NSS updated on Rawhide to NSS_3_13_RC0 (CVE-2011-3389)

Elio Maldonado emaldona at redhat.com
Mon Oct 10 16:42:34 UTC 2011

Updated NSS in Rawhide to the upstream's NSS_3_13_RC0 and with it NSPR to NSPR_4.9_BETA3. 

The bug fixes in NSPR 4.9 BETA3 and NSS 3.18 RC0 can be found by these Bugzilla queries: 

For nspr: 

and for nss: 

Of particular importance is the fix for (CVE-2011-3389) 
Rizzo/Duong chosen plaintext attack (BEAST) on SSL/TLS 1.0 (facilitated by websockets -76) 

To quote from the ssl patch itself: 
For SSL 3.0 and TLS 1.0, by default we prevent chosen plaintext attacks 
on SSL CBC mode cipher suites (see RFC 4346 Section F.3) by splitting 
non-empty application_data records into two records; the first record has 
only the first byte of plaintext, and the second has the rest. 

This only prevents the attack in the sending direction; the connection may 
still be vulnerable to such attacks if the peer does not implement a similar 

This protection mechanism is on by default; the default can be overridden by 
setting NSS_SSL_CBC_RANDOM_IV=0 in the environment prior to execution, 
and/or by the application setting the option SSL_CBC_RANDOM_IV to PR_FALSE. 

The per-record IV in TLS 1.1 and later adds one block of overhead per 
record, whereas this hack will add at least two blocks of overhead per 
record, so TLS 1.1+ will always be more efficient. 

Other implementations (e.g. some versions of OpenSSL, in some 
configurations) prevent the same attack by prepending an empty 
application_data record to every application_data record they send; we do 
not do that because some implementations cannot handle empty 
application_data records. Also, we only split application_data records and 
not other types of records, because some implementations will not accept 
fragmented records of some other types (e.g. some versions of NSS do not 
accept fragmented alerts). 

The NSS team would greatly appreciate any feedback, specially regarding 
compatiblity issues with various sites. 

Thank you, 

Elio Maldonado 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/devel/attachments/20111010/39edba74/attachment.html 

More information about the devel mailing list