View Issue Details

IDProjectCategoryView StatusLast Update
0009050CentOS-6nsspublic2015-07-27 16:41
Reporterskupsy 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionno change required 
Product Version6.6 
Target VersionFixed in Version 
Summary0009050: Recent upgrade of NSS disrupts Thunderbird functionality
DescriptionAfter NSS (and util/tools) update to nss 3.19 (package nss.x86_64 0:3.19.1-3.el6_6)
Thunderbird became unable to connect to an SMTP server using STARTTLS.
Reverting to nss 3.18 (package nss.x86_64 0:3.18.0-5.3.el6_6) solved the problem.

I suspect some kind of interaction w openssl; several applications exibit strange behaviors (strongswan, sshd, apache, ecc.) and fail secure connections

Back to Thunderbird issue, on server side (sendmail) I get the message:
STARTTLS=server: 17951:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:s3_pkt.c:1472:SSL alert number 47
(and obviously the server config is ok and works fine with older nss on the client)
Steps To Reproduceyum update nss nss-util nss-tools nss-sysinit
(now Thunderbird cannot send messages using SMTP STARTTLS)

to revert:
yum downgrade nss nss-util nss-tools nss-sysinit
(now all is ok again)

TagsNo tags attached.

Activities

skupsy

skupsy

2015-07-11 10:57

reporter   ~0023609

> several applications exibit strange behaviors (strongswan, sshd, apache, ecc.) and fail secure connections

my mistake, these issues are not related to the nss problem, the rest stands.

This morning I successfully replicated the problem on a plain-vanilla CentOS6.6 installation; nss downgrade solves the issue.
skupsy

skupsy

2015-07-21 12:00

reporter   ~0023679

the recent upgrade of Thunderbird to 31.8.0-1 doesn't solve the issue
skupsy

skupsy

2015-07-22 14:48

reporter   ~0023690

It came out it wasn't a bug: the new NSS library blocks connections to servers w insecure or weak ciphers (in my case DH).
Switching to a more updated mail server solves the issue.

Issue History

Date Modified Username Field Change
2015-07-11 02:11 skupsy New Issue
2015-07-11 10:57 skupsy Note Added: 0023609
2015-07-21 12:00 skupsy Note Added: 0023679
2015-07-22 14:48 skupsy Note Added: 0023690
2015-07-27 16:41 JohnnyHughes Status new => resolved
2015-07-27 16:41 JohnnyHughes Resolution open => no change required