Changelog:
Notable Changes:
* The following CA certificates were Removed:
- 1574670 - Remove expired Class 2 Primary root certificate
- 1574670 - Remove expired UTN-USERFirst-Client root certificat
- 1574670 - Remove expired Deutsche Telekom Root CA 2 root certificate
- 1566569 - Remove Swisscom Root CA 2 root certificate
* Significant improvements to AES-GCM performance on ARM
Bugs fixed in NSS 3.46:
* 1572164 - Don't unnecessarily free session in NSC_WrapKey
* 1574220 - Improve controls after errors in tstcln, selfserv and vfyserv
cmds
* 1550636 - Upgrade SQLite in NSS to a 2019 version
* 1572593 - Reset advertised extensions in ssl_ConstructExtensions
* 1415118 - NSS build with ./build.sh --enable-libpkix fails
* 1539788 - Add length checks for cryptographic primitives
* 1542077 - mp_set_ulong and mp_set_int should return errors on bad values
* 1572791 - Read out-of-bounds in DER_DecodeTimeChoice_Util from
SSLExp_DelegateCredential
* 1560593 - Cleanup.sh script does not set error exit code for tests that
"Failed with core"
* 1566601 - Add Wycheproof test vectors for AES-KW
* 1571316 - curve25519_32.c:280: undefined reference to `PR_Assert' when
building NSS 3.45 on armhf-linux
* 1516593 - Client to generate new random during renegotiation
* 1563258 - fips.sh fails due to non-existent "resp" directories
* 1561598 - Remove -Wmaybe-uninitialized warning in pqg.c
* 1560806 - Increase softoken password max size to 500 characters
* 1568776 - Output paths relative to repository in NSS coverity
* 1453408 - modutil -changepw fails in FIPS mode if password is an empty
string
* 1564727 - Use a PSS SPKI when possible for delegated credentials
* 1493916 - fix ppc64 inline assembler for clang
* 1561588 - Remove -Wmaybe-uninitialized warning in p7env.c
* 1561548 - Remove -Wmaybe-uninitialized warning in
pkix_pl_ldapdefaultclient.c
* 1512605 - Incorrect alert description after unencrypted Finished msg
* 1564715 - Read /proc/cpuinfo when AT_HWCAP2 returns 0
* 1532194 - Remove or fix -DDEBUG_$USER from make builds
* 1565577 - Visual Studio's cl.exe -? hangs on Windows x64 when building nss
since changeset 9162c654d06915f0f15948fbf67d4103a229226f
* 1564875 - Improve rebuilding with build.sh
* 1565243 - Support TC_OWNER without email address in nss taskgraph
* 1563778 - Increase maxRunTime on Mac taskcluster Tools, SSL tests
* 1561591 - Remove -Wmaybe-uninitialized warning in tstclnt.c
* 1561587 - Remove -Wmaybe-uninitialized warning in lgattr.c
* 1561558 - Remove -Wmaybe-uninitialized warning in httpserv.c
* 1561556 - Remove -Wmaybe-uninitialized warning in tls13esni.c
* 1561332 - ec.c:28 warning: comparison of integers of different signs: 'int'
and 'unsigned long'
* 1564714 - Print certutil commands during setup
* 1565013 - HACL image builder times out while fetching gpg key
* 1563786 - Update hacl-star docker image to pull specific commit
* 1559012 - Improve GCM perfomance using PMULL2
* 1528666 - Correct resumption validation checks
* 1568803 - More tests for client certificate authentication
* 1564284 - Support profile mobility across Windows and Linux
* 1573942 - Gtest for pkcs11.txt with different breaking line formats
* 1575968 - Add strsclnt option to enforce the use of either IPv4 or IPv6
* 1549847 - Fix NSS builds on iOS
* 1485533 - Enable NSS_SSL_TESTS on taskcluster
Changelog:
New Functions
in pk11pub.h:
PK11_FindRawCertsWithSubject - Finds all certificates on the given
slot with the given subject distinguished name and returns them as DER bytes.
If no such certificates can be found, returns SECSuccess and sets *results to
NULL. If a failure is encountered while fetching any of the matching
certificates, SECFailure is returned and *results will be NULL.
Notable Changes in NSS 3.45
Bug 1540403 - Implement Delegated Credentials (draft-ietf-tls-subcerts)
This adds a new experimental function: SSL_DelegateCredential
Note: In 3.45, selfserv does not yet support delegated credentials.
See Bug 1548360.
Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming
change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated
credential for better policy enforcement. See Bug 1563078.
Bug 1550579 - Replace ARM32 Curve25519 implementation with one from
fiat-crypto
Bug 1551129 - Support static linking on Windows
Bug 1552262 - Expose a function PK11_FindRawCertsWithSubject for finding
certificates with a given subject on a given slot
Bug 1546229 - Add IPSEC IKE support to softoken
Bug 1554616 - Add support for the Elbrus lcc compiler (<=1.23)
Bug 1543874 - Expose an external clock for SSL
This adds new experimental functions: SSL_SetTimeFunc,
SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and
SSL_ReleaseAntiReplayContext.
The experimental function SSL_InitAntiReplay is removed.
Bug 1546477 - Various changes in response to the ongoing FIPS review
Note: The source package size has increased substantially due to the
new FIPS test vectors. This will likely prompt follow-on work, but please
accept our apologies in the meantime.
