Bug 800676 - Need nss workaround for freebl bug that causes openswan to drop connections
Need nss workaround for freebl bug that causes openswan to drop connections
Product: Fedora
Classification: Fedora
Component: nss (Show other bugs)
Unspecified Unspecified
high Severity high
: ---
: ---
Assigned To: Elio Maldonado Batiz
Fedora Extras Quality Assurance
: Patch
Depends On: 783315 855809
Blocks: 768162 786436
  Show dependency treegraph
Reported: 2012-03-06 17:15 EST by Elio Maldonado Batiz
Modified: 2013-03-11 19:03 EDT (History)
9 users (show)

See Also:
Fixed In Version: nss-3.13.3-2.fc18
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 783315
Last Closed: 2013-03-11 19:03:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 723740 None None None 2012-09-10 18:57:04 EDT
Mozilla Foundation 734441 None None None Never

  None (edit)
Comment 1 Elio Maldonado Batiz 2012-03-25 15:52:18 EDT
From http://rhn.redhat.com/errata/RHBA-2012-0337.html

Previously, due to a bug in the FreeBL library, Openswan could generate a Key
Exchange payload that was one byte shorter than what was required by the Diffie
Hellman (DH) protocol. As a consequence, Openswan dropped connections during
such payloads. With this update, the size of the payload is set to zero by
default, and the Softoken module is queried for the size. Connections are no
longer dropped by Openswan in the described scenario.
Comment 2 Elio Maldonado Batiz 2013-03-11 19:03:27 EDT
This was fixed with a patch that has seen been applied upstream and we have updated nss past that version. I'm closing this bug.

Note You need to log in before you can comment on or make changes to this bug.