* Require devel/nspr-4.19
Changelog:
The NSS team has released Network Security Services (NSS) 3.36,
which is a minor release.
Summary of the major changes included in this release:
- Replaced existing vectorized ChaCha20 code with verified
HACL* implementation.
- Experimental APIs for TLS session cache handling.
Changelog:
The NSS team has released Network Security Services (NSS) 3.35,
which is a minor release.
Summary of the major changes included in this release:
- The default database storage format has been changed to SQL,
using filenames cert9.db, key4.db, pkcs11.txt.
- TLS 1.3 support has been updated to draft -23, along with
additional significant changes.
- Support for TLS compression was removed.
- Added formally verified implementations of non-vectorized Chacha20
and non-vectorized Poly1305 64-bit.
- When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a
higher iteration count for stronger security.
- The CA trust list was updated to version 2.22.
Changelog:
The following CA certificate was Re-Added. It was removed in
NSS 3.34, but has been re-added with only the Email trust bit
set. (bug 1418678)
CN = Certum CA, O=Unizeto Sp. z o.o.
SHA-256 Fingerprint: D8:E0:FE:BC:1D:B2:E3:8D:00:94:0F:37:D2:7D:41:34:4D:99:3E:73:4B:99:D5:65:6D:97:78:D4:D8:14:36:24
Removed entries from certdata.txt for actively distrusted
certificates that have expired (bug 1409872).
The version of the CA list was set to 2.20.
The following CA certificates were Added:
CN = GDCA TrustAUTH R5 ROOT
SHA-256 Fingerprint: BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93
Trust Flags: Websites
CN = SSL.com Root Certification Authority RSA
SHA-256 Fingerprint: 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69
Trust Flags: Websites, Email
CN = SSL.com Root Certification Authority ECC
SHA-256 Fingerprint: 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65
Trust Flags: Websites, Email
CN = SSL.com EV Root Certification Authority RSA R2
SHA-256 Fingerprint: 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C
Trust Flags: Websites
CN = SSL.com EV Root Certification Authority ECC
SHA-256 Fingerprint: 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8
Trust Flags: Websites
CN = TrustCor RootCert CA-1
SHA-256 Fingerprint: D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
Trust Flags: Websites, Email
CN = TrustCor RootCert CA-2
SHA-256 Fingerprint: 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
Trust Flags: Websites, Email
CN = TrustCor ECA-1
SHA-256 Fingerprint: 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
Trust Flags: Websites, Email
The following CA certificates were Removed:
CN = Certum CA, O=Unizeto Sp. z o.o.
SHA-256 Fingerprint: D8:E0:FE:BC:1D:B2:E3:8D:00:94:0F:37:D2:7D:41:34:4D:99:3E:73:4B:99:D5:65:6D:97:78:D4:D8:14:36:24
CN = StartCom Certification Authority
SHA-256 Fingerprint: C7:66:A9:BE:F2:D4:07:1C:86:3A:31:AA:49:20:E8:13:B2:D1:98:60:8C:B7:B7:CF:E2:11:43:B8:36:DF:09:EA
CN = StartCom Certification Authority
SHA-256 Fingerprint: E1:78:90:EE:09:A3:FB:F4:F4:8B:9C:41:4A:17:D6:37:B7:A5:06:47:E9:BC:75:23:22:72:7F:CC:17:42:A9:11
CN = StartCom Certification Authority G2
SHA-256 Fingerprint: C7:BA:65:67:DE:93:A7:98:AE:1F:AA:79:1E:71:2D:37:8F:AE:1F:93:C4:39:7F:EA:44:1B:B7:CB:E6:FD:59:95
CN = TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
SHA-256 Fingerprint: E4:C7:34:30:D7:A5:B5:09:25:DF:43:37:0A:0D:21:6E:9A:79:B9:D6:DB:83:73:A0:C6:9E:B1:CC:31:C7:C5:2A
CN = ACEDICOM Root
SHA-256 Fingerprint: 03:95:0F:B4:9A:53:1F:3E:19:91:94:23:98:DF:A9:E0:EA:32:D7:BA:1C:DD:9B:C8:5D:B5:7E:D9:40:0B:43:4A
CN = Certinomis - Autorité Racine
SHA-256 Fingerprint: FC:BF:E2:88:62:06:F7:2B:27:59:3C:8B:07:02:97:E1:2D:76:9E:D1:0E:D7:93:07:05:A8:09:8E:FF:C1:4D:17
CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
SHA-256 Fingerprint: 97:8C:D9:66:F2:FA:A0:7B:A7:AA:95:00:D9:C0:2E:9D:77:F2:CD:AD:A6:AD:6B:A7:4A:F4:B9:1C:66:59:3C:50
CN = PSCProcert
SHA-256 Fingerprint: 3C:FC:3C:14:D1:F6:84:FF:17:E3:8C:43:CA:44:0C:00:B9:67:EC:93:3E:8B:FE:06:4C:A1:D7:2C:90:F2:AD:B0
CN = CA 沃通根证书, O=WoSign CA Limited
SHA-256 Fingerprint: D6:F0:34:BD:94:AA:23:3F:02:97:EC:A4:24:5B:28:39:73:E4:47:AA:59:0F:31:0C:77:F4:8F:DF:83:11:22:54
CN = Certification Authority of WoSign
SHA-256 Fingerprint: 4B:22:D5:A6:AE:C9:9F:3C:DB:79:AA:5E:C0:68:38:47:9C:D5:EC:BA:71:64:F7:F2:2D:C1:D6:5F:63:D8:57:08
CN = Certification Authority of WoSign G2
SHA-256 Fingerprint: D4:87:A5:6F:83:B0:74:82:E8:5E:96:33:94:C1:EC:C2:C9:E5:1D:09:03:EE:94:6B:02:C3:01:58:1E:D9:9E:16
CN = CA WoSign ECC Root
SHA-256 Fingerprint: 8B:45:DA:1C:06:F7:91:EB:0C:AB:F2:6B:E5:88:F5:FB:23:16:5C:2E:61:4B:F8:85:56:2D:0D:CE:50:B2:9B:02
libfreebl no longer requires SSE2 instructions.
New in NSS 3.34
New Functionality
When listing an NSS database using certutil -L, but the database
hasn't yet been initialized with any non-empty or empty password,
the text "Database needs user init" will be included in the listing.
