Closed Bug 734441 Opened 12 years ago Closed 12 years ago

Freebl bug causes openswan to drop connections

Categories

(NSS :: Libraries, defect)

3.12.9
x86_64
Linux
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 723740

People

(Reporter: elio.maldonado.batiz, Assigned: rrelyea)

References

Details

Attachments

(1 file)

Previously, due to a bug in the freebl library, Openswan could generate a Key
Exchange payload that was one byte shorter than what was required by the Diffie
Hellman (DH) protocol. As a consequence, Openswan dropped connections during
such payloads. With this update, the size of the payload is set to zero by
default, and the Softoken module is queried for the size. Connections are no
longer dropped by Openswan in the described scenario.

The problem reported was addressed with a work around in nss so as not to touch freebl which is inside the crypto boundary and is currently under a minor FIPS 140 revalidation. A proper fix should be implemented in freebl itself.
Attachment #604470 - Attachment description: The cuurent temporay workaround → current workaround
Assignee: nobody → rrelyea
The underlying bug is fixed in softoken on the tip now see Bug 723740
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: