Bug 800676 - Need nss workaround for freebl bug that causes openswan to drop connections
Summary: Need nss workaround for freebl bug that causes openswan to drop connections
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: nss
Version: rawhide
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Elio Maldonado Batiz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 783315 855809
Blocks: 768162 786436
TreeView+ depends on / blocked
 
Reported: 2012-03-06 22:15 UTC by Elio Maldonado Batiz
Modified: 2018-12-01 16:32 UTC (History)
9 users (show)

Fixed In Version: nss-3.13.3-2.fc18
Clone Of: 783315
Environment:
Last Closed: 2013-03-11 23:03:27 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Mozilla Foundation 723740 0 None None None 2012-09-10 22:57:04 UTC
Mozilla Foundation 734441 0 None None None Never

Comment 1 Elio Maldonado Batiz 2012-03-25 19:52:18 UTC
From http://rhn.redhat.com/errata/RHBA-2012-0337.html

Previously, due to a bug in the FreeBL library, Openswan could generate a Key
Exchange payload that was one byte shorter than what was required by the Diffie
Hellman (DH) protocol. As a consequence, Openswan dropped connections during
such payloads. With this update, the size of the payload is set to zero by
default, and the Softoken module is queried for the size. Connections are no
longer dropped by Openswan in the described scenario.

Comment 2 Elio Maldonado Batiz 2013-03-11 23:03:27 UTC
This was fixed with a patch that has seen been applied upstream and we have updated nss past that version. I'm closing this bug.


Note You need to log in before you can comment on or make changes to this bug.