When using certutil to set an inacceptable password in FIPS mode,
a correct explanation of acceptable passwords will be printed.
SSLKEYLOGFILE is now supported with TLS 1.3, see Bug 1287711 for details.
SSLChannelInfo has two new fields (Bug 1396525)
SSLNamedGroup originalKeaGroup holds the key exchange group of the
original handshake when the session was resumed.
PRBool resumed is PR_TRUE when the session is resumed and PR_FALSE
otherwise.
RSA-PSS signatures are now supported on certificates. Certificates
with RSA-PSS or RSA-PKCS#1v1.5 keys can be used to create an RSA-PSS
signature on a certificate using the --pss-sign argument to certutil.
New Functions
Compatibility
NSS 3.34 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries
will work with NSS 3.34 shared libraries without recompiling or relinking.
Furthermore, applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible with
future versions of the NSS shared libraries.
Changelog:
Notable Changes in NSS 3.33
TLS compression is no longer supported. API calls that attempt to enable compression are accepted without failure. However, TLS compression will remain disabled.
This version of NSS uses a formally verified implementation of Curve25519 on 64-bit systems.
The compile time flag DISABLE_ECC has been removed.
When NSS is compiled without NSS_FORCE_FIPS=1 startup checks are not performed anymore.
Various minor improvements and correctness fixes.
Changelog:
Notable Changes:
================
* Various minor improvements and correctness fixes.
* The Code Signing trust bit was turned off for all included root certificates.
* The Websites (TLS/SSL) trust bit was turned off for the following root
certificates:
- CN = AddTrust Class 1 CA Root
- CN = Swisscom Root CA 2
* The following CA certificates were Removed:
- CN = AddTrust Public CA Root
- CN = AddTrust Qualified CA Root
- CN = China Internet Network Information Center EV Certificates Root
- CN = CNNIC ROOT
- CN = ComSign Secured CA
- CN = GeoTrust Global CA 2
- CN = Secure Certificate Services
- CN = Swisscom Root CA 1
- CN = Swisscom Root EV CA 2
- CN = Trusted Certificate Services
- CN = UTN-USERFirst-Hardware
- CN = UTN-USERFirst-Object
Changelog:
New functionality:
==================
* Allow certificates to be specified by RFC7512 PKCS#11 URIs.
* Allow querying a certificate object for its temporary or permanent storage
status in a thread safe way.
New Functions:
==============
* CERT_GetCertIsPerm - retrieve the permanent storage status attribute of a
certificate in a thread safe way.
* CERT_GetCertIsTemp - retrieve the temporary storage status attribute of a
certificate in a thread safe way.
* PK11_FindCertFromURI - find a certificate identified by the given URI.
* PK11_FindCertsFromURI - find a list of certificates identified by the given
URI.
* PK11_GetModuleURI - retrieve the URI of the given module.
* PK11_GetTokenURI - retrieve the URI of a token based on the given slot
information.
* PK11URI_CreateURI - create a new PK11URI object from a set of attributes.
* PK11URI_DestroyURI - destroy a PK11URI object.
* PK11URI_FormatURI - format a PK11URI object to a string.
* PK11URI_GetPathAttribute - retrieve a path attribute with the given name.
* PK11URI_GetQueryAttribute - retrieve a query attribute with the given name.
* PK11URI_ParseURI - parse PKCS#11 URI and return a new PK11URI object.
New Macros:
===========
* Several new macros that start with PK11URI_PATTR_ for path attributes defined
in RFC7512.
* Several new macros that start with PK11URI_QATTR_ for query attributes defined
in RFC7512.
Notable Changes:
================
* The APIs that set a TLS version range have been changed to trim the requested
range to the overlap with a systemwide crypto policy, if configured.
SSL_VersionRangeGetSupported can be used to query the overlap between the
library's supported range of TLS versions and the systemwide policy.
* Previously, SSL_VersionRangeSet and SSL_VersionRangeSetDefault returned a
failure if the requested version range wasn't fully allowed by the systemwide
crypto policy. They have been changed to return success, if at least one TLS
version overlaps between the requested range and the systemwide policy. An
application may call SSL_VersionRangeGet and SSL_VersionRangeGetDefault to
query the TLS version range that was effectively activated.
* Corrected the encoding of Domain Name Constraints extensions created by
certutil.
* NSS supports a clean seeding mechanism for *NIX systems now using only
/dev/urandom. This is used only when SEED_ONLY_DEV_URANDOM is set at compile
time.
* CERT_AsciiToName can handle OIDs in dotted decimal form now.
The HG tag is NSS_3_31_RTM. NSS 3.31 requires NSPR 4.15 or newer.
Changelog:
The NSS team has released Network Security Services (NSS) 3.30.2,
which is a patch release to update the list of root CA certificates.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
Notable Changes:
* The following CA certificates were Removed
- O = Japanese Government, OU = ApplicationCA
- CN = WellsSecure Public Root Certificate Authority
- CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- CN = Microsec e-Szigno Root
* The following CA certificates were Added
- CN = D-TRUST Root CA 3 2013
- CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
* The version number of the updated root CA list has been set to 2.14
(Bug 1350859)
* Domain name constraints for one of the new CAs have been added to the
NSS code (Bug 1349705)
Changelog:
New in NSS 3.30:
================
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust are
marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY, set to
true. Applications that need to distinguish them from other other root CAs
may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS alerts
that are sent or received.
Notable Changes:
================
* The TLS server code has been enhanced to support session tickets when no
RSA certificate is configured.
* RSA-PSS signatures produced by key pairs with a modulus bit length that
is not a multiple of 8 are now supported.
* The pk12util tool now supports importing and exporting data encrypted in
the AES based schemes defined in PKCS#5 v2.1.
Changelog:
The NSS team has released Network Security Services (NSS) 3.29.3
No new functionality is introduced in this release.
This is a patch release to fix a rare crash when initializing an SSL socket
fails.
The NSS team has released Network Security Services (NSS) 3.29.2
No new functionality is introduced in this release.
This is a patch release to fix an issue with TLS session tickets.
Changelog:
Notable Changes:
================
* Fixed a NSS 3.28 regression in the signature scheme flexibility that
causes connectivity issues between iOS 8 clients and NSS servers with ECDSA
certificates (bug1334114
<https://bugzilla.mozilla.org/show_bug.cgi?id=1334114>).
