On 20.02.19 21:36, Leonardo Porpora via dev-tech-crypto wrote:
> I have read about the possibility that you add the DarkMatters's CA in
> Firefox, I really hope that it will not happen as it will write the end of
> privacy and humans rights. I don't know if this is the right email to write
> to
The NSS team has released Network Security Services (NSS) 3.41.1,
which is a patch release for NSS 3.41.
It fixes the following bugs:
* Bug 1507135 and Bug 1507174 - Add additional null checks to
several CMS functions to fix a rare CMS crash.
The full release notes are available at
Does this page help?
You might need a debug build (i.e. build yourself with debugging enabled).
https://wiki.mozilla.org/NSS:Tracing
Kai
On 03.01.19 13:51, John Jiang wrote:
> Just tried it, but looked not work.
>
> $ export SSLDEBUG=1
> $ export SSLTRACE=127
> $ tstclnt -v ...
> I didn't get
On 23.11.18 12:58, Martin Büchler wrote:
> That is exactly what I am looking for: Where are the certificate requirements
> specified other than in TB source code? I then would like to instruct our PKI
> to add/change missing extensions, fields, or anticipated X500 name formats.
I agree it
On 22.11.18 17:38, mbch...@gmail.com wrote:
> Now, I want to import a certificate, originally created by our company PKI as
> SSL-Client certificate for use with Cisco Anyconnect VPN clients.
>
> I realized that it differs in its DN format, misses explicit mail
> sing/encryption flags and has
The NSS team has released Network Security Services (NSS) 3.36.5,
which is a patch release for NSS 3.36.
It fixes the following bug:
* Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
with a ServerHello that had an all-zero random (CVE-2018-12384)
The full release notes are
The NSS team has released Network Security Services (NSS) 3.39,
which is a minor release.
Notable bug fixes:
* Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
with a ServerHello that had an all-zero random (CVE-2018-12384)
New functionality:
* The tstclnt and selfserv utilities
On 14.05.2018 13:24, Kai Engert wrote:
> On 14.05.2018 11:11, Kurt Roeckx wrote:
>> On 2018-05-08 22:49, Kai Engert wrote:
>>> Notable changes:
>>> * The TLS 1.3 implementation was updated to Draft 28.
>>
>> I find it unfortunate that you update the draft ver
The NSS team has released Network Security Services (NSS) 3.37,
which is a minor release.
Notable changes:
* The TLS 1.3 implementation was updated to Draft 28.
* An issue where NSS erroneously accepted HRR requests was resolved.
* Added HACL* Poly1305 32-bit
* The code to support the NPN
The NSS team has released Network Security Services (NSS) 3.36.1,
which is a patch release fix regression bugs.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes
The HG tag is NSS_3_36_1_RTM. NSS 3.36.1 requires NSPR
The NSS team has released Network Security Services (NSS) 3.36,
which is a minor release.
Summary of the major changes included in this release:
- Replaced existing vectorized ChaCha20 code with verified
HACL* implementation.
- Experimental APIs for TLS session cache handling.
The release also
The NSS team has released Network Security Services (NSS) 3.35,
which is a minor release.
Summary of the major changes included in this release:
- The default database storage format has been changed to SQL,
using filenames cert9.db, key4.db, pkcs11.txt.
- TLS 1.3 support has been updated to
The NSS team has released Network Security Services (NSS) 3.34.1,
which is a patch release to update the list of root CA certificates.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.34.1_release_notes
The HG tag is NSS_3_34_1_RTM. NSS
On 10.11.2017 10:16, muni.pra...@gmail.com wrote:
>> USE_STATIC_RTL=1
I haven't seen this symbol before, maybe it's no longer supported.
Does it work if you don't define it?
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Apparently nobody had created/uploaded a release archive for that new version.
You could obtain it by using the HG (mercurial) software, and by using the
release tag. The release notes page you mention refers to tag JSS_4_4_20170313.
