On Wed, 2021-06-16 at 11:55 -0600, Kevin Locke wrote: > Setting a breakpoint on SSL_GetChannelInfo revealed that it is called by > PreliminaryHandshakeDone with len = 128 by 78.10.0 and len = 136 by > 78.11.0, which causes `len > sizeof inf` to fail and return SECFailure > (because `sizeof inf` is 128). > > It appears that SSLChannelInfo added pskType in NSS 3.54, echAccepted > in NSS 3.60, and isFIPS in NSS 3.66. Perhaps there is a version > mismatch?
After a bit more testing, I realized thunderbird 1:78.10.2-1 was built with libnss3-dev 2:3.63-1 and thunderbird 1:78.11.0-1 was built with libnss3-dev 2:3.66-1. I am only able to reproduce the issue with libnss3 2:3.61-1, not libnss3 2:3.67-1 from unstable. Cheers, Kevin https://buildd.debian.org/status/fetch.php?pkg=thunderbird&arch=amd64&ver=1%3A78.11.0-1&stamp=1622744401&raw=0 https://buildd.debian.org/status/fetch.php?pkg=thunderbird&arch=amd64&ver=1%3A78.10.2-1&stamp=1621535757&raw=0