Changelog:
The NSS team has released Network Security Services (NSS) 3.27.1.
This is a patch release to address a TLS compatibility issue
that some applications experienced with NSS 3.27.
Notable Changes:
Availability of the TLS 1.3 (draft) implementation has been re-disabled
in the default build.
Previous versions of NSS made TLS 1.3 (draft) available only when compiled
with NSS_ENABLE_TLS_1_3. NSS 3.27 set this value on by default, allowing
TLS 1.3 (draft) to be disabled using NSS_DISABLE_TLS_1_3, although the
maximum version used by default remained TLS 1.2.
However, some applications query the list of protocol versions that are
supported by the NSS library, and enable all supported TLS protocol versions.
Because NSS 3.27 enabled compilation of TLS 1.3 (draft) by default, it caused
those applications to enable TLS 1.3 (draft). This resulted in connectivity
failures, as some TLS servers are version 1.3 intolerant, and failed to
negotiate an earlier TLS version with NSS 3.27 clients.
fixes build for 32bit when passing USE_64 (which is questionable)...
in pkgsrc we declare all mips64* platforms as 64bit, and use USE_64.
However, netbsd/mips64 is using a 32bit ABI, so it is akin to passing
USE_64=1 for 32bit.
perhaps not declaring it a 64bit platform is correct, but this package
is one of the only few using this logic, and it's unfeasible to have
correct logic for 32bit/64bit.
this package has considerably more logic for USE_64 than for USE_NSS_64,
so to avoid inadvertent damage to other platforms, retain the USE_64=1
logic.
feel free to object to this option in the discussion on tech-pkg.
Changelog:
The NSS team has released Network Security Services (NSS) 3.27,
which is a minor release.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
New functionality:
* Allow custom named group priorities for TLS key exchange handshake
(SSL_NamedGroupConfig).
* Added support for RSA-PSS signatures in TLS 1.2 and TLS 1.3
New Functions:
* SSL_NamedGroupConfig
Notable Changes:
* NPN can not be enabled anymore.
* Hard limits on the maximum number of TLS records encrypted with the same
key are enforced.
* Disabled renegotiation in DTLS.
* The following CA certificates were Removed
- CN = IGC/A, O = PM/SGDN, OU = DCSSI
- CN = Juur-SK, O = AS Sertifitseerimiskeskus
- CN = EBG Elektronik Sertifika Hizmet Sağlayıcısı
- CN = S-TRUST Authentication and Encryption Root CA 2005:PN
- O = VeriSign, Inc., OU = Class 1 Public Primary Certification Authority
- O = VeriSign, Inc., OU = Class 2 Public Primary Certification Authority - G2
- O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority
- O = Equifax, OU = Equifax Secure Certificate Authority
- CN = Equifax Secure eBusiness CA-1
- CN = Equifax Secure Global eBusiness CA-1
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27_release_notes
Changelog:
The NSS team has released Network Security Services (NSS) 3.25, which is a minor
release.
Below is a short summary of the changes.
Please refer to the full release notes for additional details.
New functionality:
* Implemented DHE key agreement for TLS 1.3
* Added support for ChaCha with TLS 1.3
* Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF
* In previous versions, when using client authentication with TLS 1.2,
NSS only supported certificate_verify messages that used the same
signature hash algorithm as used by the PRF.
This limitation has been removed.
* Several functions have been added to the public API of the NSS
Cryptoki Framework.
New Functions:
* NSSCKFWSlot_GetSlotID
* NSSCKFWSession_GetFWSlot
* NSSCKFWInstance_DestroySessionHandle
* NSSCKFWInstance_FindSessionHandle
Notable Changes:
* An SSL socket can no longer be configured to allow both TLS 1.3 and SSL v3
* Regression fix: NSS no longer reports a failure if an application attempts
to disable the SSL v2 protocol.
* The list of trusted CA certificates has been updated to version 2.8
* The following CA certificate was Removed
- CN = Sonera Class1 CA
* The following CA certificates were Added
- CN = Hellenic Academic and Research Institutions RootCA 2015
- CN = Hellenic Academic and Research Institutions ECC RootCA 2015
- CN = Certplus Root CA G1
- CN = Certplus Root CA G2
- CN = OpenTrust Root CA G1
- CN = OpenTrust Root CA G2
- CN = OpenTrust Root CA G3
* Require nspr 4.12 or later, from he@. Thank you.
Changelog:
The NSS team has released Network Security Services (NSS) 3.24, which is
a minor release.
Below is a short summary of the changes.
Please refer to the full release notes for additional details.