Certificate Authority Changes
The following CA certificates were Removed:
Bug 1552374 - CN = Certinomis - Root CA
SHA-256 Fingerprint:
2A99F5BC1174B73CBB1D620884E01C34E51CCB3978DA125F0E33268883BF4158
Bugs fixed in NSS 3.45
Bug 1540541 - Don't unnecessarily strip leading 0's from key material
during PKCS11 import (CVE-2019-11719)
Bug 1515342 - More thorough input checking (CVE-2019-11729)
Bug 1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
(CVE-2019-11727)
Bug 1227090 - Fix a potential divide-by-zero in makePfromQandSeed from
lib/freebl/pqg.c (static analysis)
Bug 1227096 - Fix a potential divide-by-zero in PQG_VerifyParams from
lib/freebl/pqg.c (static analysis)
Bug 1509432 - De-duplicate code between mp_set_long and mp_set_ulong
Bug 1515011 - Fix a mistake with ChaCha20-Poly1305 test code where tags
could be faked. Only relevant for clients that might have copied the unit test
code verbatim
Bug 1550022 - Ensure nssutil3 gets built on Android
Bug 1528174 - ChaCha20Poly1305 should no longer modify output length on
failure
Bug 1549382 - Don't leak in PKCS#11 modules if C_GetSlotInfo() returns
error
Bug 1551041 - Fix builds using GCC < 4.3 on big-endian architectures
Bug 1554659 - Add versioning to OpenBSD builds to fix link time errors
using NSS
Bug 1553443 - Send session ticket only after handshake is marked as
finished
Bug 1550708 - Fix gyp scripts on Solaris SPARC so that
libfreebl_64fpu_3.so builds
Bug 1554336 - Optimize away unneeded loop in mpi.c
Bug 1559906 - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor
specific mechanism
Bug 1558126 - TLS_AES_256_GCM_SHA384 should be marked as FIPS compatible
Bug 1555207 - HelloRetryRequestCallback return code for rejecting 0-RTT
Bug 1556591 - Eliminate races in uses of PK11_SetWrapKey
Bug 1558681 - Stop using a global for anti-replay of TLS 1.3 early data
Bug 1561510 - Fix a bug where removing -arch XXX args from CC didn't work
Bug 1561523 - Add a string for the new-ish error
SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION
Changelog:
3.44.1:
* 1554336 - Optimize away unneeded loop in mpi.c
* 1515342 - More thorough input checking
* 1540541 - Don't unnecessarily strip leading 0's from key material during
PKCS11 import
* 1515236 - Add a SSLKEYLOGFILE enable/disable flag at build.sh
* 1546229 - Add IPSEC IKE support to softoken
* 1473806 - Fix SECKEY_ConvertToPublicKey handling of non-RSA keys
* 1546477 - Updates to testing for FIPS validation
* 1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
* 1551041 - Unbreak build on GCC < 4.3 big-endian
Changelog:
New Functions:
in lib/certdb/cert.h
CERT_GetCertificateDer - Access the DER-encoded form of a
CERTCertificate.
Notable Changes in NSS 3.44:
* It is now possible to build NSS as a static library (Bug 1543545)
* Initial support for building for iOS.
Bugs fixed in NSS 3.44:
* 1501542 - Implement CheckARMSupport for Android
* 1531244 - Use __builtin_bswap64 in crypto_primitives.h
* 1533216 - CERT_DecodeCertPackage() crash with Netscape Certificate
Sequences
* 1533616 - sdb_GetAttributeValueNoLock should make at most one sql query,
rather than one for each attribute
* 1531236 - Provide accessor for CERTCertificate.derCert
* 1536734 - lib/freebl/crypto_primitives.c assumes a big endian machine
* 1532384 - In NSS test certificates, use @example.com (not @bogus.com)
* 1538479 - Post-Handshake messages after async server authentication break
when using record layer separation
* 1521578 - x25519 support in pk11pars.c
* 1540205 - freebl build fails with -DNSS_DISABLE_CHACHAPOLY
* 1532312 - post-handshake auth doesn't interoperate with OpenSSL
* 1542741 - certutil -F crashes with segmentation fault
* 1546925 - Allow preceding text in try comment
* 1534468 - Expose ChaCha20 primitive
* 1418944 - Quote CC/CXX variables passed to nspr
* 1543545 - Allow to build NSS as a static library
* 1487597 - Early data that arrives before the handshake completes can be
read afterwards
* 1548398 - freebl_gtest not building on Linux/Mac
* 1548722 - Fix some Coverity warnings
* 1540652 - softoken/sdb.c: Logically dead code
* 1549413 - Android log lib is not included in build
* 1537927 - IPsec usage is too restrictive for existing deployments
* 1549608 - Signature fails with dbm disabled
* 1549848 - Allow building NSS for iOS using gyp
* 1549847 - NSS's SQLite compilation warnings make the build fail on iOS
* 1550041 - freebl not building on iOS simulator
* 1542950 - MacOS cipher test timeouts
Like SHA1_Update, define another name, NSS_MD5_Update and
use via CPP macto.
This change fixes PDF export of misc/libreoffice.
And make pkglint happier.
Changelog:
New Functionality:
* in sechash.h
HASH_GetHashOidTagByHashType - convert type HASH_HashType to type
SECOidTag
* in sslexp.h
SSL_SendCertificateRequest - allow server to request post-handshake client
authentication. To use this both peers need to enable the
SSL_ENABLE_POST_HANDSHAKE_AUTH option. Note that while the mechanism is
present, post-handshake authentication is currently not TLS 1.3 compliant
due to Bug 1532312
Notable changes:
* The following CA certificates were Added:
- CN = emSign Root CA - G1
SHA-256 Fingerprint:
40F6AF0346A99AA1CD1D555A4E9CCE62C7F9634603EE406615833DC8C8D00367
- CN = emSign ECC Root CA - G3
SHA-256 Fingerprint:
86A1ECBA089C4A8D3BBE2734C612BA341D813E043CF9E8A862CD5C57A36BBE6B
- CN = emSign Root CA - C1
SHA-256 Fingerprint:
125609AA301DA0A249B97A8239CB6A34216F44DCAC9F3954B14292F2E8C8608F
- CN = emSign ECC Root CA - C3
SHA-256 Fingerprint:
BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3
- CN = Hongkong Post Root CA 3
SHA-256 Fingerprint:
5A2FC03F0C83B090BBFA40604B0988446C7636183DF9846E17101A447FB8EFD6
Bugs fixed in NSS 3.43
* Bug 1528669 and Bug 1529308 - Improve Gyp build system handling
* Bug 1529950 and Bug 1521174 - Improve NSS S/MIME tests for Thunderbird
* Bug 1530134 - If Docker isn't installed, try running a local clang-format
as a fallback
* Bug 1531267 - Enable FIPS mode automatically if the system FIPS mode flag
is set
* Bug 1528262 - Add a -J option to the strsclnt command to specify sigschemes
* Bug 1513909 - Add manual for nss-policy-check
* Bug 1531074 - Fix a deref after a null check in SECKEY_SetPublicValue
* Bug 1517714 - Properly handle ESNI with HRR
* Bug 1529813 - Expose HKDF-Expand-Label with mechanism
* Bug 1535122 - Align TLS 1.3 HKDF trace levels
* Bug 1530102 - Use getentropy on compatible versions of FreeBSD
Changelog:
New Functionality:
* Bug 818686 - Support XDG basedir specification
Notable changes:
* Added support for some of the testcases from the Wycheproof project:
- Bug 1508666 - Added AES-GCM test cases
- Bug 1508673 - Added ChaCha20-Poly1305 test cases
- Bug 1514999 - Added the Curve25519 test cases
- Thanks to Jonas Allmann for adapting these tests.