* Bump nspr requirement
Changelog:
3.28.1:
The NSS team has released Network Security Services (NSS) 3.28.1,
which is a patch release.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
No new functionality is introduced in this release. This is a patch release to
update the list of root CA certificates and address a minor TLS compatibility
issue that some applications experienced with NSS 3.28.
Notable Changes:
* The following CA certificates were Removed
- CN = Buypass Class 2 CA 1
- CN = Root CA Generalitat Valenciana
- OU = RSA Security 2048 V3
* The following CA certificates were Added
- OU = AC RAIZ FNMT-RCM
- CN = Amazon Root CA 1
- CN = Amazon Root CA 2
- CN = Amazon Root CA 3
- CN = Amazon Root CA 4
- CN = LuxTrust Global Root 2
- CN = Symantec Class 1 Public Primary Certification Authority - G4
- CN = Symantec Class 1 Public Primary Certification Authority - G6
- CN = Symantec Class 2 Public Primary Certification Authority - G4
- CN = Symantec Class 2 Public Primary Certification Authority - G6
* The version number of the updated root CA list has been set to 2.11
* A misleading assertion/alert has been removed when NSS tries to flush data
to the peer but the connection was already reset.
3.28:
The NSS team has released Network Security Services (NSS) 3.28,
which is a minor release.
Below is a summary of the changes.
Please refer to the full release notes for additional details:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28_release_notes
Request to test and prepare for TLS 1.3 (draft):
================================================
To prepare for a change of default build options, which is
planned for
the future NSS 3.29 release, we'd like to encourage all users of NSS
3.28
to override the standard NSS build configuration to enable support for
(draft
) TLS 1.3 by defining NSS_ENABLE_TLS_1_3=1 at build time.
We'd like to ask you to
please give feedback to the NSS developers for any
compatibility issues that you
might encounter in your tests.
For providing feedback, you may send a message to this mailing list, see:
https://lists.mozilla.org/listinfo/dev-tech-crypto
or please report a bug here:
https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS
New functionality:
==================
* NSS includes support for TLS 1.3 draft -18. This includes a number
of
improvements to TLS 1.3:
- The signed certificate timestamp, used in
certificate transparency,
is supported in TLS 1.3.
- Key exporters for TLS
1.3 are supported. This includes the early key
exporter, which can be used if
0-RTT is enabled. Note that there is a
difference between TLS 1.3 and key
exporters in older versions of TLS.
TLS 1.3 does not distinguish between an
empty context and no context.
- The TLS 1.3 (draft) protocol can be enabled, by
defining
NSS_ENABLE_TLS_1_3=1 when building NSS.
* NSS includes support for
the X25519 key exchange algorithm, which is
supported and enabled by default in
all versions of TLS.
New Functions:
==============
* SSL_ExportEarlyKeyingMaterial
* SSL_SendAdditionalKeyShares
* SSL_SignatureSchemePrefSet
* SSL_SignatureSchemePrefGet
Notable Changes:
================
* NSS can no longer be compiled with support for additional elliptic curves.
This was previously possible by replacing certain NSS source files.
* NSS will now detect the presence of tokens that support additional
elliptic curves and enable those curves for use in TLS.
Note that this detection has a one-off performance cost, which can be
avoided by using the SSL_NamedGroupConfig function to limit supported
groups to those that NSS provides.
* PKCS#11 bypass for TLS is no longer supported and has been removed.
* Support for "export" grade SSL/TLS cipher suites has been removed.
* NSS now uses the signature schemes definition in TLS 1.3.
This also affects TLS 1.2. NSS will now only generate signatures with the
combinations of hash and signature scheme that are defined in TLS 1.3,
even when negotiating TLS 1.2.
- This means that SHA-256 will only be used with P-256 ECDSA certificates,
SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates.
SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward
compatibility reasons.
- New functions to configure signature schemes are provided:
SSL_SignatureSchemePrefSet, SSL_SignatureSchemePrefGet.
The old SSL_SignaturePrefSet and SSL_SignaturePrefSet functions are
now deprecated.
- NSS will now no longer assume that default signature schemes are
supported by a peer if there was no commonly supported signature scheme.
* NSS will now check if RSA-PSS signing is supported by the token that holds
the private key prior to using it for TLS.
* The certificate validation code contains checks to no longer trust
certificates that are issued by old WoSign and StartCom CAs after
October 21, 2016. This is equivalent to the behavior that Mozilla will
release with Firefox 51.
Changelog:
The NSS Development Team announces the release of NSS 3.27.2, which is a
patch release to address a memory leak in the TLS implementation.
No new functionality is introduced in this release.
Notable Changes:
* Bug 1318561 - SSL_SetTrustAnchors leaks
Changelog:
The NSS team has released Network Security Services (NSS) 3.27.1.
This is a patch release to address a TLS compatibility issue
that some applications experienced with NSS 3.27.
Notable Changes:
Availability of the TLS 1.3 (draft) implementation has been re-disabled
in the default build.
Previous versions of NSS made TLS 1.3 (draft) available only when compiled
with NSS_ENABLE_TLS_1_3. NSS 3.27 set this value on by default, allowing
TLS 1.3 (draft) to be disabled using NSS_DISABLE_TLS_1_3, although the
maximum version used by default remained TLS 1.2.
However, some applications query the list of protocol versions that are
supported by the NSS library, and enable all supported TLS protocol versions.
Because NSS 3.27 enabled compilation of TLS 1.3 (draft) by default, it caused
those applications to enable TLS 1.3 (draft). This resulted in connectivity
failures, as some TLS servers are version 1.3 intolerant, and failed to
negotiate an earlier TLS version with NSS 3.27 clients.
Changelog:
The NSS team has released Network Security Services (NSS) 3.27,
which is a minor release.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
New functionality:
* Allow custom named group priorities for TLS key exchange handshake
(SSL_NamedGroupConfig).
* Added support for RSA-PSS signatures in TLS 1.2 and TLS 1.3
New Functions:
* SSL_NamedGroupConfig
Notable Changes:
* NPN can not be enabled anymore.
* Hard limits on the maximum number of TLS records encrypted with the same
key are enforced.
* Disabled renegotiation in DTLS.
