The NSS team has released Network Security Services (NSS) 3.41, which is a minor
release.
New functionality:
* Bug 1252891 - Implemented EKU handling for IPsec IKE.
* Bug 1423043 - Enable half-closed states for TLS.
* Bug 1493215 - Enabled the following ciphersuites by default:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
Notable changes:
* The following CA certificates were added:
CN = Certigna Root CA
CN = GTS Root R1
CN = GTS Root R2
CN = GTS Root R3
CN = GTS Root R4
CN = UCA Global G2 Root
CN = UCA Extended Validation Root
* The following CA certificates were removed:
CN = AC Raíz Certicámara S.A.
CN = Certplus Root CA G1
CN = Certplus Root CA G2
CN = OpenTrust Root CA G1
CN = OpenTrust Root CA G2
CN = OpenTrust Root CA G3
Bugs fixed in NSS 3.41:
* Bug 1412829, Reject empty supported_signature_algorithms in Certificate
Request in TLS 1.2
* Bug 1485864 - Cache side-channel variant of the Bleichenbacher attack
(CVE-2018-12404)
* Bug 1481271 - Resend the same ticket in ClientHello after HelloRetryRequest
* Bug 1493769 - Set session_id for external resumption tokens
* Bug 1507179 - Reject CCS after handshake is complete in TLS 1.3
Please refer to the release notes for the complete list of changes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41_release_notes
The HG tag is NSS_3_41_RTM. NSS 3.41 requires NSPR 4.20 or newer.
NSS 3.41 source distributions are available on ftp.mozilla.org for secure HTTPS
download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_41_RTM/src/
A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.41
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