I see there are also some newer tags in the JSS code
The NSS team has released Network Security Services (NSS) 3.32,
which is a minor release.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
The NSS utility "signtool" is hardcoded to use SHA1 when creating a digital
signature.
As I've described in this bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1345528
it might be complicated to change the default to a more secure hash algorithm in
a compatible way.
I wonder who still
The NSS team has released Network Security Services (NSS) 3.28.5,
which is a patch release to update the list of root CA certificates.
These are backported changes, which are equivalent to the changes that
have been recently released with NSS 3.30.2.
Below is a summary of the changes.
Please
The NSS team has released Network Security Services (NSS) 3.30.2,
which is a patch release to update the list of root CA certificates.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA
The NSS Development Team announces multiple security patch releases:
* NSS 3.21.4 for NSS 3.21
* NSS 3.28.4 for NSS 3.28
* NSS 3.29.5 for NSS 3.29
* NSS 3.30.1 for NSS 3.30
No new functionality is introduced in these releases.
The following security fixes are included. Users are encouraged to
On Tue, 2017-02-21 at 06:40 -0800, Abdelhak Brrem wrote:
> Does anyone knows how to list the builtin root ACs stored in the nssckbi.dll
> file ?.
If you're asking about certutil, you can use the "-h all" parameter to list
certificates from all tokens.
But by default certutil doesn't load
The NSS team has released Network Security Services (NSS) 3.28.3
No new functionality is introduced in this release.
This is a patch release to fix binary compatibility issues.
NSS version 3.28, 3.28.1 and 3.28.2 contained changes that were in violation
with the NSS compatibility promise.
The NSS team has released Network Security Services (NSS) 3.29.1
No new functionality is introduced in this release.
This is a patch release to fix binary compatibility issues.
NSS version 3.28, 3.28.1, 3.28.2 and 3.29 contained changes that were in
violation with the NSS compatibility promise.
The NSS team has released Network Security Services (NSS) 3.28.1,
which is a patch release.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
No new functionality is introduced in
The NSS team has released Network Security Services (NSS) 3.28,
which is a minor release.
Below is a summary of the changes.
Please refer to the full release notes for additional details:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28_release_notes
Request to test and
On Thu, 2016-10-20 at 10:13 +, Ding Yangliang wrote:
> ssl3con.c:36:18: fatal error: zlib.h: no such file or directory
zlib.h is a file that should be provided by your development environment.
I don't know what package on Ubuntu provides that file, but I'm guessing the
name should be similar
The NSS team has released Network Security Services (NSS) 3.27.1.
This is a patch release to address a TLS compatibility issue
that some applications experienced with NSS 3.27.
Notable Changes:
Availability of the TLS 1.3 (draft) implementation has been re-disabled
in the default build.
On Sun, 2016-10-02 at 08:30 +0200, Florian Weimer wrote:
> Is there a compile-time switch to disable the draft protocol
> implementation completely?
Yes, define NSS_DISABLE_TLS_1_3=1 at build time.
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On Wed, 2016-09-28 at 14:39 +0200, Kai Engert wrote:
> The NSS team has released Network Security Services (NSS) 3.27,
> which is a minor release.
> ...
> The full release notes are available at
> https://developer.mozilla.org/en-
> US/docs/Mozilla/Projects/NSS/NSS
The NSS team has released Network Security Services (NSS) 3.24, which is
a minor release.
Below is a short summary of the changes.
Please refer to the full release notes for additional details.
New functionality:
* NSS softoken has been updated with the latest NIST guidance (as of 2015)
* NSS
The NSS Development Team announces the release of NSS 3.19.2.4,
which is a security patch release for NSS 3.19.2.
(Current users of NSS 3.19.3, NSS 3.19.4 or NSS 3.20.x are advised to update to
NSS 3.21.1, NSS 3.22.2, or a later release.)
No new functionality is introduced in this release.
The
The NSS Development Team announces the release of NSS 3.22.3,
which is a patch release for NSS 3.22.
No new functionality is introduced in this release.
