On Fri, 2017-01-20 at 18:40 +0200, Alexander Bokovoy wrote: > > FreeIPA is broken when trying to install with nss 3.28.1. We reliably > reproduce this issue with > https://bodhi.fedoraproject.org/updates/FEDORA-2017-e42b513012 > > It seems that new nss also breaks 389-ds LDAP server's selection of > available ciphers. As result, ldapsearch does not work against the > 389-ds LDAP server configured as part of FreeIPA deployment. > > > However, if ANY of the above build cannot be completed soon, or, if ANY of > > the > > updates cannot move to the stable Fedora updates, it can block users from > > upgrading to the Firefox 51 update on Jan 24. > > > > Is that acceptable? > > I think failing server applications is unacceptable. Alexander, the test of NSS 3.28.1 in Fedora has uncovered multiple issues, and the issue with FreeIPA is a different issue than the one I had explained in this thread. We'll prevent the FreeIPA issue, by disabling the experimental TLS 1.3 support at compile time in the Fedora NSS build, until the FreeIPA team is able to adjust their code to be compatible with TLS 1.3 support being enabled in NSS. Thanks Kai _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
