The NSS team has released Network Security Services (NSS) 3.17, which is a minor release.
New functionality: * When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code, which always generates a fresh ephemeral ECDH key for each handshake. New Macros * SSL_REUSE_SERVER_ECDHE_KEY Notable Changes: * The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2. * On Windows, the new build variable USE_STATIC_RTL can be used to specify the static C runtime library should be used. By default the dynamic C runtime library is used. The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17_release_notes The HG tag is NSS_3_17_RTM. NSS 3.17 requires NSPR 4.10.7 or newer. NSS 3.17 source distributions are also available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_RTM/src/ A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.17&product=NSS -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