* The following CA certificates were Removed
- CN = IGC/A, O = PM/SGDN, OU = DCSSI
- CN = Juur-SK, O = AS Sertifitseerimiskeskus
- CN = EBG Elektronik Sertifika Hizmet Sağlayıcısı
- CN = S-TRUST Authentication and Encryption Root CA 2005:PN
- O = VeriSign, Inc., OU = Class 1 Public Primary Certification Authority
- O = VeriSign, Inc., OU = Class 2 Public Primary Certification Authority - G2
- O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority
- O = Equifax, OU = Equifax Secure Certificate Authority
- CN = Equifax Secure eBusiness CA-1
- CN = Equifax Secure Global eBusiness CA-1
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27_release_notes
Changelog:
The NSS team has released Network Security Services (NSS) 3.25, which is a minor
release.
Below is a short summary of the changes.
Please refer to the full release notes for additional details.
New functionality:
* Implemented DHE key agreement for TLS 1.3
* Added support for ChaCha with TLS 1.3
* Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF
* In previous versions, when using client authentication with TLS 1.2,
NSS only supported certificate_verify messages that used the same
signature hash algorithm as used by the PRF.
This limitation has been removed.
* Several functions have been added to the public API of the NSS
Cryptoki Framework.
New Functions:
* NSSCKFWSlot_GetSlotID
* NSSCKFWSession_GetFWSlot
* NSSCKFWInstance_DestroySessionHandle
* NSSCKFWInstance_FindSessionHandle
Notable Changes:
* An SSL socket can no longer be configured to allow both TLS 1.3 and SSL v3
* Regression fix: NSS no longer reports a failure if an application attempts
to disable the SSL v2 protocol.
* The list of trusted CA certificates has been updated to version 2.8
* The following CA certificate was Removed
- CN = Sonera Class1 CA
* The following CA certificates were Added
- CN = Hellenic Academic and Research Institutions RootCA 2015
- CN = Hellenic Academic and Research Institutions ECC RootCA 2015
- CN = Certplus Root CA G1
- CN = Certplus Root CA G2
- CN = OpenTrust Root CA G1
- CN = OpenTrust Root CA G2
- CN = OpenTrust Root CA G3
* Require nspr 4.12 or later, from he@. Thank you.
Changelog:
The NSS team has released Network Security Services (NSS) 3.24, which is
a minor release.
Below is a short summary of the changes.
Please refer to the full release notes for additional details.
New functionality:
* NSS softoken has been updated with the latest NIST guidance (as of 2015)
* NSS softoken has also been updated to allow NSS to run in FIPS level-1
(no password).
* SSL_ConfigServerCert function has been added for configuring SSL/TLS
server sockets with a certificate and private key. This method should be
used in preference to SSL_ConfigSecureServer,
SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and
SSL_SetSignedCertTimestamps.
* Added PORTCheapArena for temporary arenas allocated on the stack.
New Functions:
* SSL_ConfigServerCert - Configures an SSL/TLS socket with a certificate,
private key and other information.
* PORT_InitCheapArena - This initializes an arena that was created on
the stack. See PORTCheapArenaPool.
* PORT_DestroyCheapArena - This destroys an arena that was created on
the stack. See PORTCheapArenaPool.
New Types
* SSLExtraServerCertData - This struct is optionally passed as an argument
to SSL_ConfigServerCert. It contains supplementary information about a
certificate, such as the intended type of the certificate, stapled OCSP
responses, or signed certificate timestamps (used for certificate
transparency).
* PORTCheapArenaPool - A stack-allocated arena pool, to be used for
temporary arena allocations.
New Macros
* CKM_TLS12_MAC
* SEC_OID_TLS_ECDHE_PSK - This OID is used to govern use of the
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite, which is only
used for session resumption in TLS 1.3.
Notable Changes:
* The following functions have been deprecated (applications should use the
new SSL_ConfigServerCert function instead):
* SSL_SetStapledOCSPResponses
* SSL_SetSignedCertTimestamps
* SSL_ConfigSecureServer
* SSL_ConfigSecureServerWithCertChain
* Function NSS_FindCertKEAType is now deprecated, as it reports a misleading
value for certificates that might be used for signing rather than key
exchange.
* SSLAuthType has been updated to define a larger number of authentication
key types.
* The member attribute authAlgorithm of type SSLCipherSuiteInfo has been
deprecated. Instead, applications should use the newly added attribute
authType.
* ssl_auth_rsa has been renamed to ssl_auth_rsa_decrypt.
* On Linux platforms that define FREEBL_LOWHASH, a shared library has been
added: libfreeblpriv3
* Most code related to the SSL v2 has been removed, including the ability to
actively send a SSL v2 compatible client hello.
However, the server side implementation of the SSL/TLS protocol continues to
support processing of received v2 compatible client hello messages.
* NSS supports a mechanism to log SSL/TLS key material to a logfile if the
environment variable named SSLKEYLOGFILE is set. NSS has been changed to
disable this functionality in optimized builds by default. In order to enable
the functionality in optimized builds, the symbol NSS_ALLOW_SSLKEYLOGFILE
must be defined when building NSS.
* NSS has been updated to be protected against the Cachebleed attack.
* Support for DTLS compression has been disabled.
* Support for TLS 1.3 has been improved. This includes support for DTLS 1.3.
Note that TLS 1.3 support is experimental and is not suitable for production
use.
Changelog:
The NSS team has released Network Security Services (NSS) 3.23, which is a minor
release.
The following security-relevant bug has been resolved in NSS 3.23.
Users are encouraged to upgrade immediately.
* Bug 1245528 (CVE-2016-1950):
Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
structures. An attacker could create a specially-crafted certificate which,
when parsed by NSS, would cause a crash or execution of arbitrary code with
the permissions of the user.
New functionality:
* ChaCha20/Poly1305 cipher and TLS cipher suites now supported
(bug 917571, bug 1227905)
* Experimental-only support TLS 1.3 1-RTT mode (draft-11).
This code is not ready for production use.
New Functions:
* SSL_SetDowngradeCheckVersion - Set maximum version for new ServerRandom
anti-downgrade mechanism
Notable Changes:
* The copy of SQLite shipped with NSS has been updated to version 3.10.2
(bug 1234698)
* The list of TLS extensions sent in the TLS handshake has been reordered
to improve compatibility of the Extended Master Secret feature
with servers (bug 1243641)
* The build time environment variable NSS_ENABLE_ZLIB has been renamed
to NSS_SSL_ENABLE_ZLIB (Bug 1243872).
