13.11.2014, 0.37, Kevin Fenzi kirjoitti:
The problem is that the fedora project has disabled SSLv3 (after it was
found to be insecure). As part of that, mirrors.fedoraproject.org also
no longer works for clients that can't negotiate better than SSLv3.
CentOS/RHEL 6.6 works fine.
I think 6.5 works fine with all nss* package updates applied.
I don't have any idea about 6.4. Are there pending nss* updates for you?
I believe the problem is not really SSLv3, but that the Fedora Project
uses 4096 bit keys, which the old nss can't handle. I was unable to
locate any other web server that used 4096 bit keys when I was
diagnosing the issue back then, so I was unable to confirm my theory.
CentOS 6.4 without any updates does not work, but works with C6.4's nss
and nspr update. nss-3.14.3-4.el6_4 is the oldest version that works.
CentOS 6.5 and later will of course work as well.
To fix the problem: yum update --disablerepo=epel\*
If your nss is too old to handle Fedora's certificates, it means you
haven't run "yum update" for more than a year and you are missing a
large bunch of important CentOS updates.
_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