Bugs fixed in NSS 3.42:
* Bug 1490006 - Reject invalid CH.legacy_version in TLS 1.3
* Bug 1507135 and Bug 1507174 - Add additional null checks to several CMS
functions to fix a rare CMS crash. Thanks to Hanno Böck and Damian Poddebniak
for the discovery and fixes.
* Bug 1513913 - A fix for Solaris where Firefox 60 core dumps during start when
using profile from version 52
New functionality:
* Bug 1252891 - Implemented EKU handling for IPsec IKE.
* Bug 1423043 - Enable half-closed states for TLS.
* Bug 1493215 - Enabled the following ciphersuites by default:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
Notable changes:
* The following CA certificates were added:
CN = Certigna Root CA
CN = GTS Root R1
CN = GTS Root R2
CN = GTS Root R3
CN = GTS Root R4
CN = UCA Global G2 Root
CN = UCA Extended Validation Root
* The following CA certificates were removed:
CN = AC Raíz Certicámara S.A.
CN = Certplus Root CA G1
CN = Certplus Root CA G2
CN = OpenTrust Root CA G1
CN = OpenTrust Root CA G2
CN = OpenTrust Root CA G3
Bugs fixed in NSS 3.41:
* Bug 1412829, Reject empty supported_signature_algorithms in Certificate
Request in TLS 1.2
* Bug 1485864 - Cache side-channel variant of the Bleichenbacher attack
(CVE-2018-12404)
* Bug 1481271 - Resend the same ticket in ClientHello after HelloRetryRequest
* Bug 1493769 - Set session_id for external resumption tokens
* Bug 1507179 - Reject CCS after handshake is complete in TLS 1.3
Changelog:
Notable bug fixes:
* Bug 1478698 - FFDHE key exchange sometimes fails with decryption failure
New functionality:
* The draft-00 version of encrypted SNI support is implemented
* tstclnt now takes -N option to specify encrypted SNI key
Notable changes:
* The mozilla::pkix library has been ported from Mozilla PSM to NSS.
This is a C++ library for building certification paths.
mozilla::pkix APIs are not exposed in the libraries NSS builds.
* It is easier to build NSS on Windows in mozilla-build environments.
* The following CA certificates were Removed:
CN = Visa eCommerce Root
Changelog:
Notable bug fixes:
* Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
with a ServerHello that had an all-zero random (CVE-2018-12384)
New functionality:
* The tstclnt and selfserv utilities added support for configuring
the enabled TLS signature schemes using the -J parameter.
* NSS will use RSA-PSS keys to authenticate in TLS. Support for
these keys is disabled by default but can be enabled using
SSL_SignatureSchemePrefSet().
* certutil added the ability to delete an orphan private key from
an NSS key database.
* Added the nss-policy-check utility, which can be used to check
an NSS policy configuration for problems.
* A PKCS#11 URI can be used as an identifier for a PKCS#11 token.
Notable changes:
* The TLS 1.3 implementation uses the final version number from
RFC 8446.
* Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature
where the DigestInfo structure was missing the NULL parameter.
Starting with version 3.39, NSS requires the encoding to contain
the NULL parameter.
* The tstclnt and selfserv test utilities no longer accept the -z
parameter, as support for TLS compression was removed in a
previous NSS version.
* The CA certificates list was updated to version 2.26.
* The following CA certificates were Added:
- OU = GlobalSign Root CA - R6
- CN = OISTE WISeKey Global Root GC CA
The following CA certificate was Removed:
- CN = ComSign
The following CA certificates had the Websites trust bit disabled:
- CN = Certplus Root CA G1
- CN = Certplus Root CA G2
- CN = OpenTrust Root CA G1
- CN = OpenTrust Root CA G2
- CN = OpenTrust Root CA G3
Changelog:
No new functionality is introduced in these releases.
The following compatibility fixes are included. Users are encouraged to upgrade.
* Bug 1462303 - Connecting to a server that was recently upgraded to
TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error.
* Bug 1460673 - Fix a rare bug with PKCS#12 files.
Changelog:
No new functionality is introduced in these releases.
The following compatibility fixes are included. Users are encouraged
to upgrade.
* Bug 1462303 - Connecting to a server that was recently upgraded to TLS 1.3
would result in a SSL_RX_MALFORMED_SERVER_HELLO error.
* Bug 1460673 - Fix a rare bug with PKCS#12 files.
Changelog:
* The TLS 1.3 implementation was updated to Draft 28.
* An issue where NSS erroneously accepted HRR requests was resolved.
* Added HACL* Poly1305 32-bit
* The code to support the NPN protocol has been fully removed.
* NSS allows servers now to register ALPN handling callbacks to
select a protocol.
* NSS supports opening SQL databases in read-only mode.
* On Linux, some build configurations can use glibc's function
getentropy(), which uses the kernel's getrandom() function.
* The CA list was updated to version 2.24, which removed the
following CA certificates:
- CN = S-TRUST Universal Root CA
- CN = TC TrustCenter Class 3 CA II
- CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
No new functionality is introduced in this release. This is a patch release to fix regression bugs.
In NSS version 3.35 the iteration count in optimized builds, which is used for password based encryption algorithm related to encrypted PKCS#7 or PKCS#12 data, was increased to one million iterations. That change had caused an interoperability regression with operating systems that are limited to 600 K iterations. NSS 3.36.1 has been changed to use the same 600 K limit.
Certain smartcard operations could result in a deadlock
This Bugzilla query returns all the bugs fixed in NSS 3.36.1:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.36.1
* Require devel/nspr-4.19
Changelog:
The NSS team has released Network Security Services (NSS) 3.36,
which is a minor release.
Summary of the major changes included in this release:
- Replaced existing vectorized ChaCha20 code with verified
HACL* implementation.
- Experimental APIs for TLS session cache handling.
Changelog:
The NSS team has released Network Security Services (NSS) 3.35,
which is a minor release.
Summary of the major changes included in this release:
- The default database storage format has been changed to SQL,
using filenames cert9.db, key4.db, pkcs11.txt.
- TLS 1.3 support has been updated to draft -23, along with
additional significant changes.
- Support for TLS compression was removed.
- Added formally verified implementations of non-vectorized Chacha20
and non-vectorized Poly1305 64-bit.
- When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a
higher iteration count for stronger security.
- The CA trust list was updated to version 2.22.
Changelog:
The following CA certificate was Re-Added. It was removed in
NSS 3.34, but has been re-added with only the Email trust bit
set. (bug 1418678)
CN = Certum CA, O=Unizeto Sp. z o.o.
