On 11/18/2013 07:00 AM, Gervase Markham wrote: > Hi everyone, > > Following Microsoft's announcement re: SHA-1, some CAs are asking > browser and OS vendors about the ubiquity of SHA-256 support. It would > be a help to them if we could say: > > - Which version of NSS first supported SHA-256 I quick look at the cvs logs shows that it was supported at least by nss 3.7. (There's an NSS_3_7_RTM tag for revision 1.4 for sha512.c, which has sha512, sha384, and sha256 support). > - Which versions of Mozilla/Firefox/SeaMonkey/Thunderbird that translates to The cvs logs include tags for various Mozilla/Firefox/Thunderbird/Seamonkey releases (the code predates mozilla's move to hg).
The earliest mozilla release was Mozilla 1.3. The earliest thunderbird release was 0.2 (essentially every thunderbird release). The earliest firefox release was 0.8 (essentially every release of firefox). The earliest seamonkey was 1.0 (again, essentially every release of seamonkey). > > They can use the NSS version number info to work out the answer for > other NSS-using applications. Yes, though the upshot is if your nss-based ap isn't Netscape or AOL branded, it almost certainly has SHA-2 support. (heck even AOL branded things like photon has the SHA-2 support). > > Is anyone from the NSS team able to easily provide that info? I could go > repo and Bugzilla-mining, but I'd be worried about making a mistake. SHA-256/SHA-512 code has been in for a very long time. Nelson checked in the initial revision around Nov 2002, and the first NSS release (3.7) was sometime between Nov 2002 and Mar 2003. The change predates the mass tri-license work done in 2004 (I see gerv's tri-license changes in the logs). I think it's safe to say if your NSS ap is newer than a decade old, you have SHA-2 support. The one caveat is that SHA-224 support was added much later, but SHA-256, SHA-384, and SHA-512 have all been supported for a while. > > Gerv
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