* The build time environment variable NSS_DISABLE_CHACHAPOLY was added,
which can be used to prevent compilation of the ChaCha20/Poly1305 code.
* The following CA certificates were Removed
- Staat der Nederlanden Root CA
- NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
- NetLock Kozjegyzoi (Class A) Tanusitvanykiado
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado
- VeriSign Class 1 Public PCA – G2
- VeriSign Class 3 Public PCA
- VeriSign Class 3 Public PCA – G2
- CA Disig
* The following CA certificates were Added
- SZAFIR ROOT CA2
- Certum Trusted Network CA 2
* The following CA certificate had the Email trust bit turned on
- Actalis Authentication Root CA
The full release notes, including the SHA256 fingerprints of the changed
CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes
Changelog:
The NSS Development Team announces the release of NSS 3.22.3,
which is a patch release for NSS 3.22.
No new functionality is introduced in this release.
The following bugs have been resolved in NSS 3.22.3
* Bug 1243641 - Increase compatibility of TLS extended master secret,
don't send an empty TLS extension last in the handshake
Changelog:
The NSS Development Team announces the release of NSS 3.22.1
No new functionality is introduced in this release.
Notable Changes:
* NSS has been changed to use the PR_GetEnvSecure function that
was made available in NSPR 4.12
Changelog:
The NSS team has released Network Security Services (NSS) 3.22,
which is a minor release.
New functionality:
* RSA-PSS signatures are now supported (bug 1215295)
* Pseudorandom functions based on hashes other than SHA-1 are now supported
* Enforce an External Policy on NSS from a config file (bug 1009429)
New Functions:
* PK11_SignWithMechanism - an extended version PK11_Sign()
* PK11_VerifyWithMechanism - an extended version of PK11_Verify()
* SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
TLS extension data
* SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
TLS extension data
New Types:
* ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
* Constants for several object IDs are added to SECOidTag
New Macros:
* SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
* NSS_USE_ALG_IN_SSL
* NSS_USE_POLICY_IN_SSL
* NSS_RSA_MIN_KEY_SIZE
* NSS_DH_MIN_KEY_SIZE
* NSS_DSA_MIN_KEY_SIZE
* NSS_TLS_VERSION_MIN_POLICY
* NSS_TLS_VERSION_MAX_POLICY
* NSS_DTLS_VERSION_MIN_POLICY
* NSS_DTLS_VERSION_MAX_POLICY
* CKP_PKCS5_PBKD2_HMAC_SHA224
* CKP_PKCS5_PBKD2_HMAC_SHA256
* CKP_PKCS5_PBKD2_HMAC_SHA384
* CKP_PKCS5_PBKD2_HMAC_SHA512
* CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)
table Changes:
* NSS C++ tests are built by default, requiring a C++11 compiler.
Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.
The HG tag is NSS_3_22_RTM. NSS 3.22 requires NSPR 4.11 or newer.
* Disable gtest option
Changelog:
The NSS team has released Network Security Services (NSS) 3.21,
which is a minor release.
New functionality:
* certutil now supports a --rename option to change a nickname (bug 1142209)
* TLS extended master secret extension (RFC 7627) is supported (bug 1117022)
* New info functions added for use during mid-handshake callbacks (bug 1084669)
New Functions:
* NSS_OptionSet - sets NSS global options
* NSS_OptionGet - gets the current value of NSS global options
* SECMOD_CreateModuleEx - Create a new SECMODModule structure from module name
string, module parameters string, NSS specific parameters string, and NSS
configuration parameter string. The module represented by the module
structure is not loaded. The difference with SECMOD_CreateModule is the new
function handles NSS configuration parameter strings.
* SSL_GetPreliminaryChannelInfo - obtains information about a TLS channel prior
to the handshake being completed, for use with the callbacks that are invoked
during the handshake
* SSL_SignaturePrefSet - configures the enabled signature and hash algorithms
for TLS
* SSL_SignaturePrefGet - retrieves the currently configured signature and hash
algorithms
* SSL_SignatureMaxCount - obtains the maximum number signature algorithms that
can be configured with SSL_SignaturePrefSet
* NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks it into shared
library string, module name string, module parameters string, NSS specific
parameters string, and NSS configuration parameter strings. The returned
strings must be freed by the caller. The difference with
NSS_ArgParseModuleSpec is the new function handles NSS configuration
parameter strings.
* NSSUTIL_MkModuleSpecEx - take a shared library string, module name string,
module parameters string, NSS specific parameters string, and NSS
configuration parameter string and returns a module string which the caller
must free when it is done. The difference with NSS_MkModuleSpec is the new
function handles NSS configuration parameter strings.
New Types:
* CK_TLS12_MASTER_KEY_DERIVE_PARAMS{_PTR} - parameters {or pointer} for
CKM_TLS12_MASTER_KEY_DERIVE
* CK_TLS12_KEY_MAT_PARAMS{_PTR} - parameters {or pointer} for
CKM_TLS12_KEY_AND_MAC_DERIVE
* CK_TLS_KDF_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_KDF
* CK_TLS_MAC_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_MAC
* SSLHashType - identifies a hash function
* SSLSignatureAndHashAlg - identifies a signature and hash function
* SSLPreliminaryChannelInfo - provides information about the session state
prior to handshake completion
New Macros:
* NSS_RSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
get the minimum RSA key size
* NSS_DH_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
get the minimum DH key size
* NSS_DSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
get the minimum DSA key size
* CKM_TLS12_MASTER_KEY_DERIVE - derives TLS 1.2 master secret
* CKM_TLS12_KEY_AND_MAC_DERIVE - derives TLS 1.2 traffic key and IV
* CKM_TLS12_MASTER_KEY_DERIVE_DH - derives TLS 1.2 master secret for DH (and
ECDH) cipher suites
* CKM_TLS12_KEY_SAFE_DERIVE and CKM_TLS_KDF are identifiers for additional
PKCS#12 mechanisms for TLS 1.2 that are currently unused in NSS.