The following bugs have been resolved in NSS 3.22.3
* Bug 1243641 - Increase compatibility of TLS extended master secret,
don't send an
The NSS Development Team announces the release of NSS 3.22.2,
which is a security patch release for NSS 3.22.
No new functionality is introduced in this release.
The following security-relevant bug has been resolved in NSS 3.22.2.
Users are encouraged to upgrade immediately.
* Bug 1245528
The NSS Development Team announces the release of NSS 3.21.1,
which is a security patch release for NSS 3.21.
No new functionality is introduced in this release.
The following security-relevant bug has been resolved in NSS 3.21.1.
Users are encouraged to upgrade immediately.
* Bug 1245528
The NSS team has released Network Security Services (NSS) 3.23, which is a minor
release.
The following security-relevant bug has been resolved in NSS 3.23.
Users are encouraged to upgrade immediately.
* Bug 1245528 (CVE-2016-1950):
Fixed a heap-based buffer overflow related to the parsing of
The NSS Development Team announces the release of NSS 3.19.2.3,
which is a security patch release for NSS 3.19.2.
(Current users of NSS 3.19.3, NSS 3.19.4 or NSS 3.20.x are advised to update to
NSS 3.21.1, NSS 3.22.2, or a later release.)
No new functionality is introduced in this release.
The
On Tue, 2016-03-01 at 17:19 -0800, Robert Relyea wrote:
> IIRC the API to fetch the ocsp response is mostly application code. NSS
> has a simple http request function that can fetch the request if the
> application doesn't supply one (which doesn't know about proxies, etc.).
> You could
On Tue, 2016-02-09 at 22:51 +1000, Jonathan Wilson wrote:
> OpenSSL has a s_client command that allows you to pull the certificates a
> web page sends and verify the chain of trust against whatever root CA store
> OpenSSL is using. Is there a way to do something similar for NSS? i.e. pull
> the
The NSS team has released Network Security Services (NSS) 3.22,
which is a minor release.
New functionality:
* RSA-PSS signatures are now supported (bug 1215295)
* Pseudorandom functions based on hashes other than SHA-1 are now supported
* Enforce an External Policy on NSS from a config file (bug
The NSS Development Team announces the release of NSS 3.19.2.2
Network Security Services (NSS) 3.19.2.2 is a patch release
for NSS 3.19.2 to fix a security-relevant bug.
No new functionality is introduced in this release.
The following security-relevant bug has been resolved in NSS 3.19.2.2.
The NSS Development Team announces the release of NSS 3.20.2
Network Security Services (NSS) 3.20.2 is a patch release
for NSS 3.20 to fix a security-relevant bug.
No new functionality is introduced in this release.
The following security-relevant bug has been resolved in NSS 3.20.2.
Users are
The NSS team has released Network Security Services (NSS) 3.21,
which is a minor release.
New functionality:
* certutil now supports a --rename option to change a nickname (bug 1142209)
* TLS extended master secret extension (RFC 7627) is supported (bug 1117022)
* New info functions added for use
The NSS Development Team announces the release of NSS 3.19.2.1
Network Security Services (NSS) 3.19.2.1 is a patch release
for NSS 3.19.2 to fix security-relevant bugs.
No new functionality is introduced in this release.
The following security-relevant bugs have been resolved in NSS 3.19.2.1.
The NSS Development Team announces the release of NSS 3.19.4
Network Security Services (NSS) 3.19.4 is a patch release
for NSS 3.19 to fix security-relevant bugs.
No new functionality is introduced in this release.
The following security-relevant bugs have been resolved in NSS 3.19.4.
Users
The NSS Development Team announces the release of NSS 3.20.1
Network Security Services (NSS) 3.20.1 is a patch release
for NSS 3.20 to fix security-relevant bugs.
No new functionality is introduced in this release.
The following security-relevant bugs have been resolved in NSS 3.20.1.