SHA-256 Fingerprint: D8:E0:FE:BC:1D:B2:E3:8D:00:94:0F:37:D2:7D:41:34:4D:99:3E:73:4B:99:D5:65:6D:97:78:D4:D8:14:36:24
Removed entries from certdata.txt for actively distrusted
certificates that have expired (bug 1409872).
The version of the CA list was set to 2.20.
The following CA certificates were Added:
CN = GDCA TrustAUTH R5 ROOT
SHA-256 Fingerprint: BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93
Trust Flags: Websites
CN = SSL.com Root Certification Authority RSA
SHA-256 Fingerprint: 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69
Trust Flags: Websites, Email
CN = SSL.com Root Certification Authority ECC
SHA-256 Fingerprint: 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65
Trust Flags: Websites, Email
CN = SSL.com EV Root Certification Authority RSA R2
SHA-256 Fingerprint: 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C
Trust Flags: Websites
CN = SSL.com EV Root Certification Authority ECC
SHA-256 Fingerprint: 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8
Trust Flags: Websites
CN = TrustCor RootCert CA-1
SHA-256 Fingerprint: D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
Trust Flags: Websites, Email
CN = TrustCor RootCert CA-2
SHA-256 Fingerprint: 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
Trust Flags: Websites, Email
CN = TrustCor ECA-1
SHA-256 Fingerprint: 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
Trust Flags: Websites, Email
The following CA certificates were Removed:
CN = Certum CA, O=Unizeto Sp. z o.o.
SHA-256 Fingerprint: D8:E0:FE:BC:1D:B2:E3:8D:00:94:0F:37:D2:7D:41:34:4D:99:3E:73:4B:99:D5:65:6D:97:78:D4:D8:14:36:24
CN = StartCom Certification Authority
SHA-256 Fingerprint: C7:66:A9:BE:F2:D4:07:1C:86:3A:31:AA:49:20:E8:13:B2:D1:98:60:8C:B7:B7:CF:E2:11:43:B8:36:DF:09:EA
CN = StartCom Certification Authority
SHA-256 Fingerprint: E1:78:90:EE:09:A3:FB:F4:F4:8B:9C:41:4A:17:D6:37:B7:A5:06:47:E9:BC:75:23:22:72:7F:CC:17:42:A9:11
CN = StartCom Certification Authority G2
SHA-256 Fingerprint: C7:BA:65:67:DE:93:A7:98:AE:1F:AA:79:1E:71:2D:37:8F:AE:1F:93:C4:39:7F:EA:44:1B:B7:CB:E6:FD:59:95
CN = TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
SHA-256 Fingerprint: E4:C7:34:30:D7:A5:B5:09:25:DF:43:37:0A:0D:21:6E:9A:79:B9:D6:DB:83:73:A0:C6:9E:B1:CC:31:C7:C5:2A
CN = ACEDICOM Root
SHA-256 Fingerprint: 03:95:0F:B4:9A:53:1F:3E:19:91:94:23:98:DF:A9:E0:EA:32:D7:BA:1C:DD:9B:C8:5D:B5:7E:D9:40:0B:43:4A
CN = Certinomis - Autorité Racine
SHA-256 Fingerprint: FC:BF:E2:88:62:06:F7:2B:27:59:3C:8B:07:02:97:E1:2D:76:9E:D1:0E:D7:93:07:05:A8:09:8E:FF:C1:4D:17
CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
SHA-256 Fingerprint: 97:8C:D9:66:F2:FA:A0:7B:A7:AA:95:00:D9:C0:2E:9D:77:F2:CD:AD:A6:AD:6B:A7:4A:F4:B9:1C:66:59:3C:50
CN = PSCProcert
SHA-256 Fingerprint: 3C:FC:3C:14:D1:F6:84:FF:17:E3:8C:43:CA:44:0C:00:B9:67:EC:93:3E:8B:FE:06:4C:A1:D7:2C:90:F2:AD:B0
CN = CA 沃通根证书, O=WoSign CA Limited
SHA-256 Fingerprint: D6:F0:34:BD:94:AA:23:3F:02:97:EC:A4:24:5B:28:39:73:E4:47:AA:59:0F:31:0C:77:F4:8F:DF:83:11:22:54
CN = Certification Authority of WoSign
SHA-256 Fingerprint: 4B:22:D5:A6:AE:C9:9F:3C:DB:79:AA:5E:C0:68:38:47:9C:D5:EC:BA:71:64:F7:F2:2D:C1:D6:5F:63:D8:57:08
CN = Certification Authority of WoSign G2
SHA-256 Fingerprint: D4:87:A5:6F:83:B0:74:82:E8:5E:96:33:94:C1:EC:C2:C9:E5:1D:09:03:EE:94:6B:02:C3:01:58:1E:D9:9E:16
CN = CA WoSign ECC Root
SHA-256 Fingerprint: 8B:45:DA:1C:06:F7:91:EB:0C:AB:F2:6B:E5:88:F5:FB:23:16:5C:2E:61:4B:F8:85:56:2D:0D:CE:50:B2:9B:02
libfreebl no longer requires SSE2 instructions.
New in NSS 3.34
New Functionality
When listing an NSS database using certutil -L, but the database
hasn't yet been initialized with any non-empty or empty password,
the text "Database needs user init" will be included in the listing.
When using certutil to set an inacceptable password in FIPS mode,
a correct explanation of acceptable passwords will be printed.
SSLKEYLOGFILE is now supported with TLS 1.3, see Bug 1287711 for details.
SSLChannelInfo has two new fields (Bug 1396525)
SSLNamedGroup originalKeaGroup holds the key exchange group of the
original handshake when the session was resumed.
PRBool resumed is PR_TRUE when the session is resumed and PR_FALSE
otherwise.
RSA-PSS signatures are now supported on certificates. Certificates
with RSA-PSS or RSA-PKCS#1v1.5 keys can be used to create an RSA-PSS
signature on a certificate using the --pss-sign argument to certutil.
New Functions
Compatibility
NSS 3.34 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries
will work with NSS 3.34 shared libraries without recompiling or relinking.
Furthermore, applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible with
future versions of the NSS shared libraries.
Changelog:
Notable Changes in NSS 3.33
TLS compression is no longer supported. API calls that attempt to enable compression are accepted without failure. However, TLS compression will remain disabled.
This version of NSS uses a formally verified implementation of Curve25519 on 64-bit systems.
The compile time flag DISABLE_ECC has been removed.
When NSS is compiled without NSS_FORCE_FIPS=1 startup checks are not performed anymore.
Various minor improvements and correctness fixes.