* CKM_TLS_MAC - computes TLS Finished MAC
* NSS_USE_ALG_IN_SSL_KX - policy flag indicating that keys are used in TLS key
exchange
* SSL_ERROR_RX_SHORT_DTLS_READ - error code for failure to include a complete
DTLS record in a UDP packet
* SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM - error code for when no valid
signature and hash algorithm is available
* SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM - error code for when an
unsupported signature and hash algorithm is configured
* SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET - error code for when the extended
master secret is missing after having been negotiated
* SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET - error code for receiving an
extended master secret when previously not negotiated
* SSL_ENABLE_EXTENDED_MASTER_SECRET - configuration to enable the TLS extended
master secret extension (RFC 7627)
* ssl_preinfo_version - used with SSLPreliminaryChannelInfo to indicate that a
TLS version has been selected
* ssl_preinfo_cipher_suite - used with SSLPreliminaryChannelInfo to indicate
that a TLS cipher suite has been selected
* ssl_preinfo_all - used with SSLPreliminaryChannelInfo to indicate that all
preliminary information has been set
Notable Changes:
* NSS now builds with elliptic curve ciphers enabled by default (bug 1205688)
* NSS now builds with warnings as errors (bug 1182667)
* The following CA certificates were Removed
- CN = VeriSign Class 4 Public Primary Certification Authority - G3
- CN = UTN-USERFirst-Network Applications
- CN = TC TrustCenter Universal CA III
- CN = A-Trust-nQual-03
- CN = USERTrust Legacy Secure Server CA
- Friendly Name: Digital Signature Trust Co. Global CA 1
- Friendly Name: Digital Signature Trust Co. Global CA 3
- CN = UTN - DATACorp SGC
- O = TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2\
005
* The following CA certificate had the Websites trust bit turned off
- OU = Equifax Secure Certificate Authority
* The following CA certificates were Added
- CN = Certification Authority of WoSign G2
- CN = CA WoSign ECC Root
- CN = OISTE WISeKey Global Root GB CA
Changelog:
The following security-relevant bugs have been resolved in NSS 3.20.1.
Users are encouraged to upgrade immediately.
* Bug 1192028 (CVE-2015-7181) and
Bug 1202868 (CVE-2015-7182):
Several issues existed within the ASN.1 decoder used by NSS for handling
streaming BER data. While the majority of NSS uses a separate, unaffected
DER decoder, several public routines also accept BER data, and thus are
affected. An attacker that successfully exploited these issues can overflow
the heap and may be able to obtain remote code execution.
Issues found with existing distfiles:
distfiles/eclipse-sourceBuild-srcIncluded-3.0.1.zip
distfiles/fortran-utils-1.1.tar.gz
distfiles/ivykis-0.39.tar.gz
distfiles/enum-1.11.tar.gz
distfiles/pvs-3.2-libraries.tgz
distfiles/pvs-3.2-linux.tgz
distfiles/pvs-3.2-solaris.tgz
distfiles/pvs-3.2-system.tgz
No changes made to these distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Changelog:
The NSS team has released Network Security Services (NSS) 3.20,
which is a minor release.
New functionality:
* The TLS library has been extended to support DHE ciphersuites in
server applications.
New Functions:
* SSL_DHEGroupPrefSet - Configure the set of allowed/enabled DHE group
parameters that can be used by NSS for a server socket.
* SSL_EnableWeakDHEPrimeGroup - Enable the use of weak DHE group
parameters that are smaller than the library default's minimum size.
New Types:
* SSLDHEGroupType - Enumerates the set of DHE parameters embedded in
NSS that can be used with function SSL_DHEGroupPrefSet.
New Macros:
* SSL_ENABLE_SERVER_DHE - A socket option user to enable or disable
DHE ciphersuites for a server socket.
Notable Changes:
* The TLS library has been extended to support DHE ciphersuites in
server applications.
* For backwards compatibility reasons, the server side implementation
of the TLS library keeps all DHE ciphersuites disabled by default.
They can be enabled with the new socket option SSL_ENABLE_SERVER_DHE
and the SSL_OptionSet or the SSL_OptionSetDefault API.
* The server side implementation of the TLS implementation does not
support session tickets when using a DHE ciphersuite (see bug
1174677).
* Support for the following ciphersuites has been added:
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
* By default, the server side TLS implementation will use DHE
parameters with a size of 2048 bits when using DHE ciphersuites.
* NSS embeds fixed DHE parameters sized 2048, 3072, 4096, 6144 and
8192 bits, which were copied from version 08 of the Internet-Draft
"Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for
TLS", Appendix A.
* A new API SSL_DHEGroupPrefSet has been added to NSS, which allows a
server application to select one or multiple of the embedded DHE
parameters as the preferred parameters. The current implementation of
NSS will always use the first entry in the array that is passed as a
parameter to the SSL_DHEGroupPrefSet API. In future versions of the
TLS implementation, a TLS client might signal a preference for
certain DHE parameters, and the NSS TLS server side implementation
might select a matching entry from the set of parameters that have
been configured as preferred on the server side.
* NSS optionally supports the use of weak DHE parameters with DHE
ciphersuites to support legacy clients. In order to enable this
support, the new API SSL_EnableWeakDHEPrimeGroup must be used. Each
time this API is called for the first time in a process, a fresh set
of weak DHE parameters will be randomly created, which may take a
long amount of time. Please refer to the comments in the header file
that declares the SSL_EnableWeakDHEPrimeGroup API for additional
details.
* The size of the default PQG parameters used by certutil when
creating DSA keys has been increased to use 2048 bit parameters.
* The selfserv utility has been enhanced to support the new DHE
features.
* NSS no longer supports C compilers that predate the ANSI C
standard (C89).
* Approved by wiz@.
Changelog:
Network Security Services (NSS) is a patch release for NSS 3.19.
No new functionality is introduced in this release. This release addresses
a backwards compatibility issue with the NSS 3.19.1 release.
Notable Changes:
* In NSS 3.19.1, the minimum key sizes that the freebl cryptographic
implementation (part of the softoken cryptographic module used by default
by NSS) was willing to generate or use was increased - for RSA keys, to
512 bits, and for DH keys, 1023 bits. This was done as part of a security
fix for Bug 1138554 / CVE-2015-4000. Applications that requested or
attempted to use keys smaller then the minimum size would fail. However,
this change in behaviour unintentionally broke existing NSS applications
that need to generate or use such keys, via APIs such as
SECKEY_CreateRSAPrivateKey or SECKEY_CreateDHPrivateKey.
