Red Hat Bugzilla – Bug 800676
Need nss workaround for freebl bug that causes openswan to drop connections
Last modified: 2013-03-11 19:03:27 EDT
Previously, due to a bug in the FreeBL library, Openswan could generate a Key
Exchange payload that was one byte shorter than what was required by the Diffie
Hellman (DH) protocol. As a consequence, Openswan dropped connections during
such payloads. With this update, the size of the payload is set to zero by
default, and the Softoken module is queried for the size. Connections are no
longer dropped by Openswan in the described scenario.
This was fixed with a patch that has seen been applied upstream and we have updated nss past that version. I'm closing this bug.