-
Bug
-
Resolution: Unresolved
-
Major
-
CentOS Stream 10, rhel-10.0.beta, rhel-10.0
-
None
-
None
-
1
-
rhel-sst-security-crypto
-
ssg_security
-
25
-
26
-
3
-
False
-
-
Yes
-
Red Hat Enterprise Linux
-
Crypto24Q3
-
Bug Fix
-
-
Done
-
None
What were you trying to do that didn't work?
RHEL-9 NSS recognizes the TLS-REQUIRE-EMS keyword. Fedora and c10s NSS does not.
Please provide the package NVR for which bug is seen:
nss-3.97.0-1.el10.x86_64
How reproducible: reliably
Steps to reproduce
- check that the patch is missing, or
- check that strings /usr/lib64/libnss3.so | grep EMS
- establish a TLS 1.2 connection without EMS FIPS mode
Expected results
patch is present, keyword is recognized, EMS is enforced in FIPS mode once the keyword is specified in the config file
Actual results
patch is not present, keyword is not recognized, EMS is not enforced in FIPS mode
- is depended on by
-
RHEL-36300 c10s crypto-policies needs to start controlling TLS-REQUIRE-EMS NSS keyword
- Release Pending
- links to
-
RHBA-2024:136536 nss bug fix and enhancement update