The NSS team has released Network Security Services (NSS) 3.28.5, which is a patch release to update the list of root CA certificates.
These are backported changes, which are equivalent to the changes that have been recently released with NSS 3.30.2. Below is a summary of the changes. Please refer to the full release notes for additional details, including the SHA256 fingerprints of the changed CA certificates. Notable Changes: * The following CA certificates were Removed - O = Japanese Government, OU = ApplicationCA - CN = WellsSecure Public Root Certificate Authority - CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 - CN = Microsec e-Szigno Root * The following CA certificates were Added - CN = D-TRUST Root CA 3 2013 - CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 * The version number of the updated root CA list has been set to 2.14 (Bug 1350859) * Domain name constraints for one of the new CAs have been added to the NSS code (Bug 1349705) The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.5_release_notes The HG tag is NSS_3_28_5_RTM. NSS 3.28.5 requires NSPR 4.13.1 or newer. NSS 3.28.5 source distributions are available for secure download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_28_5_RTM/src/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
