800676 – Need nss workaround for freebl bug that causes openswan to drop connections

Bug 800676 - Need nss workaround for freebl bug that causes openswan to drop connections

Summary: Need nss workaround for freebl bug that causes openswan to drop connections

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nss
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Elio Maldonado Batiz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	783315 855809
Blocks:	768162 786436
TreeView+	depends on / blocked

Reported:	2012-03-06 22:15 UTC by Elio Maldonado Batiz
Modified:	2018-12-01 16:32 UTC (History)
CC List:	9 users (show)
Fixed In Version:	nss-3.13.3-2.fc18
Clone Of:	783315
Environment:
Last Closed:	2013-03-11 23:03:27 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Mozilla Foundation	723740	0	None	None	None	2012-09-10 22:57:04 UTC
Mozilla Foundation	734441	0	None	None	None	Never

Comment 1 Elio Maldonado Batiz 2012-03-25 19:52:18 UTC

From http://rhn.redhat.com/errata/RHBA-2012-0337.html

Previously, due to a bug in the FreeBL library, Openswan could generate a Key
Exchange payload that was one byte shorter than what was required by the Diffie
Hellman (DH) protocol. As a consequence, Openswan dropped connections during
such payloads. With this update, the size of the payload is set to zero by
default, and the Softoken module is queried for the size. Connections are no
longer dropped by Openswan in the described scenario.

Comment 2 Elio Maldonado Batiz 2013-03-11 23:03:27 UTC

This was fixed with a patch that has seen been applied upstream and we have updated nss past that version. I'm closing this bug.

Note You need to log in before you can comment on or make changes to this bug.