In NSS 3.19.2, this change in freebl behaviour has been reverted. The fix
for Bug 1138554 has been moved to libssl, and will now only affect the
minimum keystrengths used in SSL/TLS.
Changelog:
Network Security Services (NSS) 3.19.1 is a patch release
for NSS 3.19.
No new functionality is introduced in this release. This patch
release includes a fix for the recently published logjam attack.
Notable Changes:
* The minimum strength of keys that libssl will accept for
finite field algorithms (RSA, Diffie-Hellman, and DSA) have
been increased to 1023 bits (bug 1138554).
* NSS reports the bit length of keys more accurately. Thus,
the SECKEY_PublicKeyStrength and SECKEY_PublicKeyStrengthInBits
functions could report smaller values for values that have
leading zero values. This affects the key strength values that
are reported by SSL_GetChannelInfo.
The NSS development team would like to thank Matthew Green and
Karthikeyan Bhargavan for responsibly disclosing the issue in
bug 1138554.
The HG tag is NSS_3_19_1_RTM. NSS 3.19.1 requires NSPR 4.10.8 or newer.
Changelog:
The NSS team has released Network Security Services (NSS) 3.19,
which is a minor release.
New functionality:
* For some certificates, such as root CA certificates, that don't
embed any constraints, NSS might impose additional constraints,
such as name constraints. A new API has been added that allows
to lookup imposed constraints.
* It is possible to override the directory in which the NSS build
system will look for the sqlite library.
New Functions:
* CERT_GetImposedNameConstraints
Notable Changes:
* The SSL 3 protocol has been disabled by default.
* NSS now more strictly validates TLS extensions and will fail a
handshake that contains malformed extensions.
* Fixed a bug related to the ordering of TLS handshake messages.
* In TLS 1.2 handshakes, NSS advertises support for the SHA512
hash algorithm, in order to be compatible with TLS servers
that use certificates with a SHA512 signature.
Changelog:
The NSS Development Team announces the release of NSS 3.18.1
Network Security Services (NSS) 3.18.1 is a patch release
for NSS 3.18 to update the list of root CA certificates.
No new functionality is introduced in this release.
Notable Changes:
* The following CA certificate had the Websites and Code Signing
trust bits restored to their original state to allow more time
to develop a better transition strategy for affected sites:
- OU = Equifax Secure Certificate Authority
* The following CA certificate was removed:
- CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
* The following intermediate CA certificate has been added as
actively distrusted because it was mis-used to issue certificates
for domain names the holder did not own or control:
- CN=MCSHOLDING TEST, O=MCSHOLDING, C=EG
* The version number of the updated root CA list has been set
to 2.4
The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.18.1_release_notes
Changelog:
The NSS team has released Network Security Services (NSS) 3.18,
which is a minor release.
New functionality:
* When importing certificates and keys from a PKCS#12 source,
it's now possible to override the nicknames, prior to importing
them into the NSS database, using new API
SEC_PKCS12DecoderRenameCertNicknames.
* The tstclnt test utility program has new command-line options
-C, -D, -b and -R.
Use -C one, two or three times to print information about the
certificates received from a server, and information about the
locally found and trusted issuer certificates, to diagnose
server side configuration issues. It is possible to run tstclnt
without providing a database (-D). A PKCS#11 library that
contains root CA certificates can be loaded by tstclnt, which
may either be the nssckbi library provided by NSS (-b) or
another compatible library (-R).
New Functions:
* SEC_CheckCrlTimes
* SEC_GetCrlTimes
* SEC_PKCS12DecoderRenameCertNicknames
New Types
* SEC_PKCS12NicknameRenameCallback
Notable Changes:
* The highest TLS protocol version enabled by default has been
increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS
protocol version enabled by default has been increased from
DTLS 1.0 to DTLS 1.2.
* The default key size used by certutil when creating an RSA key
pair has been increased from 1024 bits to 2048 bits.
* On Mac OS X, by default the softokn shared library will link
with the sqlite library installed by the operating system,
if it is version 3.5 or newer.
* The following CA certificates had the Websites and Code Signing
trust bits turned off:
- Equifax Secure Certificate Authority
- Equifax Secure Global eBusiness CA-1
- TC TrustCenter Class 3 CA II
* The following CA certificates were Added:
- Staat der Nederlanden Root CA - G3
- Staat der Nederlanden EV Root CA
- IdenTrust Commercial Root CA 1
- IdenTrust Public Sector Root CA 1
- S-TRUST Universal Root CA
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- CFCA EV ROOT
* The version number of the updated root CA list has been set
to 2.3
Changelog:
Network Security Services (NSS) 3.17.4 is a patch release for NSS 3.17.
No new functionality is introduced in this release.
Notable Changes:
* If an SSL/TLS connection fails, because client and server don't have
any common protocol version enabled, NSS has been changed to report
error code SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting
SSL_ERROR_NO_CYPHER_OVERLAP).
* libpkix was fixed to prefer the newest certificate, if multiple
certificates match.
* fixed a memory corruption issue during failure of keypair generation.
* fixed a failure to reload a PKCS#11 module in FIPS mode.
* fixed interoperability of NSS server code with a LibreSSL client.
Changelog:
New functionality:
* Support for TLS_FALLBACK_SCSV has been added to the ssltap and
tstclnt utilities
Notable Changes:
* The QuickDER decoder now decodes lengths robustly
(CVE-2014-1569)
* The following 1024-bit CA certificates were Removed:
- GTE CyberTrust Global Root
- Thawte Server CA
- Thawte Premium Server CA
- America Online Root Certification Authority 1
- America Online Root Certification Authority 2
* The following CA certificates had the Websites and Code Signing
trust bits turned off:
- Class 3 Public Primary Certification Authority - G2
- Equifax Secure eBusiness CA-1
* The following CA certificates were Added:
- COMODO RSA Certification Authority
- USERTrust RSA Certification Authority
- USERTrust ECC Certification Authority
- GlobalSign ECC Root CA - R4
- GlobalSign ECC Root CA - R5
* The version number of the updated root CA list has been set
to 2.2
Changelog:
New in NSS 3.17.2
New Functionality
No new functionality is introduced in this release. This is a patch release to fix a regression and other bugs.
Notable Changes in NSS 3.17.2
Bug 1049435: Change RSA_PrivateKeyCheck to not require p > q. This fixes a regression introduced in NSS 3.16.2 that prevented NSS from importing some RSA private keys (such as in PKCS #12 files) generated by other crypto libraries.
