[Openswan Users] nss DH woes

Richard Pickett richard.pickett at csrtechnologies.com
Sat Jul 30 21:41:33 EDT 2011

> I found my problem. It was a misconfiguration.****
> ** **
> There still is a bug here: openswan fails very ungracefully in this
> situation, and the error messages give no hint as to what actually is wrong.
> ****
> ** **
> My nsspassword file was wrong. It should contain ONLY the password. I had a
> prefix in it, as follows:****
> ** **

I was using nss w/ out a password (allowed according to the docs). I'll try
it with a password right now.

In light of Kevin's finding, someone should update README.nss as it contains

Important thing to note:
i) You only need the "nsspassword" file if you run pluto in FIPS. In other
if you run pluto in normal or NonFIPS mode, then you can create the NSS
database without password, and you need not create a "nsspassword" file.
However, if the NSS db is created with a password, the "nsspassword" file
also be provided.

ii) An example of nsspassword file is as follows:


For example, the name of NSS softtoken (or NSS database) is
"NSS Certificate DB" in NonFIPS mode, and assume that its password is xyz.
So an entry for this in nsspassword file can be:

NSS Certificate DB:xyz

Please note that if FIPS mode is set, then the name of NSS softtoken is
"NSS FIPS 140-2 Certificate DB". If there are smartcards in the system,
entries for passwords should also be entered in this file. Please note,
there should not be any blank space before the token name, before and after
colon and after the password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110730/991dd5b3/attachment.html 

More information about the Users mailing list