New functionality:
* NSS softoken has been updated with the latest NIST guidance (as of 2015)
* NSS softoken has also been updated to allow NSS to run in FIPS level-1
(no password).
* SSL_ConfigServerCert function has been added for configuring SSL/TLS
server sockets with a certificate and private key. This method should be
used in preference to SSL_ConfigSecureServer,
SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and
SSL_SetSignedCertTimestamps.
* Added PORTCheapArena for temporary arenas allocated on the stack.
New Functions:
* SSL_ConfigServerCert - Configures an SSL/TLS socket with a certificate,
private key and other information.
* PORT_InitCheapArena - This initializes an arena that was created on
the stack. See PORTCheapArenaPool.
* PORT_DestroyCheapArena - This destroys an arena that was created on
the stack. See PORTCheapArenaPool.
New Types
* SSLExtraServerCertData - This struct is optionally passed as an argument
to SSL_ConfigServerCert. It contains supplementary information about a
certificate, such as the intended type of the certificate, stapled OCSP
responses, or signed certificate timestamps (used for certificate
transparency).
* PORTCheapArenaPool - A stack-allocated arena pool, to be used for
temporary arena allocations.
New Macros
* CKM_TLS12_MAC
* SEC_OID_TLS_ECDHE_PSK - This OID is used to govern use of the
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite, which is only
used for session resumption in TLS 1.3.
Notable Changes:
* The following functions have been deprecated (applications should use the
new SSL_ConfigServerCert function instead):
* SSL_SetStapledOCSPResponses
* SSL_SetSignedCertTimestamps
* SSL_ConfigSecureServer
* SSL_ConfigSecureServerWithCertChain
* Function NSS_FindCertKEAType is now deprecated, as it reports a misleading
value for certificates that might be used for signing rather than key
exchange.
* SSLAuthType has been updated to define a larger number of authentication
key types.
* The member attribute authAlgorithm of type SSLCipherSuiteInfo has been
deprecated. Instead, applications should use the newly added attribute
authType.
* ssl_auth_rsa has been renamed to ssl_auth_rsa_decrypt.
* On Linux platforms that define FREEBL_LOWHASH, a shared library has been
added: libfreeblpriv3
* Most code related to the SSL v2 has been removed, including the ability to
actively send a SSL v2 compatible client hello.
However, the server side implementation of the SSL/TLS protocol continues to
support processing of received v2 compatible client hello messages.
* NSS supports a mechanism to log SSL/TLS key material to a logfile if the
environment variable named SSLKEYLOGFILE is set. NSS has been changed to
disable this functionality in optimized builds by default. In order to enable
the functionality in optimized builds, the symbol NSS_ALLOW_SSLKEYLOGFILE
must be defined when building NSS.
* NSS has been updated to be protected against the Cachebleed attack.
* Support for DTLS compression has been disabled.
* Support for TLS 1.3 has been improved. This includes support for DTLS 1.3.
Note that TLS 1.3 support is experimental and is not suitable for production
use.
Changelog:
The NSS team has released Network Security Services (NSS) 3.23, which is a minor
release.
The following security-relevant bug has been resolved in NSS 3.23.
Users are encouraged to upgrade immediately.
* Bug 1245528 (CVE-2016-1950):
Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
structures. An attacker could create a specially-crafted certificate which,
when parsed by NSS, would cause a crash or execution of arbitrary code with
the permissions of the user.
New functionality:
* ChaCha20/Poly1305 cipher and TLS cipher suites now supported
(bug 917571, bug 1227905)
* Experimental-only support TLS 1.3 1-RTT mode (draft-11).
This code is not ready for production use.
New Functions:
* SSL_SetDowngradeCheckVersion - Set maximum version for new ServerRandom
anti-downgrade mechanism
Notable Changes:
* The copy of SQLite shipped with NSS has been updated to version 3.10.2
(bug 1234698)
* The list of TLS extensions sent in the TLS handshake has been reordered
to improve compatibility of the Extended Master Secret feature
with servers (bug 1243641)
* The build time environment variable NSS_ENABLE_ZLIB has been renamed
to NSS_SSL_ENABLE_ZLIB (Bug 1243872).
* The build time environment variable NSS_DISABLE_CHACHAPOLY was added,
which can be used to prevent compilation of the ChaCha20/Poly1305 code.