Changelog:
Notable Changes:
================
* Various minor improvements and correctness fixes.
* The Code Signing trust bit was turned off for all included root certificates.
* The Websites (TLS/SSL) trust bit was turned off for the following root
certificates:
- CN = AddTrust Class 1 CA Root
- CN = Swisscom Root CA 2
* The following CA certificates were Removed:
- CN = AddTrust Public CA Root
- CN = AddTrust Qualified CA Root
- CN = China Internet Network Information Center EV Certificates Root
- CN = CNNIC ROOT
- CN = ComSign Secured CA
- CN = GeoTrust Global CA 2
- CN = Secure Certificate Services
- CN = Swisscom Root CA 1
- CN = Swisscom Root EV CA 2
- CN = Trusted Certificate Services
- CN = UTN-USERFirst-Hardware
- CN = UTN-USERFirst-Object
Changelog:
New functionality:
==================
* Allow certificates to be specified by RFC7512 PKCS#11 URIs.
* Allow querying a certificate object for its temporary or permanent storage
status in a thread safe way.
New Functions:
==============
* CERT_GetCertIsPerm - retrieve the permanent storage status attribute of a
certificate in a thread safe way.
* CERT_GetCertIsTemp - retrieve the temporary storage status attribute of a
certificate in a thread safe way.
* PK11_FindCertFromURI - find a certificate identified by the given URI.
* PK11_FindCertsFromURI - find a list of certificates identified by the given
URI.
* PK11_GetModuleURI - retrieve the URI of the given module.
* PK11_GetTokenURI - retrieve the URI of a token based on the given slot
information.
* PK11URI_CreateURI - create a new PK11URI object from a set of attributes.
* PK11URI_DestroyURI - destroy a PK11URI object.
* PK11URI_FormatURI - format a PK11URI object to a string.
* PK11URI_GetPathAttribute - retrieve a path attribute with the given name.
* PK11URI_GetQueryAttribute - retrieve a query attribute with the given name.
* PK11URI_ParseURI - parse PKCS#11 URI and return a new PK11URI object.
New Macros:
===========
* Several new macros that start with PK11URI_PATTR_ for path attributes defined
in RFC7512.
* Several new macros that start with PK11URI_QATTR_ for query attributes defined
in RFC7512.
Notable Changes:
================
* The APIs that set a TLS version range have been changed to trim the requested
range to the overlap with a systemwide crypto policy, if configured.
SSL_VersionRangeGetSupported can be used to query the overlap between the
library's supported range of TLS versions and the systemwide policy.
* Previously, SSL_VersionRangeSet and SSL_VersionRangeSetDefault returned a
failure if the requested version range wasn't fully allowed by the systemwide
crypto policy. They have been changed to return success, if at least one TLS
version overlaps between the requested range and the systemwide policy. An
application may call SSL_VersionRangeGet and SSL_VersionRangeGetDefault to
query the TLS version range that was effectively activated.
* Corrected the encoding of Domain Name Constraints extensions created by
certutil.
* NSS supports a clean seeding mechanism for *NIX systems now using only
/dev/urandom. This is used only when SEED_ONLY_DEV_URANDOM is set at compile
time.
* CERT_AsciiToName can handle OIDs in dotted decimal form now.
The HG tag is NSS_3_31_RTM. NSS 3.31 requires NSPR 4.15 or newer.
Changelog:
The NSS team has released Network Security Services (NSS) 3.30.2,
which is a patch release to update the list of root CA certificates.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
Notable Changes:
* The following CA certificates were Removed
- O = Japanese Government, OU = ApplicationCA
- CN = WellsSecure Public Root Certificate Authority
- CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- CN = Microsec e-Szigno Root
* The following CA certificates were Added
- CN = D-TRUST Root CA 3 2013
- CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
* The version number of the updated root CA list has been set to 2.14
(Bug 1350859)
* Domain name constraints for one of the new CAs have been added to the
NSS code (Bug 1349705)
Changelog:
New in NSS 3.30:
================
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust are
marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY, set to
true. Applications that need to distinguish them from other other root CAs
may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS alerts
that are sent or received.
Notable Changes:
================
* The TLS server code has been enhanced to support session tickets when no
RSA certificate is configured.
* RSA-PSS signatures produced by key pairs with a modulus bit length that
is not a multiple of 8 are now supported.
* The pk12util tool now supports importing and exporting data encrypted in
the AES based schemes defined in PKCS#5 v2.1.
Changelog:
The NSS team has released Network Security Services (NSS) 3.29.3
No new functionality is introduced in this release.
This is a patch release to fix a rare crash when initializing an SSL socket
fails.
The NSS team has released Network Security Services (NSS) 3.29.2
No new functionality is introduced in this release.
This is a patch release to fix an issue with TLS session tickets.
Changelog:
Notable Changes:
================
* Fixed a NSS 3.28 regression in the signature scheme flexibility that
causes connectivity issues between iOS 8 clients and NSS servers with ECDSA
certificates (bug1334114
<https://bugzilla.mozilla.org/show_bug.cgi?id=1334114>).
* Bump nspr requirement
Changelog:
3.28.1:
The NSS team has released Network Security Services (NSS) 3.28.1,
which is a patch release.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
No new functionality is introduced in this release. This is a patch release to
update the list of root CA certificates and address a minor TLS compatibility
issue that some applications experienced with NSS 3.28.
Notable Changes:
* The following CA certificates were Removed
- CN = Buypass Class 2 CA 1
- CN = Root CA Generalitat Valenciana
- OU = RSA Security 2048 V3
* The following CA certificates were Added
- OU = AC RAIZ FNMT-RCM
- CN = Amazon Root CA 1
- CN = Amazon Root CA 2
- CN = Amazon Root CA 3
- CN = Amazon Root CA 4
- CN = LuxTrust Global Root 2
- CN = Symantec Class 1 Public Primary Certification Authority - G4
- CN = Symantec Class 1 Public Primary Certification Authority - G6
- CN = Symantec Class 2 Public Primary Certification Authority - G4
- CN = Symantec Class 2 Public Primary Certification Authority - G6
* The version number of the updated root CA list has been set to 2.11
* A misleading assertion/alert has been removed when NSS tries to flush data
to the peer but the connection was already reset.
3.28:
The NSS team has released Network Security Services (NSS) 3.28,
which is a minor release.
Below is a summary of the changes.
