On pe, 20 tammi 2017, Kai Engert wrote:
On Fri, 2017-01-20 at 18:40 +0200, Alexander Bokovoy wrote:
FreeIPA is broken when trying to install with nss 3.28.1. We reliably
reproduce this issue with
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e42b513012
It seems that new nss also breaks 389-ds LDAP server's selection of
available ciphers. As result, ldapsearch does not work against the
389-ds LDAP server configured as part of FreeIPA deployment.
> However, if ANY of the above build cannot be completed soon, or, if ANY of
> the
> updates cannot move to the stable Fedora updates, it can block users from
> upgrading to the Firefox 51 update on Jan 24.
>
> Is that acceptable?
I think failing server applications is unacceptable.
Alexander,
the test of NSS 3.28.1 in Fedora has uncovered multiple issues, and the issue
with FreeIPA is a different issue than the one I had explained in this thread.
We'll prevent the FreeIPA issue, by disabling the experimental TLS 1.3 support
at compile time in the Fedora NSS build, until the FreeIPA team is able to
adjust their code to be compatible with TLS 1.3 support being enabled in NSS.
Thanks, Kai.
--
/ Alexander Bokovoy
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
