2017-12-15 21:54 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0009050CentOS-6nsspublic2015-07-27 16:41
Reporterskupsy 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionno change required 
Product Version6.6 
Target VersionFixed in Version 
Summary0009050: Recent upgrade of NSS disrupts Thunderbird functionality
DescriptionAfter NSS (and util/tools) update to nss 3.19 (package nss.x86_64 0:3.19.1-3.el6_6)
Thunderbird became unable to connect to an SMTP server using STARTTLS.
Reverting to nss 3.18 (package nss.x86_64 0:3.18.0-5.3.el6_6) solved the problem.

I suspect some kind of interaction w openssl; several applications exibit strange behaviors (strongswan, sshd, apache, ecc.) and fail secure connections

Back to Thunderbird issue, on server side (sendmail) I get the message:
STARTTLS=server: 17951:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:s3_pkt.c:1472:SSL alert number 47
(and obviously the server config is ok and works fine with older nss on the client)
Steps To Reproduceyum update nss nss-util nss-tools nss-sysinit
(now Thunderbird cannot send messages using SMTP STARTTLS)

to revert:
yum downgrade nss nss-util nss-tools nss-sysinit
(now all is ok again)

TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0023609

skupsy (reporter)

> several applications exibit strange behaviors (strongswan, sshd, apache, ecc.) and fail secure connections

my mistake, these issues are not related to the nss problem, the rest stands.

This morning I successfully replicated the problem on a plain-vanilla CentOS6.6 installation; nss downgrade solves the issue.

~0023679

skupsy (reporter)

the recent upgrade of Thunderbird to 31.8.0-1 doesn't solve the issue

~0023690

skupsy (reporter)

It came out it wasn't a bug: the new NSS library blocks connections to servers w insecure or weak ciphers (in my case DH).
Switching to a more updated mail server solves the issue.
+Notes

-Issue History
Date Modified Username Field Change
2015-07-11 02:11 skupsy New Issue
2015-07-11 10:57 skupsy Note Added: 0023609
2015-07-21 12:00 skupsy Note Added: 0023679
2015-07-22 14:48 skupsy Note Added: 0023690
2015-07-27 16:41 JohnnyHughes Status new => resolved
2015-07-27 16:41 JohnnyHughes Resolution open => no change required
+Issue History