* The following CA certificates were Removed
- Staat der Nederlanden Root CA
- NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
- NetLock Kozjegyzoi (Class A) Tanusitvanykiado
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado
- VeriSign Class 1 Public PCA – G2
- VeriSign Class 3 Public PCA
- VeriSign Class 3 Public PCA – G2
- CA Disig
* The following CA certificates were Added
- SZAFIR ROOT CA2
- Certum Trusted Network CA 2
* The following CA certificate had the Email trust bit turned on
- Actalis Authentication Root CA
The full release notes, including the SHA256 fingerprints of the changed
CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes
Changelog:
The NSS Development Team announces the release of NSS 3.22.3,
which is a patch release for NSS 3.22.
No new functionality is introduced in this release.
The following bugs have been resolved in NSS 3.22.3
* Bug 1243641 - Increase compatibility of TLS extended master secret,
don't send an empty TLS extension last in the handshake
We do include zlib.buildlink3.mk, so make sure we always use that zlib.
Remove manual do-build target and set BUILD_DIRS instead.
Set MAKE_JOBS_SAFE=no. The previous do-build target didn't respect MAKE_JOBS.
Bump PKGREVISON.
Changelog:
The NSS Development Team announces the release of NSS 3.22.1
No new functionality is introduced in this release.
Notable Changes:
* NSS has been changed to use the PR_GetEnvSecure function that
was made available in NSPR 4.12
Changelog:
The NSS team has released Network Security Services (NSS) 3.22,
which is a minor release.
New functionality:
* RSA-PSS signatures are now supported (bug 1215295)
* Pseudorandom functions based on hashes other than SHA-1 are now supported
* Enforce an External Policy on NSS from a config file (bug 1009429)
New Functions:
* PK11_SignWithMechanism - an extended version PK11_Sign()
* PK11_VerifyWithMechanism - an extended version of PK11_Verify()
* SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
TLS extension data
* SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
TLS extension data
New Types:
* ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
* Constants for several object IDs are added to SECOidTag
New Macros:
* SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
* NSS_USE_ALG_IN_SSL
* NSS_USE_POLICY_IN_SSL
* NSS_RSA_MIN_KEY_SIZE
* NSS_DH_MIN_KEY_SIZE
* NSS_DSA_MIN_KEY_SIZE
* NSS_TLS_VERSION_MIN_POLICY
* NSS_TLS_VERSION_MAX_POLICY
* NSS_DTLS_VERSION_MIN_POLICY
* NSS_DTLS_VERSION_MAX_POLICY
* CKP_PKCS5_PBKD2_HMAC_SHA224
* CKP_PKCS5_PBKD2_HMAC_SHA256
* CKP_PKCS5_PBKD2_HMAC_SHA384
* CKP_PKCS5_PBKD2_HMAC_SHA512
* CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)
table Changes:
* NSS C++ tests are built by default, requiring a C++11 compiler.
Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.
The HG tag is NSS_3_22_RTM. NSS 3.22 requires NSPR 4.11 or newer.
* Disable gtest option
Changelog:
The NSS team has released Network Security Services (NSS) 3.21,
which is a minor release.
New functionality:
* certutil now supports a --rename option to change a nickname (bug 1142209)
* TLS extended master secret extension (RFC 7627) is supported (bug 1117022)
* New info functions added for use during mid-handshake callbacks (bug 1084669)
New Functions:
* NSS_OptionSet - sets NSS global options
* NSS_OptionGet - gets the current value of NSS global options
* SECMOD_CreateModuleEx - Create a new SECMODModule structure from module name
string, module parameters string, NSS specific parameters string, and NSS
configuration parameter string. The module represented by the module
structure is not loaded. The difference with SECMOD_CreateModule is the new
function handles NSS configuration parameter strings.
* SSL_GetPreliminaryChannelInfo - obtains information about a TLS channel prior
to the handshake being completed, for use with the callbacks that are invoked
during the handshake
* SSL_SignaturePrefSet - configures the enabled signature and hash algorithms
for TLS
* SSL_SignaturePrefGet - retrieves the currently configured signature and hash
algorithms
* SSL_SignatureMaxCount - obtains the maximum number signature algorithms that
can be configured with SSL_SignaturePrefSet
* NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks it into shared
library string, module name string, module parameters string, NSS specific
parameters string, and NSS configuration parameter strings. The returned
strings must be freed by the caller. The difference with
NSS_ArgParseModuleSpec is the new function handles NSS configuration
parameter strings.
* NSSUTIL_MkModuleSpecEx - take a shared library string, module name string,
module parameters string, NSS specific parameters string, and NSS
configuration parameter string and returns a module string which the caller
must free when it is done. The difference with NSS_MkModuleSpec is the new
function handles NSS configuration parameter strings.
