The NSS team has released Network Security Services (NSS) 3.25, which is a minor release.
Below is a short summary of the changes. Please refer to the full release notes for additional details. New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. * Several functions have been added to the public API of the NSS Cryptoki Framework. New Functions: * NSSCKFWSlot_GetSlotID * NSSCKFWSession_GetFWSlot * NSSCKFWInstance_DestroySessionHandle * NSSCKFWInstance_FindSessionHandle Notable Changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSL v3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSL v2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed - CN = Sonera Class1 CA * The following CA certificates were Added - CN = Hellenic Academic and Research Institutions RootCA 2015 - CN = Hellenic Academic and Research Institutions ECC RootCA 2015 - CN = Certplus Root CA G1 - CN = Certplus Root CA G2 - CN = OpenTrust Root CA G1 - CN = OpenTrust Root CA G2 - CN = OpenTrust Root CA G3 The full release notes, including the SHA256 fingerprints of the changed CA certificates, are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.25_release_notes The HG tag is NSS_3_25_RTM. NSS 3.25 requires NSPR 4.12 or newer. NSS 3.25 source distributions are available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_25_RTM/src/ A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.25 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