Users are
The NSS Development Team announces the release of NSS 3.19.3
Network Security Services (NSS) 3.19.3 is a patch release
for NSS 3.19 to update the list of root CA certificates.
No new functionality is introduced in this release.
Notable Changes:
* The following CA certificates were Removed
-
On Tue, 2015-06-09 at 04:34 -0700, John wrote:
I did not get these error with Mozilla xulrunner SDK 32.0 (which includes
NSS 3.16.4).
This might be caused by Mozilla's optimization attempts.
On certain platforms, Mozilla merges all NSS code into a single shared
library, and limit the exported
The NSS Development Team announces the release of NSS 3.19.1
Network Security Services (NSS) 3.19.1 is a patch release
for NSS 3.19.
No new functionality is introduced in this release. This patch
release includes a fix for the recently published logjam attack.
Notable Changes:
* The minimum
The NSS team has released Network Security Services (NSS) 3.19,
which is a minor release.
New functionality:
* For some certificates, such as root CA certificates, that don't
embed any constraints, NSS might impose additional constraints,
such as name constraints. A new API has been added
On Tue, 2015-04-28 at 12:51 -0500, Rebecca White wrote:
The site is
https://bankruptcylink.com
This issue is now being tracked at
https://bugzilla.mozilla.org/show_bug.cgi?id=1159471
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On Thu, 2015-04-23 at 13:11 -0700, rebecca.c...@gmail.com wrote:
Accessing https site that is used by the entire state of Indiana. My
office is apparently the only office that cannot access the site. Well,
that is to say, half of my office cannot access the site, the other
half can access it
The NSS Development Team announces the release of NSS 3.18.1
Network Security Services (NSS) 3.18.1 is a patch release
for NSS 3.18 to update the list of root CA certificates.
No new functionality is introduced in this release.
Notable Changes:
* The following CA certificate had the Websites
The NSS team has released Network Security Services (NSS) 3.18,
which is a minor release.
New functionality:
* When importing certificates and keys from a PKCS#12 source,
it's now possible to override the nicknames, prior to importing
them into the NSS database, using new API
On Mon, 2015-02-02 at 13:21 +0100, helpcrypto helpcrypto wrote:
On Mon, Feb 2, 2015 at 1:17 PM, Kai Engert k...@kuix.de wrote:
exported:
OS_TARGET=WINNT
Please use OS_TARGET=WIN95
That's the newer and supported configuration.
LOL
hahahahahahahahahahahahahahaha
I love you
On Sun, 2015-02-01 at 20:34 -0800, Sean Leonard wrote:
I'm trying to build NSS 3.17.4 on Windows 7 with the latest
MozillaBuild. Although I was able to work around a build error, it would
be appreciated if the NSS folks get the NSPR folks to fix the problem.
Used:
On Mon, 2015-02-02 at 07:47 -0800, Sean Leonard wrote:
See Building NSS, which I think most people who do a rudimentary
Google search would find when they want to build NSS:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Building
Thanks for the link, I've fixed the page.
The NSS Development Team announces the release of NSS 3.17.4.
Network Security Services (NSS) 3.17.4 is a patch release for NSS 3.17.
No new functionality is introduced in this release.
Notable Changes:
* If an SSL/TLS connection fails, because client and server don't have
any common protocol
On Fri, 2015-01-09 at 12:10 -0800, Roger Dunn wrote:
Yes, that was me on both posts... the first one was taking awhile to
pop up on the grid (overnight), thought it was lost in a black hole.
Your message arrived on the list via posting to the newsgroup. Those
messages often end up in the
On Fri, 2014-12-12 at 03:45 -0800, sachin gupta wrote:
I would appreciate if you could help me with any documentation on NSS
cross compilation for Arm
Sorry, I don't have experience on this topic.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On Wed, 2014-12-10 at 12:25 +0900, Kosuke Kaizuka wrote:
Why you choose such an old and out-of-dated version of NSS?
3.17.3 (current latest stable) or 3.16.6 (used in current Fx/Tb 31.x
ESR branches) should be used.
