NSS 3.13 has been released. The CVS tag is NSS_3_13_RTM. The source tar file can be downloaded from https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_RTM/.
You can find the new features and bug fixes in NSS 3.13 with this Bugzilla query: https://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.13&product=NSS Some notable changes include: 1. SSL 2.0 is disabled by default. 2. A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. 3. SHA-224 is supported. 4. Ported to iOS. (Requires NSPR 4.9.) 5. Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code. 6. Added NSS_GetVersion to return the NSS version string. 7. Added experimental support of RSA-PSS to the softoken only (by Hanno Böck, http://rsapss.hboeck.de/). Wan-Teh Chang -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto