On 10/15/11 3:51 AM, Wan-Teh Chang wrote: > NSS 3.13 has been released. The CVS tag is NSS_3_13_RTM. > The source tar file can be downloaded from > https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_RTM/. > > You can find the new features and bug fixes in NSS 3.13 with this > Bugzilla query: > https://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.13&product=NSS > > Some notable changes include: > > 1. SSL 2.0 is disabled by default. > > 2. A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack > demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. > Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. > > 3. SHA-224 is supported. > > 4. Ported to iOS. (Requires NSPR 4.9.) Hi Wan-Teh,
Thank you for this notice. I'm more just curious but do we know of any publicly software shipping for iOS that uses NSS 3.13? Thank you, Gen -- Gen Kanai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
