= phenomenon =
It was recently reported that NSS was not protecting users against [https://en.wikipedia.org/wiki/BEAST_%28computer_security%29#BEAST_attack BEAST] attacks (the fix was backed out). This is affecting every user of Fedora using SSL and TLSv1.0 in any connection that uses NSS.
= reason =
The reason provided in the [https://bugzilla.redhat.com/show_bug.cgi?id=1005611 ticket] was that it broke some programs (pidgin-sipe was the one example provided) when the fix was inserted.
= recommendation =
It is recommended that the fix be reapplied to NSS in all versions of Fedora and that any program that breaks be patched to roll back the fix as per the [https://bugzilla.redhat.com/show_bug.cgi?id=1005611#c5 instructions provided in the ticket].
AGREED: close ticket now that nss is rebuilt. Follow up with other related items on list.
to comment on this ticket.
Copyright © 2014-2017 Red Hat
3.7.1 — Documentation