After upgrading NSS to 3.27.1 Thunderbird is not able to connect to Guam anymore. It fails with "SSL_ERROR_INSUFFICIENT_SECURITY_ALERT" and Guam logs "SSL: hello: tls_handshake.erl:170:Fatal error: insufficient security". Downgrading NSS to 3.26 let's Thunderbird speak to Guam again. Guam version: guam-0.8.3-1.2.el7.kolab_16.x86_64
- Ticket Type
This issue has escalated to another ticket known as Bifrost#T10720 for enterprise-level support.
It seems to impact all consumers of NSS 3.27, 3.27.0 (some packaged versions of 3.27 are represented as 3.27.0), as well as 3.27.1.
It seems to be caused by a neglect of downstream packagers to include all of as many as two flags that seem to have confused upstream as well, which is understandable.
I cannot reproduce the issue when I resolve the confusion unambiguously, indicating the root cause is with your favorite distribution's vendor or support group.
At your vendor or Contributors Anonymous support group, please ask the maintainers of NSS ever so kindly, to void the ambiguity around setting environment variables NSS_DISABLE_TLS_1_3=1 and NSS_ENABLE_TLS_1_3=0. Please point them upstream for a clarification about the ambiguity, most notably release notes they should have already read and as well as one particular comment in the ticket referred to.
That said, this issue is not an issue for the Kolab product, but rather an upstream as well as distributor problem.