Please refer to the full release notes for additional details:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28_release_notes
Request to test and prepare for TLS 1.3 (draft):
================================================
To prepare for a change of default build options, which is
planned for
the future NSS 3.29 release, we'd like to encourage all users of NSS
3.28
to override the standard NSS build configuration to enable support for
(draft
) TLS 1.3 by defining NSS_ENABLE_TLS_1_3=1 at build time.
We'd like to ask you to
please give feedback to the NSS developers for any
compatibility issues that you
might encounter in your tests.
For providing feedback, you may send a message to this mailing list, see:
https://lists.mozilla.org/listinfo/dev-tech-crypto
or please report a bug here:
https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS
New functionality:
==================
* NSS includes support for TLS 1.3 draft -18. This includes a number
of
improvements to TLS 1.3:
- The signed certificate timestamp, used in
certificate transparency,
is supported in TLS 1.3.
- Key exporters for TLS
1.3 are supported. This includes the early key
exporter, which can be used if
0-RTT is enabled. Note that there is a
difference between TLS 1.3 and key
exporters in older versions of TLS.
TLS 1.3 does not distinguish between an
empty context and no context.
- The TLS 1.3 (draft) protocol can be enabled, by
defining
NSS_ENABLE_TLS_1_3=1 when building NSS.
* NSS includes support for
the X25519 key exchange algorithm, which is
supported and enabled by default in
all versions of TLS.
New Functions:
==============
* SSL_ExportEarlyKeyingMaterial
* SSL_SendAdditionalKeyShares
* SSL_SignatureSchemePrefSet
* SSL_SignatureSchemePrefGet
Notable Changes:
================
* NSS can no longer be compiled with support for additional elliptic curves.
This was previously possible by replacing certain NSS source files.
* NSS will now detect the presence of tokens that support additional
elliptic curves and enable those curves for use in TLS.
Note that this detection has a one-off performance cost, which can be
avoided by using the SSL_NamedGroupConfig function to limit supported
groups to those that NSS provides.
* PKCS#11 bypass for TLS is no longer supported and has been removed.
* Support for "export" grade SSL/TLS cipher suites has been removed.
* NSS now uses the signature schemes definition in TLS 1.3.
This also affects TLS 1.2. NSS will now only generate signatures with the
combinations of hash and signature scheme that are defined in TLS 1.3,
even when negotiating TLS 1.2.
- This means that SHA-256 will only be used with P-256 ECDSA certificates,
SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates.
SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward
compatibility reasons.
- New functions to configure signature schemes are provided:
SSL_SignatureSchemePrefSet, SSL_SignatureSchemePrefGet.
The old SSL_SignaturePrefSet and SSL_SignaturePrefSet functions are
now deprecated.
- NSS will now no longer assume that default signature schemes are
supported by a peer if there was no commonly supported signature scheme.
* NSS will now check if RSA-PSS signing is supported by the token that holds
the private key prior to using it for TLS.
* The certificate validation code contains checks to no longer trust
certificates that are issued by old WoSign and StartCom CAs after
October 21, 2016. This is equivalent to the behavior that Mozilla will
release with Firefox 51.
Changelog:
The NSS Development Team announces the release of NSS 3.27.2, which is a
patch release to address a memory leak in the TLS implementation.
No new functionality is introduced in this release.
Notable Changes:
* Bug 1318561 - SSL_SetTrustAnchors leaks
Changelog:
The NSS team has released Network Security Services (NSS) 3.27.1.
This is a patch release to address a TLS compatibility issue
that some applications experienced with NSS 3.27.
Notable Changes:
Availability of the TLS 1.3 (draft) implementation has been re-disabled
in the default build.
Previous versions of NSS made TLS 1.3 (draft) available only when compiled
with NSS_ENABLE_TLS_1_3. NSS 3.27 set this value on by default, allowing
TLS 1.3 (draft) to be disabled using NSS_DISABLE_TLS_1_3, although the
maximum version used by default remained TLS 1.2.
However, some applications query the list of protocol versions that are
supported by the NSS library, and enable all supported TLS protocol versions.
Because NSS 3.27 enabled compilation of TLS 1.3 (draft) by default, it caused
those applications to enable TLS 1.3 (draft). This resulted in connectivity
failures, as some TLS servers are version 1.3 intolerant, and failed to
negotiate an earlier TLS version with NSS 3.27 clients.
Changelog:
The NSS team has released Network Security Services (NSS) 3.27,
which is a minor release.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
New functionality:
* Allow custom named group priorities for TLS key exchange handshake
(SSL_NamedGroupConfig).
* Added support for RSA-PSS signatures in TLS 1.2 and TLS 1.3
New Functions:
* SSL_NamedGroupConfig
Notable Changes:
* NPN can not be enabled anymore.
* Hard limits on the maximum number of TLS records encrypted with the same
key are enforced.
* Disabled renegotiation in DTLS.
* The following CA certificates were Removed
- CN = IGC/A, O = PM/SGDN, OU = DCSSI
- CN = Juur-SK, O = AS Sertifitseerimiskeskus
- CN = EBG Elektronik Sertifika Hizmet Sağlayıcısı
- CN = S-TRUST Authentication and Encryption Root CA 2005:PN
- O = VeriSign, Inc., OU = Class 1 Public Primary Certification Authority
- O = VeriSign, Inc., OU = Class 2 Public Primary Certification Authority - G2
- O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority
- O = Equifax, OU = Equifax Secure Certificate Authority
- CN = Equifax Secure eBusiness CA-1
- CN = Equifax Secure Global eBusiness CA-1
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27_release_notes
Changelog:
The NSS team has released Network Security Services (NSS) 3.25, which is a minor
release.
Below is a short summary of the changes.
Please refer to the full release notes for additional details.
New functionality:
* Implemented DHE key agreement for TLS 1.3
* Added support for ChaCha with TLS 1.3
* Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF
* In previous versions, when using client authentication with TLS 1.2,
NSS only supported certificate_verify messages that used the same
signature hash algorithm as used by the PRF.
This limitation has been removed.
* Several functions have been added to the public API of the NSS
Cryptoki Framework.
New Functions:
* NSSCKFWSlot_GetSlotID
* NSSCKFWSession_GetFWSlot
* NSSCKFWInstance_DestroySessionHandle
* NSSCKFWInstance_FindSessionHandle
Notable Changes:
* An SSL socket can no longer be configured to allow both TLS 1.3 and SSL v3
* Regression fix: NSS no longer reports a failure if an application attempts
to disable the SSL v2 protocol.
