Comment 30 for bug 1006776

(In reply to Andrew John Hughes from comment #16)
> I think https://bugzilla.redhat.com/show_bug.cgi?id=1022950 is related, if
> not the same issue.
>
> This is the difference on Jesus' machine when the PKCS11 NSS provider is
> enabled and when it isn't:
>
>[snip]
>
> So, with it enabled, the SSL connection is trying to use
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 and failing because NSS doesn't
> actually support it.
>
> I didn't get the ECC algorithms on my local RHEL machine (latest 6.4). Has
> there been a change in NSS?

yes, NSS in 6.5 introduced support for TLSv1.2 and ECC.
But the support is not complete.

In case of TLSv1.2 two features are not supported:
 * GCM
 * SHA384 as MAC
In case of ECC, only three curves are supported: nistp256, nistp384, nistp521.

so TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 won't work