New Types:
* CK_TLS12_MASTER_KEY_DERIVE_PARAMS{_PTR} - parameters {or pointer} for
CKM_TLS12_MASTER_KEY_DERIVE
* CK_TLS12_KEY_MAT_PARAMS{_PTR} - parameters {or pointer} for
CKM_TLS12_KEY_AND_MAC_DERIVE
* CK_TLS_KDF_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_KDF
* CK_TLS_MAC_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_MAC
* SSLHashType - identifies a hash function
* SSLSignatureAndHashAlg - identifies a signature and hash function
* SSLPreliminaryChannelInfo - provides information about the session state
prior to handshake completion
New Macros:
* NSS_RSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
get the minimum RSA key size
* NSS_DH_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
get the minimum DH key size
* NSS_DSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
get the minimum DSA key size
* CKM_TLS12_MASTER_KEY_DERIVE - derives TLS 1.2 master secret
* CKM_TLS12_KEY_AND_MAC_DERIVE - derives TLS 1.2 traffic key and IV
* CKM_TLS12_MASTER_KEY_DERIVE_DH - derives TLS 1.2 master secret for DH (and
ECDH) cipher suites
* CKM_TLS12_KEY_SAFE_DERIVE and CKM_TLS_KDF are identifiers for additional
PKCS#12 mechanisms for TLS 1.2 that are currently unused in NSS.
* CKM_TLS_MAC - computes TLS Finished MAC
* NSS_USE_ALG_IN_SSL_KX - policy flag indicating that keys are used in TLS key
exchange
* SSL_ERROR_RX_SHORT_DTLS_READ - error code for failure to include a complete
DTLS record in a UDP packet
* SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM - error code for when no valid
signature and hash algorithm is available
* SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM - error code for when an
unsupported signature and hash algorithm is configured
* SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET - error code for when the extended
master secret is missing after having been negotiated
* SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET - error code for receiving an
extended master secret when previously not negotiated
* SSL_ENABLE_EXTENDED_MASTER_SECRET - configuration to enable the TLS extended
master secret extension (RFC 7627)
* ssl_preinfo_version - used with SSLPreliminaryChannelInfo to indicate that a
TLS version has been selected
* ssl_preinfo_cipher_suite - used with SSLPreliminaryChannelInfo to indicate
that a TLS cipher suite has been selected
* ssl_preinfo_all - used with SSLPreliminaryChannelInfo to indicate that all
preliminary information has been set
Notable Changes:
* NSS now builds with elliptic curve ciphers enabled by default (bug 1205688)
* NSS now builds with warnings as errors (bug 1182667)
* The following CA certificates were Removed
- CN = VeriSign Class 4 Public Primary Certification Authority - G3
- CN = UTN-USERFirst-Network Applications
- CN = TC TrustCenter Universal CA III
- CN = A-Trust-nQual-03
- CN = USERTrust Legacy Secure Server CA
- Friendly Name: Digital Signature Trust Co. Global CA 1
- Friendly Name: Digital Signature Trust Co. Global CA 3
- CN = UTN - DATACorp SGC
- O = TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2\
005
* The following CA certificate had the Websites trust bit turned off
- OU = Equifax Secure Certificate Authority
* The following CA certificates were Added
- CN = Certification Authority of WoSign G2
- CN = CA WoSign ECC Root
- CN = OISTE WISeKey Global Root GB CA
Changelog:
The following security-relevant bugs have been resolved in NSS 3.20.1.
Users are encouraged to upgrade immediately.
* Bug 1192028 (CVE-2015-7181) and
Bug 1202868 (CVE-2015-7182):
Several issues existed within the ASN.1 decoder used by NSS for handling
streaming BER data. While the majority of NSS uses a separate, unaffected
DER decoder, several public routines also accept BER data, and thus are
affected. An attacker that successfully exploited these issues can overflow
the heap and may be able to obtain remote code execution.
Issues found with existing distfiles:
distfiles/eclipse-sourceBuild-srcIncluded-3.0.1.zip
distfiles/fortran-utils-1.1.tar.gz
distfiles/ivykis-0.39.tar.gz
distfiles/enum-1.11.tar.gz
distfiles/pvs-3.2-libraries.tgz
distfiles/pvs-3.2-linux.tgz
distfiles/pvs-3.2-solaris.tgz
distfiles/pvs-3.2-system.tgz
No changes made to these distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Changelog:
The NSS team has released Network Security Services (NSS) 3.20,
which is a minor release.
New functionality:
* The TLS library has been extended to support DHE ciphersuites in
server applications.
New Functions:
* SSL_DHEGroupPrefSet - Configure the set of allowed/enabled DHE group
parameters that can be used by NSS for a server socket.