* The list of trusted CA certificates has been updated to version 2.8
* The following CA certificate was Removed
- CN = Sonera Class1 CA
* The following CA certificates were Added
- CN = Hellenic Academic and Research Institutions RootCA 2015
- CN = Hellenic Academic and Research Institutions ECC RootCA 2015
- CN = Certplus Root CA G1
- CN = Certplus Root CA G2
- CN = OpenTrust Root CA G1
- CN = OpenTrust Root CA G2
- CN = OpenTrust Root CA G3
* Require nspr 4.12 or later, from he@. Thank you.
Changelog:
The NSS team has released Network Security Services (NSS) 3.24, which is
a minor release.
Below is a short summary of the changes.
Please refer to the full release notes for additional details.
New functionality:
* NSS softoken has been updated with the latest NIST guidance (as of 2015)
* NSS softoken has also been updated to allow NSS to run in FIPS level-1
(no password).
* SSL_ConfigServerCert function has been added for configuring SSL/TLS
server sockets with a certificate and private key. This method should be
used in preference to SSL_ConfigSecureServer,
SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and
SSL_SetSignedCertTimestamps.
* Added PORTCheapArena for temporary arenas allocated on the stack.
New Functions:
* SSL_ConfigServerCert - Configures an SSL/TLS socket with a certificate,
private key and other information.
* PORT_InitCheapArena - This initializes an arena that was created on
the stack. See PORTCheapArenaPool.
* PORT_DestroyCheapArena - This destroys an arena that was created on
the stack. See PORTCheapArenaPool.
New Types
* SSLExtraServerCertData - This struct is optionally passed as an argument
to SSL_ConfigServerCert. It contains supplementary information about a
certificate, such as the intended type of the certificate, stapled OCSP
responses, or signed certificate timestamps (used for certificate
transparency).
* PORTCheapArenaPool - A stack-allocated arena pool, to be used for
temporary arena allocations.
New Macros
* CKM_TLS12_MAC
* SEC_OID_TLS_ECDHE_PSK - This OID is used to govern use of the
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite, which is only
used for session resumption in TLS 1.3.
Notable Changes:
* The following functions have been deprecated (applications should use the
new SSL_ConfigServerCert function instead):
* SSL_SetStapledOCSPResponses
* SSL_SetSignedCertTimestamps
* SSL_ConfigSecureServer
* SSL_ConfigSecureServerWithCertChain
* Function NSS_FindCertKEAType is now deprecated, as it reports a misleading
value for certificates that might be used for signing rather than key
exchange.
* SSLAuthType has been updated to define a larger number of authentication
key types.
* The member attribute authAlgorithm of type SSLCipherSuiteInfo has been
deprecated. Instead, applications should use the newly added attribute
authType.
* ssl_auth_rsa has been renamed to ssl_auth_rsa_decrypt.
* On Linux platforms that define FREEBL_LOWHASH, a shared library has been
added: libfreeblpriv3
* Most code related to the SSL v2 has been removed, including the ability to
actively send a SSL v2 compatible client hello.
However, the server side implementation of the SSL/TLS protocol continues to
support processing of received v2 compatible client hello messages.
* NSS supports a mechanism to log SSL/TLS key material to a logfile if the
environment variable named SSLKEYLOGFILE is set. NSS has been changed to
disable this functionality in optimized builds by default. In order to enable
the functionality in optimized builds, the symbol NSS_ALLOW_SSLKEYLOGFILE
must be defined when building NSS.
* NSS has been updated to be protected against the Cachebleed attack.
* Support for DTLS compression has been disabled.
* Support for TLS 1.3 has been improved. This includes support for DTLS 1.3.
Note that TLS 1.3 support is experimental and is not suitable for production
use.
Changelog:
The NSS team has released Network Security Services (NSS) 3.23, which is a minor
release.
The following security-relevant bug has been resolved in NSS 3.23.
Users are encouraged to upgrade immediately.
* Bug 1245528 (CVE-2016-1950):
Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
structures. An attacker could create a specially-crafted certificate which,
when parsed by NSS, would cause a crash or execution of arbitrary code with
the permissions of the user.
New functionality:
* ChaCha20/Poly1305 cipher and TLS cipher suites now supported
(bug 917571, bug 1227905)
* Experimental-only support TLS 1.3 1-RTT mode (draft-11).
This code is not ready for production use.
New Functions:
* SSL_SetDowngradeCheckVersion - Set maximum version for new ServerRandom
anti-downgrade mechanism
Notable Changes:
* The copy of SQLite shipped with NSS has been updated to version 3.10.2
(bug 1234698)
* The list of TLS extensions sent in the TLS handshake has been reordered
to improve compatibility of the Extended Master Secret feature
with servers (bug 1243641)
* The build time environment variable NSS_ENABLE_ZLIB has been renamed
to NSS_SSL_ENABLE_ZLIB (Bug 1243872).
* The build time environment variable NSS_DISABLE_CHACHAPOLY was added,
which can be used to prevent compilation of the ChaCha20/Poly1305 code.
* The following CA certificates were Removed
- Staat der Nederlanden Root CA
- NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
- NetLock Kozjegyzoi (Class A) Tanusitvanykiado
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado
- VeriSign Class 1 Public PCA – G2
- VeriSign Class 3 Public PCA
- VeriSign Class 3 Public PCA – G2
- CA Disig
* The following CA certificates were Added
- SZAFIR ROOT CA2
- Certum Trusted Network CA 2
* The following CA certificate had the Email trust bit turned on
- Actalis Authentication Root CA
The full release notes, including the SHA256 fingerprints of the changed
CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes
Changelog:
The NSS Development Team announces the release of NSS 3.22.3,
which is a patch release for NSS 3.22.
No new functionality is introduced in this release.
The following bugs have been resolved in NSS 3.22.3
* Bug 1243641 - Increase compatibility of TLS extended master secret,
don't send an empty TLS extension last in the handshake
Changelog:
The NSS Development Team announces the release of NSS 3.22.1
No new functionality is introduced in this release.
Notable Changes:
* NSS has been changed to use the PR_GetEnvSecure function that
was made available in NSPR 4.12
Changelog:
The NSS team has released Network Security Services (NSS) 3.22,
which is a minor release.
