Kai Engert wrote: > The NSS team has released Network Security Services (NSS) 3.22, > which is a minor release. > > New functionality: > * RSA-PSS signatures are now supported (bug 1215295) > * Pseudorandom functions based on hashes other than SHA-1 are now supported
To clarify: Our PBKDF2 implementation supports HMAC/SHA-2 PRFs now. - Tim > * Enforce an External Policy on NSS from a config file (bug 1009429) > > New Functions: > * PK11_SignWithMechanism - an extended version PK11_Sign() > * PK11_VerifyWithMechanism - an extended version of PK11_Verify() > * SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp > TLS extension data > * SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp > TLS extension data > > New Types: > * ssl_signed_cert_timestamp_xtn is added to SSLExtensionType > * Constants for several object IDs are added to SECOidTag > > New Macros: > * SSL_ENABLE_SIGNED_CERT_TIMESTAMPS > * NSS_USE_ALG_IN_SSL > * NSS_USE_POLICY_IN_SSL > * NSS_RSA_MIN_KEY_SIZE > * NSS_DH_MIN_KEY_SIZE > * NSS_DSA_MIN_KEY_SIZE > * NSS_TLS_VERSION_MIN_POLICY > * NSS_TLS_VERSION_MAX_POLICY > * NSS_DTLS_VERSION_MIN_POLICY > * NSS_DTLS_VERSION_MAX_POLICY > * CKP_PKCS5_PBKD2_HMAC_SHA224 > * CKP_PKCS5_PBKD2_HMAC_SHA256 > * CKP_PKCS5_PBKD2_HMAC_SHA384 > * CKP_PKCS5_PBKD2_HMAC_SHA512 > * CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported) > * CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported) > * CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported) > > Notable Changes: > * NSS C++ tests are built by default, requiring a C++11 compiler. > Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests. > > The full release notes are available at > https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22_release_notes > > The HG tag is NSS_3_22_RTM. NSS 3.22 requires NSPR 4.11 or newer. > > NSS 3.22 source distributions are available for secure HTTPS download: > https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_RTM/src/ > > A complete list of all bugs resolved in this release can be obtained at > https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.22&product=NSS > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
