The NSS team has released Network Security Services (NSS) 3.43 on 16 March 2019, which is a minor release.
The HG tag is NSS_3_43_RTM. NSS 3.43 requires NSPR 4.21 or newer. NSS 3.43 source distributions are available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_43_RTM/src/ New Functionality: * in sechash.h HASH_GetHashOidTagByHashType - convert type HASH_HashType to type SECOidTag * in sslexp.h SSL_SendCertificateRequest - allow server to request post-handshake client authentication. To use this both peers need to enable the SSL_ENABLE_POST_HANDSHAKE_AUTH option. Note that while the mechanism is present, post-handshake authentication is currently not TLS 1.3 compliant due to Bug 1532312 Notable changes: * The following CA certificates were Added: - CN = emSign Root CA - G1 SHA-256 Fingerprint: 40F6AF0346A99AA1CD1D555A4E9CCE62C7F9634603EE406615833DC8C8D00367 - CN = emSign ECC Root CA - G3 SHA-256 Fingerprint: 86A1ECBA089C4A8D3BBE2734C612BA341D813E043CF9E8A862CD5C57A36BBE6B - CN = emSign Root CA - C1 SHA-256 Fingerprint: 125609AA301DA0A249B97A8239CB6A34216F44DCAC9F3954B14292F2E8C8608F - CN = emSign ECC Root CA - C3 SHA-256 Fingerprint: BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3 - CN = Hongkong Post Root CA 3 SHA-256 Fingerprint: 5A2FC03F0C83B090BBFA40604B0988446C7636183DF9846E17101A447FB8EFD6 Bugs fixed in NSS 3.43 * Bug 1528669 and Bug 1529308 - Improve Gyp build system handling * Bug 1529950 and Bug 1521174 - Improve NSS S/MIME tests for Thunderbird * Bug 1530134 - If Docker isn't installed, try running a local clang-format as a fallback * Bug 1531267 - Enable FIPS mode automatically if the system FIPS mode flag is set * Bug 1528262 - Add a -J option to the strsclnt command to specify sigschemes * Bug 1513909 - Add manual for nss-policy-check * Bug 1531074 - Fix a deref after a null check in SECKEY_SetPublicValue * Bug 1517714 - Properly handle ESNI with HRR * Bug 1529813 - Expose HKDF-Expand-Label with mechanism * Bug 1535122 - Align TLS 1.3 HKDF trace levels * Bug 1530102 - Use getentropy on compatible versions of FreeBSD This Bugzilla query returns all the bugs fixed in NSS 3.43: https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.43 Please refer to the release notes for the complete list of changes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.43_release_notes -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