New functionality:
* RSA-PSS signatures are now supported (bug 1215295)
* Pseudorandom functions based on hashes other than SHA-1 are now supported
* Enforce an External Policy on NSS from a config file (bug 1009429)
New Functions:
* PK11_SignWithMechanism - an extended version PK11_Sign()
* PK11_VerifyWithMechanism - an extended version of PK11_Verify()
* SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
TLS extension data
* SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
TLS extension data
New Types:
* ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
* Constants for several object IDs are added to SECOidTag
New Macros:
* SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
* NSS_USE_ALG_IN_SSL
* NSS_USE_POLICY_IN_SSL
* NSS_RSA_MIN_KEY_SIZE
* NSS_DH_MIN_KEY_SIZE
* NSS_DSA_MIN_KEY_SIZE
* NSS_TLS_VERSION_MIN_POLICY
* NSS_TLS_VERSION_MAX_POLICY
* NSS_DTLS_VERSION_MIN_POLICY
* NSS_DTLS_VERSION_MAX_POLICY
* CKP_PKCS5_PBKD2_HMAC_SHA224
* CKP_PKCS5_PBKD2_HMAC_SHA256
* CKP_PKCS5_PBKD2_HMAC_SHA384
* CKP_PKCS5_PBKD2_HMAC_SHA512
* CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)
table Changes:
* NSS C++ tests are built by default, requiring a C++11 compiler.
Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.
The HG tag is NSS_3_22_RTM. NSS 3.22 requires NSPR 4.11 or newer.
* Disable gtest option
Changelog:
The NSS team has released Network Security Services (NSS) 3.21,
which is a minor release.
New functionality:
* certutil now supports a --rename option to change a nickname (bug 1142209)
* TLS extended master secret extension (RFC 7627) is supported (bug 1117022)
* New info functions added for use during mid-handshake callbacks (bug 1084669)
New Functions:
* NSS_OptionSet - sets NSS global options
* NSS_OptionGet - gets the current value of NSS global options
* SECMOD_CreateModuleEx - Create a new SECMODModule structure from module name
string, module parameters string, NSS specific parameters string, and NSS
configuration parameter string. The module represented by the module
structure is not loaded. The difference with SECMOD_CreateModule is the new
function handles NSS configuration parameter strings.
* SSL_GetPreliminaryChannelInfo - obtains information about a TLS channel prior
to the handshake being completed, for use with the callbacks that are invoked
during the handshake
* SSL_SignaturePrefSet - configures the enabled signature and hash algorithms
for TLS
* SSL_SignaturePrefGet - retrieves the currently configured signature and hash
algorithms
* SSL_SignatureMaxCount - obtains the maximum number signature algorithms that
can be configured with SSL_SignaturePrefSet
* NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks it into shared
library string, module name string, module parameters string, NSS specific
parameters string, and NSS configuration parameter strings. The returned
strings must be freed by the caller. The difference with
NSS_ArgParseModuleSpec is the new function handles NSS configuration
parameter strings.
* NSSUTIL_MkModuleSpecEx - take a shared library string, module name string,
module parameters string, NSS specific parameters string, and NSS
configuration parameter string and returns a module string which the caller
must free when it is done. The difference with NSS_MkModuleSpec is the new
function handles NSS configuration parameter strings.
New Types:
* CK_TLS12_MASTER_KEY_DERIVE_PARAMS{_PTR} - parameters {or pointer} for
CKM_TLS12_MASTER_KEY_DERIVE
* CK_TLS12_KEY_MAT_PARAMS{_PTR} - parameters {or pointer} for
CKM_TLS12_KEY_AND_MAC_DERIVE
* CK_TLS_KDF_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_KDF
* CK_TLS_MAC_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_MAC
* SSLHashType - identifies a hash function
* SSLSignatureAndHashAlg - identifies a signature and hash function
* SSLPreliminaryChannelInfo - provides information about the session state
prior to handshake completion
New Macros:
* NSS_RSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
get the minimum RSA key size
* NSS_DH_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
get the minimum DH key size
* NSS_DSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
get the minimum DSA key size
* CKM_TLS12_MASTER_KEY_DERIVE - derives TLS 1.2 master secret
* CKM_TLS12_KEY_AND_MAC_DERIVE - derives TLS 1.2 traffic key and IV
* CKM_TLS12_MASTER_KEY_DERIVE_DH - derives TLS 1.2 master secret for DH (and
ECDH) cipher suites
* CKM_TLS12_KEY_SAFE_DERIVE and CKM_TLS_KDF are identifiers for additional
PKCS#12 mechanisms for TLS 1.2 that are currently unused in NSS.
* CKM_TLS_MAC - computes TLS Finished MAC
* NSS_USE_ALG_IN_SSL_KX - policy flag indicating that keys are used in TLS key
exchange
* SSL_ERROR_RX_SHORT_DTLS_READ - error code for failure to include a complete
DTLS record in a UDP packet
* SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM - error code for when no valid
signature and hash algorithm is available
* SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM - error code for when an
unsupported signature and hash algorithm is configured
* SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET - error code for when the extended
master secret is missing after having been negotiated
* SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET - error code for receiving an
extended master secret when previously not negotiated
* SSL_ENABLE_EXTENDED_MASTER_SECRET - configuration to enable the TLS extended
master secret extension (RFC 7627)
* ssl_preinfo_version - used with SSLPreliminaryChannelInfo to indicate that a
TLS version has been selected
* ssl_preinfo_cipher_suite - used with SSLPreliminaryChannelInfo to indicate
that a TLS cipher suite has been selected
* ssl_preinfo_all - used with SSLPreliminaryChannelInfo to indicate that all
preliminary information has been set
Notable Changes:
* NSS now builds with elliptic curve ciphers enabled by default (bug 1205688)
* NSS now builds with warnings as errors (bug 1182667)
* The following CA certificates were Removed
- CN = VeriSign Class 4 Public Primary Certification Authority - G3
- CN = UTN-USERFirst-Network Applications
- CN = TC TrustCenter Universal CA III
- CN = A-Trust-nQual-03
- CN = USERTrust Legacy Secure Server CA
- Friendly Name: Digital Signature Trust Co. Global CA 1
- Friendly Name: Digital Signature Trust Co. Global CA 3
- CN = UTN - DATACorp SGC
- O = TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2\
005
* The following CA certificate had the Websites trust bit turned off
- OU = Equifax Secure Certificate Authority
* The following CA certificates were Added
- CN = Certification Authority of WoSign G2
- CN = CA WoSign ECC Root
- CN = OISTE WISeKey Global Root GB CA
Changelog:
The following security-relevant bugs have been resolved in NSS 3.20.1.
Users are encouraged to upgrade immediately.
* Bug 1192028 (CVE-2015-7181) and
Bug 1202868 (CVE-2015-7182):
Several issues existed within the ASN.1 decoder used by NSS for handling
streaming BER data. While the majority of NSS uses a separate, unaffected
DER decoder, several public routines also accept BER data, and thus are
affected. An attacker that successfully exploited these issues can overflow
the heap and may be able to obtain remote code execution.