* SSL_EnableWeakDHEPrimeGroup - Enable the use of weak DHE group
parameters that are smaller than the library default's minimum size.
New Types:
* SSLDHEGroupType - Enumerates the set of DHE parameters embedded in
NSS that can be used with function SSL_DHEGroupPrefSet.
New Macros:
* SSL_ENABLE_SERVER_DHE - A socket option user to enable or disable
DHE ciphersuites for a server socket.
Notable Changes:
* The TLS library has been extended to support DHE ciphersuites in
server applications.
* For backwards compatibility reasons, the server side implementation
of the TLS library keeps all DHE ciphersuites disabled by default.
They can be enabled with the new socket option SSL_ENABLE_SERVER_DHE
and the SSL_OptionSet or the SSL_OptionSetDefault API.
* The server side implementation of the TLS implementation does not
support session tickets when using a DHE ciphersuite (see bug
1174677).
* Support for the following ciphersuites has been added:
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
* By default, the server side TLS implementation will use DHE
parameters with a size of 2048 bits when using DHE ciphersuites.
* NSS embeds fixed DHE parameters sized 2048, 3072, 4096, 6144 and
8192 bits, which were copied from version 08 of the Internet-Draft
"Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for
TLS", Appendix A.
* A new API SSL_DHEGroupPrefSet has been added to NSS, which allows a
server application to select one or multiple of the embedded DHE
parameters as the preferred parameters. The current implementation of
NSS will always use the first entry in the array that is passed as a
parameter to the SSL_DHEGroupPrefSet API. In future versions of the
TLS implementation, a TLS client might signal a preference for
certain DHE parameters, and the NSS TLS server side implementation
might select a matching entry from the set of parameters that have
been configured as preferred on the server side.
* NSS optionally supports the use of weak DHE parameters with DHE
ciphersuites to support legacy clients. In order to enable this
support, the new API SSL_EnableWeakDHEPrimeGroup must be used. Each
time this API is called for the first time in a process, a fresh set
of weak DHE parameters will be randomly created, which may take a
long amount of time. Please refer to the comments in the header file
that declares the SSL_EnableWeakDHEPrimeGroup API for additional
details.
* The size of the default PQG parameters used by certutil when
creating DSA keys has been increased to use 2048 bit parameters.
* The selfserv utility has been enhanced to support the new DHE
features.
* NSS no longer supports C compilers that predate the ANSI C
standard (C89).
* Approved by wiz@.
Changelog:
Network Security Services (NSS) is a patch release for NSS 3.19.
No new functionality is introduced in this release. This release addresses
a backwards compatibility issue with the NSS 3.19.1 release.
Notable Changes:
* In NSS 3.19.1, the minimum key sizes that the freebl cryptographic
implementation (part of the softoken cryptographic module used by default
by NSS) was willing to generate or use was increased - for RSA keys, to
512 bits, and for DH keys, 1023 bits. This was done as part of a security
fix for Bug 1138554 / CVE-2015-4000. Applications that requested or
attempted to use keys smaller then the minimum size would fail. However,
this change in behaviour unintentionally broke existing NSS applications
that need to generate or use such keys, via APIs such as
SECKEY_CreateRSAPrivateKey or SECKEY_CreateDHPrivateKey.
In NSS 3.19.2, this change in freebl behaviour has been reverted. The fix
for Bug 1138554 has been moved to libssl, and will now only affect the
minimum keystrengths used in SSL/TLS.
Changelog:
Network Security Services (NSS) 3.19.1 is a patch release
for NSS 3.19.
No new functionality is introduced in this release. This patch
release includes a fix for the recently published logjam attack.
Notable Changes:
* The minimum strength of keys that libssl will accept for
finite field algorithms (RSA, Diffie-Hellman, and DSA) have
been increased to 1023 bits (bug 1138554).
* NSS reports the bit length of keys more accurately. Thus,
the SECKEY_PublicKeyStrength and SECKEY_PublicKeyStrengthInBits
functions could report smaller values for values that have
leading zero values. This affects the key strength values that
are reported by SSL_GetChannelInfo.
The NSS development team would like to thank Matthew Green and
Karthikeyan Bhargavan for responsibly disclosing the issue in
bug 1138554.
The HG tag is NSS_3_19_1_RTM. NSS 3.19.1 requires NSPR 4.10.8 or newer.
Changelog:
The NSS team has released Network Security Services (NSS) 3.19,
which is a minor release.
New functionality:
* For some certificates, such as root CA certificates, that don't
embed any constraints, NSS might impose additional constraints,
such as name constraints. A new API has been added that allows
to lookup imposed constraints.
