TLSMC: MozNSS compatibility interception begins message

Alan DeKok aland at deployingradius.com
Wed May 23 13:36:47 CEST 2018


On May 23, 2018, at 7:00 AM, Chris Howley <C.P.Howley at leeds.ac.uk> wrote:
> We upgraded our test RADIUS server to use CentOS Linux release 7.5.1804 (Core) this morning and noticed the following messages in the /var/log/message file:
> 
> May 23 09:04:05 XXXXXX systemd: Starting FreeRADIUS high performance RADIUS server....
> May 23 09:04:05 XXXXXX radiusd: TLSMC: MozNSS compatibility interception begins.
> May 23 09:04:05 XXXXXX radiusd: tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present.
> May 23 09:04:05 XXXXXX radiusd: tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only.
> May 23 09:04:05 XXXXXX radiusd: TLSMC: MozNSS compatibility interception ends.
> 
> We're using FR 3.0.15. The current version of OpenSSL package is 1.0.2k-12. (previous version 1.0.2k-8).   Please, could someone provide
> an explanation of these messages.

  RedHat (in their infinite wisdom) decided to switch to using NSS instead of OpenSSL.  So... they converted many system libraries to use NSS.  Without converting all of the applications, like FreeRADIUS.

  The result is a horrible mishmash of conflicting libraries which causes messages like this, or even outright crashes.

  They've switched back to OpenSSL in newer releases.

  There is literally *nothing* you can do to FreeRADIUS to fix this.  You *must* use better libraries. 

  Alan DeKok.




More information about the Freeradius-Users mailing list