libapache2-mod-nss - NSS-based SSL module for Apache2

Distribution: Debian 8 (Jessie)
Repository: Debian Main amd64
Package name: libapache2-mod-nss
Package version: 1.0.10
Package release: 3
Package architecture: amd64
Package type: deb
Installed size: 330 B
Download size: 80.48 KB
Official Mirror:
This Apache module provides strong cryptography for the Apache 2.0 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the SSL/TLS implementation library NSS This module is based heavily on the mod_ssl package. In fact, it's more a conversion than anything else.



    Source package: libapache2-mod-nss

    Install Howto

    1. Update the package index:
      # sudo apt-get update
    2. Install libapache2-mod-nss deb package:
      # sudo apt-get install libapache2-mod-nss


    • /etc/apache2/mods-available/nss.conf
    • /etc/apache2/mods-available/nss.load
    • /etc/apache2/nssdb/
    • /usr/lib/apache2/modules/
    • /usr/lib/libapache2-mod-nss/nss_pcache
    • /usr/sbin/nss_pcache
    • /usr/share/doc/libapache2-mod-nss/README.gz
    • /usr/share/doc/libapache2-mod-nss/changelog.Debian.gz
    • /usr/share/doc/libapache2-mod-nss/changelog.gz
    • /usr/share/doc/libapache2-mod-nss/copyright
    • /usr/share/doc/libapache2-mod-nss/mod_nss.html
    • /usr/share/libapache2-mod-nss/gencert
    • /usr/share/man/man8/gencert.8.gz
    • /usr/share/man/man8/nss_pcache.8.gz


    2015-03-12 - Timo Aaltonen <> libapache2-mod-nss (1.0.10-3) unstable; urgency=medium * postrm: Clean up the right files. (Closes: #770536) * README.Debian: Removed, it was obsolete and contained misinformation.

    2014-10-28 - Timo Aaltonen <> libapache2-mod-nss (1.0.10-2) unstable; urgency=medium * rules: Don't enable the module by default.

    2014-10-21 - Timo Aaltonen <> libapache2-mod-nss (1.0.10-1) unstable; urgency=medium * mod_nss-conf.patch: Fix IfModule header so it'll actually load when the module is enabled. * gencert: Revert back to default legacy db's. * Update project homepage and watch file to match.

    2014-10-10 - Timo Aaltonen <> libapache2-mod-nss (1.0.9-1) unstable; urgency=medium * New upstream release - removed a bunch of patches merged upstream - updated the remaining patches * mod_nss-conf.patch: Updated paths, use /etc/apache2/nssdb. * dirs: Create /etc/apache2/nssdb instead. * control: Use canonical vcs urls. * compat, control: Bump dh to 9. * debian/nss.conf: Removed, use the patched upstream conf instead. * control, rules: Use dh and dh-autoreconf. * install, links: Install nss_pcache in /usr/lib/libapache2-mod-nss, add a convenience symlink to /usr/sbin. * rules: Added a gentarball target. * gencert: Create sqlite-based db's. * rules: Disable tests, too many fedoraisms. * manpages: Install manpages for nss_pcache and gencert. * rules: Add a symlink to to the nssdb. * postinst, postrm: Create the nssdb on postinst, clear on postrm.

    2014-02-03 - Timo Aaltonen <> libapache2-mod-nss (1.0.8-4) unstable; urgency=medium * mod_nss-clientauth.patch: - Fix CVE-2011-4973: FakeBasicAuth authentication bypass. (Closes: #729626) * mod_nss-nssverifyclient.patch: - Fix CVE-2013-4566: incorrect handling of NSSVerifyClient in directory context. (Closes: #731627) * control: Bump policy to 3.9.5, no changes.

    2013-07-09 - Timo Aaltonen <> libapache2-mod-nss (1.0.8-3) unstable; urgency=low * watch: Add a comment about the upstream git tree. * mod_nss-overlapping_memcpy.patch: Patch from Fedora to use memmove instead of memcpy. (LP: #1093974) * mod_nss-httpd24.patch: Port to Apache 2.4. (Closes: #707064) * control, rules, libapache2-mod-nss.apache2: Port to apache2-dev. * control: Bump policy to 3.9.4, no changes.

    2012-06-28 - Timo Aaltonen <> libapache2-mod-nss (1.0.8-2) unstable; urgency=low * Add patches from Fedora: - mod_nss-conf.patch: Change some default config values (modified for Debian) - mod_nss-gencert.patch: Don't create a default password. - mod_nss-negotiate.patch: Add configuration options for new NSS negotiation API. - mod_nss-reverseproxy.patch: Use remote hostname set by mod_proxy to compare to CN in peer cert. - mod_nss-pcachesignal.patch: Ignore SIGHUP in nss_pcache. - mod_nss-wouldblock.patch: Fix an NSPR layer bug. - mod_nss-reseterror.patch: Reset NSPR error before calling PR_Read(). - mod_nss-lockpcache.patch: Lock around the pipe to nss_pcache for retrieving the token PIN. * Add flex to build-depends (FTBFS). * control: Add a VCS header to point to the git repository. * copyright: Use DEP5 format. * control: Bump standards version to 3.9.3, no changes. * watch: Fix the url.

    2010-10-17 - Michele Baldessari <> libapache2-mod-nss (1.0.8-1) unstable; urgency=low * New upstream * Patch for softokn3 is not needed anymore * Add doc/mod_nss.html * Enable Elliptic Curve Cryptography * Fix build * Add ${misc:Depends} * Spelling fixes * Bumped policy to 3.8.3 * Switch to dpkg-source 3.0 (quilt) format * Bumped policy to 3.8.4 * Removed README.source * Added pkg-config, libtool & automake to B-D * Changed my email address * Fix compilation issues (QUILT_STAMPFN)