* It is possible to override the directory in which the NSS build
system will look for the sqlite library.
New Functions:
* CERT_GetImposedNameConstraints
Notable Changes:
* The SSL 3 protocol has been disabled by default.
* NSS now more strictly validates TLS extensions and will fail a
handshake that contains malformed extensions.
* Fixed a bug related to the ordering of TLS handshake messages.
* In TLS 1.2 handshakes, NSS advertises support for the SHA512
hash algorithm, in order to be compatible with TLS servers
that use certificates with a SHA512 signature.
Changelog:
The NSS Development Team announces the release of NSS 3.18.1
Network Security Services (NSS) 3.18.1 is a patch release
for NSS 3.18 to update the list of root CA certificates.
No new functionality is introduced in this release.
Notable Changes:
* The following CA certificate had the Websites and Code Signing
trust bits restored to their original state to allow more time
to develop a better transition strategy for affected sites:
- OU = Equifax Secure Certificate Authority
* The following CA certificate was removed:
- CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
* The following intermediate CA certificate has been added as
actively distrusted because it was mis-used to issue certificates
for domain names the holder did not own or control:
- CN=MCSHOLDING TEST, O=MCSHOLDING, C=EG
* The version number of the updated root CA list has been set
to 2.4
The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.18.1_release_notes
Changelog:
The NSS team has released Network Security Services (NSS) 3.18,
which is a minor release.
New functionality:
* When importing certificates and keys from a PKCS#12 source,
it's now possible to override the nicknames, prior to importing
them into the NSS database, using new API
SEC_PKCS12DecoderRenameCertNicknames.
* The tstclnt test utility program has new command-line options
-C, -D, -b and -R.
Use -C one, two or three times to print information about the
certificates received from a server, and information about the
locally found and trusted issuer certificates, to diagnose
server side configuration issues. It is possible to run tstclnt
without providing a database (-D). A PKCS#11 library that
contains root CA certificates can be loaded by tstclnt, which
may either be the nssckbi library provided by NSS (-b) or
another compatible library (-R).
New Functions:
* SEC_CheckCrlTimes
* SEC_GetCrlTimes
* SEC_PKCS12DecoderRenameCertNicknames
New Types
* SEC_PKCS12NicknameRenameCallback
Notable Changes:
* The highest TLS protocol version enabled by default has been
increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS
protocol version enabled by default has been increased from
DTLS 1.0 to DTLS 1.2.
* The default key size used by certutil when creating an RSA key
pair has been increased from 1024 bits to 2048 bits.
* On Mac OS X, by default the softokn shared library will link
with the sqlite library installed by the operating system,
if it is version 3.5 or newer.
* The following CA certificates had the Websites and Code Signing
trust bits turned off:
- Equifax Secure Certificate Authority
- Equifax Secure Global eBusiness CA-1
- TC TrustCenter Class 3 CA II
* The following CA certificates were Added:
- Staat der Nederlanden Root CA - G3
- Staat der Nederlanden EV Root CA
- IdenTrust Commercial Root CA 1
- IdenTrust Public Sector Root CA 1
- S-TRUST Universal Root CA
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- CFCA EV ROOT
* The version number of the updated root CA list has been set
to 2.3
Changelog:
Network Security Services (NSS) 3.17.4 is a patch release for NSS 3.17.
No new functionality is introduced in this release.
Notable Changes:
* If an SSL/TLS connection fails, because client and server don't have
any common protocol version enabled, NSS has been changed to report
error code SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting
SSL_ERROR_NO_CYPHER_OVERLAP).
* libpkix was fixed to prefer the newest certificate, if multiple
certificates match.
* fixed a memory corruption issue during failure of keypair generation.
* fixed a failure to reload a PKCS#11 module in FIPS mode.
* fixed interoperability of NSS server code with a LibreSSL client.
Changelog:
New functionality:
* Support for TLS_FALLBACK_SCSV has been added to the ssltap and
tstclnt utilities
Notable Changes:
* The QuickDER decoder now decodes lengths robustly
(CVE-2014-1569)
* The following 1024-bit CA certificates were Removed:
- GTE CyberTrust Global Root
- Thawte Server CA
- Thawte Premium Server CA
- America Online Root Certification Authority 1
- America Online Root Certification Authority 2
* The following CA certificates had the Websites and Code Signing
trust bits turned off:
- Class 3 Public Primary Certification Authority - G2
- Equifax Secure eBusiness CA-1
* The following CA certificates were Added:
- COMODO RSA Certification Authority
- USERTrust RSA Certification Authority
- USERTrust ECC Certification Authority
- GlobalSign ECC Root CA - R4
- GlobalSign ECC Root CA - R5
* The version number of the updated root CA list has been set
to 2.2
Changelog:
New in NSS 3.17.2
New Functionality
No new functionality is introduced in this release. This is a patch release to fix a regression and other bugs.
