1.146.  mod_nss

An enhanced mod_nss package is now available.

mod_nss provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library.

This update back-ports the PassphraseDialog "defer" configuration option in NSS. When this parameter is set to "defer", only those tokens listed in the file are authenticated at startup. With the "builtin" and "file" options for the PassphraseDialog parameter, all tokens are authenticated, even if the token password is not defined. That can cause an authentication failure which prevents the Apache server from starting.

An update mod_nss package that fixes a bug in proxy handling is now available.

mod_nss provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library.

This update addresses a proxy handling bug in mod_nss. mod_nss was not handling blocked reads properly. Rather than attempting the read again, it failed with an "End of File" message. When used with mod_proxy in a reverse proxy configuration, this would sometimes result in returning only part of the remote content. (Bugzilla #484380)

mod_proxy has a single API for SSL handling, and mod_nss doesn't register to handle SSL proxy requests if mod_ssl is loaded. In order for mod_nss to work with mod_proxy, mod_ssl must be removed or disabled. It can be disabled in one of two ways:

Apache users requiring SSL and TLS cryptography are advised to install this updated package.