then log in and leave karma (feedback).

Comment 12 Fedora Update System 2012-01-11 06:18:41 UTC
nss-softokn-3.13.1-15.fc16, nss-3.13.1-10.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.