Clarification: FF/TB 31.x currently use 3.16.2.3
3.16.6 is older, 3.16.2.3 is
The NSS Development Team announces the release of NSS 3.17.3.
Network Security Services (NSS) 3.17.3 is a patch release for NSS 3.17.
New functionality:
* Support for TLS_FALLBACK_SCSV has been added to the ssltap and
tstclnt utilities
Notable Changes:
* The QuickDER decoder now decodes
Hello everyone,
I understand there are several mechanisms for reading this list.
However, depending on the way you choose to post to this list, your post
may be stuck in a moderation queue until a moderator is able to approve
it.
If you'd like to ensure that your post goes to the list
This message is to clarify the status of the latest NSS releases.
We'll shortly announce NSS 3.16.2.3
The motivation is to support the Firefox 31.x extended support release
(ESR) branch. The NSS 3.16.2.x releases still contain the set of root CA
certificates used by Firefox 31 ESR.
NSS 3.16.3
The NSS Development Team announces the release of NSS 3.16.2.3
Network Security Services (NSS) 3.16.2.3 is a patch release
for NSS 3.16, to fix a regression.
New functionality:
* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates a
handshake is the result of TLS version
On Mon, 2014-10-27 at 14:59 +0100, Kai Engert wrote:
The NSS Development Team announces the release of NSS 3.16.2.3
Network Security Services (NSS) 3.16.2.3 is a patch release
for NSS 3.16, to fix a regression.
Sorry, this paragraph should have said:
Network Security Services (NSS) 3.16.2.3
Because of the POODLE security vulnerability, it has been widely
suggested to disable SSL 3.
Unfortunately there are still deployments where SSL 3 is the only
supported version of SSL/TLS.
Changing the default in NSS to disable SSL 3 will break applications
that rely on the NSS default and
On Tue, 2014-10-21 at 01:40 +0200, Kai Engert wrote:
On Thu, 2014-10-16 at 20:51 +0200, Kai Engert wrote:
Do you claim that Firefox 34 will continue to fall back to SSL 3 when
necessary?
Yes. If I understand correctly, it seems that Firefox indeed still falls
back to SSL3, even with SSL3
So, let's get this clarified with test results.
I've tested Firefox 34 beta 1.
Because bug 1076983 hasn't landed on the beta branch yet, the current
Firefox 34 beta 1 still has SSL3 enabled.
With this current default configuration (SSL3 enabled), Firefox will
fall back to SSL3.
Then I used
On Thu, 2014-10-16 at 20:51 +0200, Kai Engert wrote:
Do you claim that Firefox 34 will continue to fall back to SSL 3 when
necessary?
Yes. If I understand correctly, it seems that Firefox indeed still falls
back to SSL3, even with SSL3 disabled.
I found
https://bugzilla.mozilla.org
On Mon, 2014-10-20 at 16:45 -0700, Julien Pierre wrote:
What is the purpose of Firefox continuing to do any fallback at all ?
IMO, making a second connection with any lower version of SSL/TLS
defeats the intent of the SSL/TLS protocol, which have built-in defenses
against protocol version
On Thu, 2014-10-16 at 10:31 -0700, Richard Barnes wrote:
By now, you've probably heard about the POODLE attacks on SSLv3, and
our decision to disable SSLv3 by default in Firefox 34 [1]. Several
people have proposed that we also make this change in Firefox ESR 31.
So I wanted to propose
On Thu, 2014-10-16 at 20:27 +0200, Florian Weimer wrote:
A lot of this has already been hashed out on the IETF TLS WG mailing
list, with a slightly different perspective.
Why is disabling SSL 3.0 acceptable, but getting rid of the broken
fallback which will keep endangering users for a long
The NSS Development Team announces the release of NSS 3.16.2.2
Network Security Services (NSS) 3.16.2.2 is a patch release
for NSS 3.16, to fix a regression.
No new functionality is introduced in this release.
