From http://rhn.redhat.com/errata/RHBA-2012-0337.html Previously, due to a bug in the FreeBL library, Openswan could generate a Key Exchange payload that was one byte shorter than what was required by the Diffie Hellman (DH) protocol. As a consequence, Openswan dropped connections during such payloads. With this update, the size of the payload is set to zero by default, and the Softoken module is queried for the size. Connections are no longer dropped by Openswan in the described scenario.
This was fixed with a patch that has seen been applied upstream and we have updated nss past that version. I'm closing this bug.