Notable Changes in NSS 3.17.2
Bug 1049435: Change RSA_PrivateKeyCheck to not require p > q. This fixes a regression introduced in NSS 3.16.2 that prevented NSS from importing some RSA private keys (such as in PKCS #12 files) generated by other crypto libraries.
Bug 1057161: Check that an imported elliptic curve public key is valid. Previously NSS would only validate the peer's public key before performing ECDH key agreement. Now EC public keys are validated at import time.
Bug 1078669: certutil crashes when an argument is passed to the --certVersion option.
Bugs fixed in NSS 3.17.2
This Bugzilla query returns all the bugs fixed in NSS 3.17.2:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.17.2
Compatibility
NSS 3.17.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.17.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
This release consists primarily of CA certificate changes as listed
below, and includes a small number of bug fixes.
Notable Changes:
* The following 1024-bit root CA certificate was restored to allow more
time to develop a better transition strategy for affected sites. It was
removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
forum led to the decision to keep this root included longer in order to
give website administrators more time to update their web servers.
- CN = GTE CyberTrust Global Root
* In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification
Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
intermediate CA certificate has been included, without explicit trust.
The intention is to mitigate the effects of the previous removal of the
1024-bit Entrust.net root certificate, because many public Internet
sites still use the "USERTrust Legacy Secure Server CA" intermediate
certificate that is signed by the 1024-bit Entrust.net root certificate.
The inclusion of the intermediate certificate is a temporary measure to
allow those sites to function, by allowing them to find a trust path to
another 2048-bit root CA certificate. The temporarily included
intermediate certificate expires November 1, 2015.
Changelog:
Network Security Services (NSS) 3.16.3 is a patch release for NSS 3.16.
This release consists primarily of CA certificate changes as listed
below, and fixes an issue with a recently added utility function.
New Functions:
* CERT_GetGeneralNameTypeFromString (This function was already added
in NSS 3.16.2, however, it wasn't declared in a public header file.)
Notable Changes:
* The following 1024-bit CA certificates were Removed
- Entrust.net Secure Server Certification Authority
- GTE CyberTrust Global Root
- ValiCert Class 1 Policy Validation Authority
- ValiCert Class 2 Policy Validation Authority
- ValiCert Class 3 Policy Validation Authority
* Additionally, the following CA certificate was Removed as
requested by the CA:
- TDC Internet Root CA
* The following CA certificates were Added:
- Certification Authority of WoSign
- CA 沃通根证书
- DigiCert Assured ID Root G2
- DigiCert Assured ID Root G3
- DigiCert Global Root G2
- DigiCert Global Root G3
- DigiCert Trusted Root G4
- QuoVadis Root CA 1 G3
- QuoVadis Root CA 2 G3
- QuoVadis Root CA 3 G3
* The Trust Bits were changed for the following CA certificates
- Class 3 Public Primary Certification Authority
- Class 3 Public Primary Certification Authority
- Class 2 Public Primary Certification Authority - G2
- VeriSign Class 2 Public Primary Certification Authority - G3
- AC Raíz Certicámara S.A.
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado
Changelog:
Network Security Services (NSS) 3.16.2 is a patch release for NSS 3.16.
New functionality:
* DTLS 1.2 is supported.
* The TLS application layer protocol negotiation (ALPN) extension
is also supported on the server side.
* RSA-OEAP is supported. Use the new PK11_PrivDecrypt and
PK11_PubEncrypt functions with the CKM_RSA_PKCS_OAEP mechanism.
* New Intel AES assembly code for 32-bit and 64-bit Windows,
contributed by Shay Gueron and Vlad Krasnov of Intel.
New Functions:
* CERT_AddExtensionByOID
* PK11_PrivDecrypt
* PK11_PubEncrypt
New Macros
* SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK
* SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL
Notable Changes:
* The btoa command has a new command-line option -w suffix, which
causes the output to be wrapped in BEGIN/END lines with the
given suffix
* The certutil commands supports additionals types of subject
alt name extensions.
* The certutil command supports generic certificate extensions,
by loading binary data from files, which have been prepared using
external tools, or which have been extracted from other existing
certificates and dumped to file.
* The certutil command supports three new certificate usage specifiers.
* The pp command supports printing UTF-8 (-u).