The following bug has been resolved in NSS 3.16.2.2.
* Bug 1049435 - Importing an RSA
The NSS Development Team announces the release of NSS 3.16.6
Network Security Services (NSS) 3.16.6 is a patch release
for NSS 3.16, to fix a regression.
No new functionality is introduced in this release.
The following bug has been resolved in NSS 3.16.6.
* Bug 1049435 - Importing an RSA
The NSS Development Team announces the release of NSS 3.17.2
Network Security Services (NSS) 3.17.2 is a patch release
for NSS 3.17, to fix a regression and other bugs.
No new functionality is introduced in this release.
The following bugs have been resolved in NSS 3.17.2.
* Bug 1049435 -
The NSS Development Team announces the release of NSS 3.16.2.1
Network Security Services (NSS) 3.16.2.1 is a patch release
for NSS 3.16.
No new functionality is introduced in this release.
The following security-relevant bugs have been resolved in NSS 3.16.2.1.
Users are encouraged to upgrade
The NSS Development Team announces the release of NSS 3.17.1
Network Security Services (NSS) 3.17.1 is a patch release
for NSS 3.17
The following security-relevant bugs have been resolved in NSS 3.17.1.
Users are encouraged to upgrade immediately.
* Bug 1064636 - (CVE-2014-1568) RSA Signature
The NSS Development Team announces the release of NSS 3.16.5
Network Security Services (NSS) 3.16.5 is a patch release
for NSS 3.16.
No new functionality is introduced in this release.
The following security-relevant bugs have been resolved in NSS 3.16.5.
Users are encouraged to upgrade
Hi,
it seems that Firefox 31 (caused by mozilla::pkix?) has introduced a
serious usability regression.
Firefox no longer allows to override bad certificate errors of routers
or other devices with a built in https web interface.
As reported in several bugs:
On Mon, 2014-07-14 at 23:38 +0200, Bernhard Thalmayr wrote:
Is there any documentation available for '--extSAN' parameter? Mr.
Google did not find any helpful resource.
Look at the help output that certutil produces with the -H command:
--extSAN type:name[,type:name]...
Create a
On Mon, 2014-07-14 at 10:47 +0200, Bernhard Thalmayr wrote:
What is the reason, why certutil supports 'dNSName' GeneralNames for
SubjectAltName but not 'iPAddress' (RFC 3270 secion 4.2.1.7)?
Do you refer to the command line parameters -7 and -8 ?
I don't know why this subset was chosen in the
The NSS Development Team announces the release of NSS 3.16.3.
Network Security Services (NSS) 3.16.3 is a patch release for NSS 3.16.
This release consists primarily of CA certificate changes as listed
below, and fixes an issue with a recently added utility function.
New Functions:
*
I'm not aware of a troubleshooting reference for NSS.
Let's collect information on how to troubleshoot NSS at runtime.
Debugging tips, how to enable tracing of the various modules, etc.
I suggest to add to this page:
https://developer.mozilla.org/en-US/docs/NSS_troubleshooting
If you have
The NSS Development Team announces the release of NSS 3.16, which is
a minor release.
The HG tag is NSS_3_16_RTM. NSS 3.16 requires NSPR 4.10.3 or newer.
Support for the Linux x32 ABI requires NSPR 4.10.4 or newer.
The following security-relevant bug has been resolved.
Users are encouraged to
The NSS Development Team announces the release of NSS 3.15.5.
Network Security Services (NSS) 3.15.5 is a patch release for NSS 3.15.
New functionality:
* Added support for the TLS application layer protocol negotiation
(ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and
On Do, 2014-01-30 at 10:37 +, Gervase Markham wrote:
Does anyone know how one might configure Firefox to have a Trusted OCSP
Responder (i.e. to send all OCSP requests for any certificate to a
single server, and trust whatever it returns)?
