SUSE-RU-2014:1083-1: moderate: Recommended update for apache2-mod_nss

sle-updates at sle-updates at
Tue Sep 2 14:04:13 MDT 2014

   SUSE Recommended Update: Recommended update for apache2-mod_nss

Announcement ID:    SUSE-RU-2014:1083-1
Rating:             moderate
References:         #863035 #863518 #878681 
Affected Products:
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3

   An update that has three recommended fixes can now be


   This update brings several improvements to apache2-mod_nss.


         More TLS 1.2 ciphers have been added, including AES-GCM and Camelia
   ciphers. These can be selected by their tags:

             o rsa_aes_128_sha256
             o rsa_aes_128_gcm_sha
             o rsa_aes_256_sha256
             o rsa_camellia_128_sha
             o rsa_camellia_256_sha
             o ecdh_ecdsa_aes_128_gcm_sha
             o ecdhe_ecdsa_aes_128_sha256
             o ecdhe_ecdsa_aes_128_gcm_sha
             o ecdh_rsa_aes_128_gcm_sha
             o ecdhe_rsa_aes_128_sha256

         The template was updated to include those ciphers.


         VirtualHost settings in /etc/apache2/conf.d/mod_nss.conf is now
   externalized to /etc/apache2/vhosts.d/vhost-nss.template and not
   activated/read by default. (bnc#878681)


         The Server Name Indication (SNI) extension was implemented.


         Reading the pass phrase during start-up was improved. (bnc#863518)

Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-apache2-mod_nss-9642

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-apache2-mod_nss-9642

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):


   - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):



More information about the sle-updates mailing list