--On October 26, 2012 11:52:47 -0700 Brian Smith wrote:
julien.pie...@oracle.com> wrote:
Oracle still ships NSS with many products even though we are no
longer actively involved with its development.
It is important to have somebody at least monitoring the bugs filed/fixed
in the NSS componen
Julien Pierre wrote:
> I know what code changes are necessary. I'm only a developer on a
> couple of NSS applications at this point, not an NSS maintainer.
> If this was only about those couple of apps, it wouldn't be an issue.
> But there are other apps in Oracle that could be affected.
> I can sa
julien.pie...@oracle.com> wrote:
> Oracle still ships NSS with many products even though we are no
> longer actively involved with its development.
It is important to have somebody at least monitoring the bugs filed/fixed in
the NSS component in bugzilla. See
https://bugzilla.mozilla.org/userpre
Hi,
I'm trying to provide that version as an RPM package and also run the
testsuite within the build process.
With that version the testsuite fails:
[ 1202s] chains.sh: #2294: Test that OCSP server is reachable - FAILED
[ 1202s] chains.sh: #4023: Test that OCSP server is reachable - FAILED
[ 120
Wan-Teh,
Thanks for your response, comments inline.
On 10/25/2012 11:17, Wan-Teh Chang wrote:
Any client apps that care about the exact cipher suites enabled need
to enable and disable each cipher suite explicitly. This Chromium code
in this file can be used as code example:
http://src.chromi
Chris,
On 10/25/2012 16:18, Chris Newman wrote:
Will vulnerability fixes can be provided on the NSS 3.13.x patch
train? And if so, is there a date when vulnerability fixes will no
longer be provided for that version?
- Chris
As I'm no longer a developer on NSS, I will let others a
--On October 24, 2012 22:19:40 -0700 Julien Pierre
wrote:
2)
- The NSS license has changed to MPL 2.0. Previous releases were
released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more
information about MPL 2.0, please see
http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanta
On Wed, Oct 24, 2012 at 10:19 PM, Julien Pierre
wrote:
>
> The following changes may be problematic :
>
> 1) * New default cipher suites
>
> ( https://bugzilla.mozilla.org/show_bug.cgi?id=792681 )
>
> The default cipher suites in NSS 3.14 have been changed to better
> reflect the current security
On Thu, 2012-10-25 at 15:36 +0200, Wolfgang Rosenauer wrote:
> With that version the testsuite fails:
>
> [ 1202s] chains.sh: #2294: Test that OCSP server is reachable - FAILED
> [ 1202s] chains.sh: #4023: Test that OCSP server is reachable - FAILED
> [ 1202s] chains.sh: #6393: Test that OCSP ser
Oracle still ships NSS with many products even though we are no longer
actively involved with its development. We do pick up new releases from
time to time. We picked up 3.13.x last year and I'm looking into picking
up 3.14 .
The following changes may be problematic :
1) * New default cipher
The NSS team has released Network Security Services (NSS) 3.14, which is
a minor release with the following new features:
- Support for TLS 1.1 (RFC 4346)
- Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)
- Support for AES-CTR, AES-CTS, and AES-GCM
- Support for Keying Materi
11 matches
Mail list logo
