[CentOS] NSS update issues.

Wed Dec 10 15:14:56 UTC 2014
Johnny Hughes <johnny at centos.org>

On 12/09/2014 03:30 PM, Lamar Owen wrote:
> Ran into a bit of a sticky wicket today.  And for reasons that should be
> obvious it was a bit difficult to google for a solution, so I backed out
> the upgrade.  So I'm hoping someone here has seen and fixed this already.
> 
> System: CentOS 7, fully updated.  After the nss updates in the past day
> or so, visiting https://www.google.com with Firefox results in the
> following error screen:
> Secure Connection Failed
> 
> An error occurred during a connection to www.google.com. The server
> rejected the handshake because the client downgraded to a lower TLS
> version than the server supports. (Error code:
> ssl_error_inappropriate_fallback_alert)
> 
>     The page you are trying to view cannot be shown because the
> authenticity of the received data could not be verified.
>     Please contact the website owners to inform them of this problem.
> Alternatively, use the command found in the help menu to report this
> broken site.
> 
> Ok, so how do I fix this (other than 'yum downgrade nss firefox
> nss-sysinit nss-devel nss-tools' which does 'fix' the issue)?

Can someone verify this is also an issue on RHEL-7 ... looks like
something that needs to be fixed if only older TLS versions are supported.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20141210/5b908a94/attachment-0005.sig>