0009050: Recent upgrade of NSS disrupts Thunderbird functionality

ID	Project	Category	View Status	Date Submitted	Last Update

0009050	CentOS-6	nss	public	2015-07-11 02:11	2015-07-27 16:41

Reporter	skupsy
Priority	normal	Severity	major	Reproducibility	always
Status	resolved	Resolution	no change required
Product Version	6.6
Target Version		Fixed in Version

Summary	0009050: Recent upgrade of NSS disrupts Thunderbird functionality
Description	After NSS (and util/tools) update to nss 3.19 (package nss.x86_64 0:3.19.1-3.el6_6) Thunderbird became unable to connect to an SMTP server using STARTTLS. Reverting to nss 3.18 (package nss.x86_64 0:3.18.0-5.3.el6_6) solved the problem. I suspect some kind of interaction w openssl; several applications exibit strange behaviors (strongswan, sshd, apache, ecc.) and fail secure connections Back to Thunderbird issue, on server side (sendmail) I get the message: STARTTLS=server: 17951:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:s3_pkt.c:1472:SSL alert number 47 (and obviously the server config is ok and works fine with older nss on the client)
Steps To Reproduce	yum update nss nss-util nss-tools nss-sysinit (now Thunderbird cannot send messages using SMTP STARTTLS) to revert: yum downgrade nss nss-util nss-tools nss-sysinit (now all is ok again)
Tags	No tags attached.

skupsy 2015-07-11 10:57 reporter ~0023609	> several applications exibit strange behaviors (strongswan, sshd, apache, ecc.) and fail secure connections my mistake, these issues are not related to the nss problem, the rest stands. This morning I successfully replicated the problem on a plain-vanilla CentOS6.6 installation; nss downgrade solves the issue.

skupsy 2015-07-21 12:00 reporter ~0023679	the recent upgrade of Thunderbird to 31.8.0-1 doesn't solve the issue

skupsy 2015-07-22 14:48 reporter ~0023690	It came out it wasn't a bug: the new NSS library blocks connections to servers w insecure or weak ciphers (in my case DH). Switching to a more updated mail server solves the issue.

Date Modified	Username	Field	Change
2015-07-11 02:11	skupsy	New Issue
2015-07-11 10:57	skupsy	Note Added: 0023609
2015-07-21 12:00	skupsy	Note Added: 0023679
2015-07-22 14:48	skupsy	Note Added: 0023690
2015-07-27 16:41	JohnnyHughes	Status	new => resolved
2015-07-27 16:41	JohnnyHughes	Resolution	open => no change required