* On Linux, NSS is built with the -ffunction-sections -fdata-sections
compiler flags and the --gc-sections linker flag to allow unused
functions to be discarded.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
Changelog:
Network Security Services (NSS) 3.16.1 is a patch release for NSS 3.16.
New functionality:
* Added the "ECC" flag for modutil to select the module used for
elliptic curve cryptography (ECC) operations.
New Functions:
* PK11_ExportDERPrivateKeyInfo
* PK11_ExportPrivKeyInfo
* SECMOD_InternalToPubMechFlags
New Types:
* ssl_padding_xtn
New Macros
* PUBLIC_MECH_ECC_FLAG
* SECMOD_ECC_FLAG
Notable Changes:
* Imposed name constraints on the French government root CA ANSSI
(DCISS).
* Improve 3.16 like 2 number version support (firefox etc. requires 3 number
version string)
Changelog:
From https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes
The following security-relevant bug has been resolved.
Users are encouraged to upgrade immediately.
* Bug 903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard
character should not be embedded within the U-label of an
internationalized domain name. See the last bullet point in RFC 6125,
Section 7.2.
New functionality:
* Supports the Linux x32 ABI. To build for the Linux x32 target, set
the environment variable USE_X32=1 when building NSS.
New Functions:
* NSS_CMSSignerInfo_Verify
New Macros
* TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc.,
cipher suites that were first defined in SSL 3.0 can now be referred
to with their official IANA names in TLS, with the TLS_ prefix.
Previously, they had to be referred to with their names in SSL 3.0,
with the SSL_ prefix.
Notable Changes:
* ECC is enabled by default. It is no longer necessary to set the
environment variable NSS_ENABLE_ECC=1 when building NSS. To disable
ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS.
* libpkix should not include the common name of CA as DNS names when
evaluating name constraints.
* AESKeyWrap_Decrypt should not return SECSuccess for invalid keys.
* Fix a memory corruption in sec_pkcs12_new_asafe.
* If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime
test sdb_measureAccess.
* The built-in roots module has been updated to version 1.97, which
adds, removes, and distrusts several certificates.
* The atob utility has been improved to automatically ignore lines of
text that aren't in base64 format.
* The certutil utility has been improved to support creation of
version 1 and version 2 certificates, in addition to the existing
version 3 support.
Changelog:
From: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes
Network Security Services (NSS) 3.15.5 is a patch release for NSS 3.15.
New functionality:
* Added support for the TLS application layer protocol negotiation
(ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and
SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both)
should be used for application layer protocol negotiation.
* Added the TLS padding extension. The extension type value is 35655,
which may change when an official extension type value is assigned
by IANA. NSS automatically adds the padding extension to ClientHello
when necessary.
* Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting
the tail of a CERTCertList.
Notable Changes:
* Bug 950129: Improve the OCSP fetching policy when verifying OCSP
responses
* Bug 949060: Validate the iov input argument (an array of PRIOVec
structures) of ssl_WriteV (called via PR_Writev). Applications should
still take care when converting struct iov to PRIOVec because the
iov_len members of the two structures have different types
(size_t vs. int). size_t is unsigned and may be larger than int.
Changelog:
from: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.4_release_notes
Security Advisories
The following security-relevant bugs have been resolved in NSS 3.15.4.
Users are encouraged to upgrade immediately.
Bug 919877 - (CVE-2013-1740) When false start is enabled, libssl will
sometimes return unencrypted, unauthenticated data from PR_Recv
New in NSS 3.15.4
New Functionality
Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method.
Implemented OCSP server functionality for testing purposes (httpserv utility).
Support SHA-1 signatures with TLS 1.2 client authentication.
Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database.
Added the -w command-line option to pp: don't wrap long output lines.
New Functions
CERT_ForcePostMethodForOCSP
CERT_GetSubjectNameDigest
CERT_GetSubjectPublicKeyDigest
SSL_PeerCertificateChain
SSL_RecommendedCanFalseStart
SSL_SetCanFalseStartCallback
New Types
CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used, libpkix will never attempt to use the HTTP GET method for OCSP requests; it will always use POST.
New PKCS #11 Mechanisms
None.
Notable Changes in NSS 3.15.4
Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices.
Updated the set of root CA certificates (version 1.96).
Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function.
When building on Windows, OS_TARGET now defaults to WIN95. To use the WINNT build configuration, specify OS_TARGET=WINNT.
Bugs fixed in NSS 3.15.4
A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.4&product=NSS
Compatibility
NSS 3.15.4 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries will
work with NSS 3.15.4 shared libraries without recompiling or relinking.
Furthermore, applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible with future
versions of the NSS shared libraries.