This is the only docs I can find about it:
On Mi, 2014-01-08 at 16:34 -0800, Julien Pierre wrote:
The following still tests are still failing on the internal network on
Linux, though.
tstclnt: TCP Connection failed: PR_IO_TIMEOUT_ERROR: I/O operation timed out
chains.sh: #2452: Test that OCSP server is reachable - FAILED
It
On Di, 2013-12-17 at 16:02 +0100, Stéphanie Ouillon wrote:
I'm in the Firefox OS Security team and I'm starting working on adding
support for stronger passwords in the Firefox OS lockscreen (bug 877541)
[1].
At the moment, only a 4-digit password can be configured and we want to
improve that
Have you ever seen a TLS server that was incompatible with TLS session
IDs?
I helped to analyze bug 858394 (with the help of ssltap), where initial
connections to a TLS server work, but attempts to reconnect fail.
If the client includes a non-null session ID parameter in the client
hello
The NSS Development Team announces the release of NSS 3.15.4.
Network Security Services (NSS) 3.15.4 is a patch release for NSS 3.15.
The following security-relevant bug has been resolved.
Users are encouraged to upgrade immediately.
* Bug 919877 - When false start is enabled, libssl will
On Do, 2014-01-02 at 19:34 -0800, Julien Pierre wrote:
The new OCSP stapling tests in NSS 3.15.3 are all failing on our Solaris
machines. See error log below.
We have a slightly smaller number of failures on Linux.
Are these tests going out to a public OCSP responder on the Internet ?
The NSS Development Team announces the release of NSS 3.15.3.1.
Network Security Services (NSS) 3.15.3.1 is a patch release for NSS 3.15.
No new major functionality is introduced in this release.
The following security-relevant bugs have been resolved in NSS 3.15.3.1.
Users are encouraged to
The NSS Development Team announces the release of NSS 3.14.4.
Network Security Services (NSS) 3.14.4 is a patch release for NSS 3.14.
No new major functionality is introduced in this release.
This release is a patch release to address CVE-2013-1739.
The full release notes are available at
On Thu, 2013-09-26 at 16:29 -0700, Brian Smith wrote:
On Mon, Apr 8, 2013 at 2:52 AM, helpcrypto helpcrypto
helpcry...@gmail.com wrote:
While awaiting to http://www.w3.org/TR/WebCryptoAPI/ Java applets for
client signning, signText and keygen are needed.
Also things like Handling smart
On Mon, 2013-09-16 at 22:47 +0200, Kai Engert wrote:
DetecTor is an open source project to implement client side SSL/TLS MITM
detection, compromised CA detection and server impersonation detection,
by making use of the Tor network.
The integration of transparent client side probing
I've started yet another project to solve the right key problem.
DetecTor is an open source project to implement client side SSL/TLS MITM
detection, compromised CA detection and server impersonation detection,
by making use of the Tor network.
In short, make use of the existing Tor network,
On Wed, 2013-08-07 at 17:12 +, James Burton wrote:
Hi,
I would like to know were i could download Netscape Security Library which
Mozilla NSS was build on.
This page attempts to collect a small selection of links to get you
started: http://nss-crypto.org/
However, the official project
On Tue, 2013-08-06 at 09:41 -0700, epva...@gmail.com wrote:
So, how can I Add Exception using NSS tools? I'm able to get the cert
installed in a way that doesn't work using this command:
You cannot. The exceptions feature has been added at the Mozilla
application layer, above NSS. The host
On Thu, 2013-07-18 at 10:31 +0200, Nilakantha Paudel[NILU] wrote:
I am involving in research of web security. More precisely Nowadays I am
working on KEYGEN keyword of HTML5. I tried to navigate to the block of
source code where it works with this keyword KEYGEN of HTML5.But I could
not find
On Wed, 2013-07-10 at 11:20 -0700, Robert Relyea wrote:
On 07/08/2013 12:00 PM, Rick Andrews wrote:
What context are you talking about? If you remove the roots from firefox
using the firefox UI, it won't remove the roots for other applications.
I guess Rick talks about getting it removed
1 - 100 of 213 matches
Mail list logo