An updated mod_nss package that fixes several bugs is now available for Red Hat Enterprise Linux 6.
The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library.
PK11_ListCerts was called for every server instead of only once. If there were more than a few hundred certificates in the database, the PK11_ListCerts call could take several seconds or even minutes.
ECC is now enabled by default for mod_nss.
- BZ#797326 and BZ#797358
The fix for BZ#691502
, related to clearing the SSL cache when mod_nss started, introduced a file descriptor leak in the httpd Apache daemon. This has been fixed.
Users of mod_nss are advised to upgrade to this updated package, which fixes these bugs.