Bug 1057161: Check that an imported elliptic curve public key is valid. Previously NSS would only validate the peer's public key before performing ECDH key agreement. Now EC public keys are validated at import time.
Bug 1078669: certutil crashes when an argument is passed to the --certVersion option.
Bugs fixed in NSS 3.17.2
This Bugzilla query returns all the bugs fixed in NSS 3.17.2:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.17.2
Compatibility
NSS 3.17.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.17.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
This release consists primarily of CA certificate changes as listed
below, and includes a small number of bug fixes.
Notable Changes:
* The following 1024-bit root CA certificate was restored to allow more
time to develop a better transition strategy for affected sites. It was
removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
forum led to the decision to keep this root included longer in order to
give website administrators more time to update their web servers.
- CN = GTE CyberTrust Global Root
* In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification
Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
intermediate CA certificate has been included, without explicit trust.
The intention is to mitigate the effects of the previous removal of the
1024-bit Entrust.net root certificate, because many public Internet
sites still use the "USERTrust Legacy Secure Server CA" intermediate
certificate that is signed by the 1024-bit Entrust.net root certificate.
The inclusion of the intermediate certificate is a temporary measure to
allow those sites to function, by allowing them to find a trust path to
another 2048-bit root CA certificate. The temporarily included
intermediate certificate expires November 1, 2015.
Changelog:
Network Security Services (NSS) 3.16.3 is a patch release for NSS 3.16.
This release consists primarily of CA certificate changes as listed
below, and fixes an issue with a recently added utility function.
New Functions:
* CERT_GetGeneralNameTypeFromString (This function was already added
in NSS 3.16.2, however, it wasn't declared in a public header file.)
Notable Changes:
* The following 1024-bit CA certificates were Removed
- Entrust.net Secure Server Certification Authority
- GTE CyberTrust Global Root
- ValiCert Class 1 Policy Validation Authority
- ValiCert Class 2 Policy Validation Authority
- ValiCert Class 3 Policy Validation Authority
* Additionally, the following CA certificate was Removed as
requested by the CA:
- TDC Internet Root CA
* The following CA certificates were Added:
- Certification Authority of WoSign
- CA 沃通根证书
- DigiCert Assured ID Root G2
- DigiCert Assured ID Root G3
- DigiCert Global Root G2
- DigiCert Global Root G3
- DigiCert Trusted Root G4
- QuoVadis Root CA 1 G3
- QuoVadis Root CA 2 G3
- QuoVadis Root CA 3 G3
* The Trust Bits were changed for the following CA certificates
- Class 3 Public Primary Certification Authority
- Class 3 Public Primary Certification Authority
- Class 2 Public Primary Certification Authority - G2
- VeriSign Class 2 Public Primary Certification Authority - G3
- AC Raíz Certicámara S.A.
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado
Changelog:
Network Security Services (NSS) 3.16.2 is a patch release for NSS 3.16.
New functionality:
* DTLS 1.2 is supported.
* The TLS application layer protocol negotiation (ALPN) extension
is also supported on the server side.
* RSA-OEAP is supported. Use the new PK11_PrivDecrypt and
PK11_PubEncrypt functions with the CKM_RSA_PKCS_OAEP mechanism.
* New Intel AES assembly code for 32-bit and 64-bit Windows,
contributed by Shay Gueron and Vlad Krasnov of Intel.
New Functions:
* CERT_AddExtensionByOID
* PK11_PrivDecrypt
* PK11_PubEncrypt
New Macros
* SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK
* SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL
Notable Changes:
* The btoa command has a new command-line option -w suffix, which
causes the output to be wrapped in BEGIN/END lines with the
given suffix
* The certutil commands supports additionals types of subject
alt name extensions.
* The certutil command supports generic certificate extensions,
by loading binary data from files, which have been prepared using
external tools, or which have been extracted from other existing
certificates and dumped to file.
* The certutil command supports three new certificate usage specifiers.
* The pp command supports printing UTF-8 (-u).
* On Linux, NSS is built with the -ffunction-sections -fdata-sections
compiler flags and the --gc-sections linker flag to allow unused
functions to be discarded.
Changelog:
Network Security Services (NSS) 3.16.1 is a patch release for NSS 3.16.
New functionality:
* Added the "ECC" flag for modutil to select the module used for
elliptic curve cryptography (ECC) operations.
New Functions:
* PK11_ExportDERPrivateKeyInfo
* PK11_ExportPrivKeyInfo
* SECMOD_InternalToPubMechFlags
New Types:
* ssl_padding_xtn
New Macros
* PUBLIC_MECH_ECC_FLAG
* SECMOD_ECC_FLAG
Notable Changes:
* Imposed name constraints on the French government root CA ANSSI
(DCISS).
* Improve 3.16 like 2 number version support (firefox etc. requires 3 number
version string)
Changelog:
From https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes
The following security-relevant bug has been resolved.
Users are encouraged to upgrade immediately.
* Bug 903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard
character should not be embedded within the U-label of an
internationalized domain name. See the last bullet point in RFC 6125,
Section 7.2.
New functionality:
* Supports the Linux x32 ABI. To build for the Linux x32 target, set
the environment variable USE_X32=1 when building NSS.
New Functions:
* NSS_CMSSignerInfo_Verify
New Macros
* TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc.,
cipher suites that were first defined in SSL 3.0 can now be referred
to with their official IANA names in TLS, with the TLS_ prefix.
Previously, they had to be referred to with their names in SSL 3.0,
with the SSL_ prefix.
Notable Changes:
* ECC is enabled by default. It is no longer necessary to set the
environment variable NSS_ENABLE_ECC=1 when building NSS. To disable
ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS.
* libpkix should not include the common name of CA as DNS names when
evaluating name constraints.
* AESKeyWrap_Decrypt should not return SECSuccess for invalid keys.
* Fix a memory corruption in sec_pkcs12_new_asafe.
* If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime
test sdb_measureAccess.
* The built-in roots module has been updated to version 1.97, which
adds, removes, and distrusts several certificates.
* The atob utility has been improved to automatically ignore lines of
text that aren't in base64 format.
* The certutil utility has been improved to support creation of
version 1 and version 2 certificates, in addition to the existing
version 3 support.
