Am Samstag, 20. Juni 2015 04:04:34 UTC+2 schrieb Ryan Sleevi: > The NSS Development Team announces the release of NSS 3.19.2 > > Network Security Services (NSS) is a patch release for NSS 3.19. > > No new functionality is introduced in this release. This release addresses > a backwards compatibility issue with the NSS 3.19.1 release. > > Notable Changes: > * In NSS 3.19.1, the minimum key sizes that the freebl cryptographic > implementation (part of the softoken cryptographic module used by default > by NSS) was willing to generate or use was increased - for RSA keys, to > 512 bits, and for DH keys, 1023 bits. This was done as part of a security > fix for Bug 1138554 / CVE-2015-4000. Applications that requested or > attempted to use keys smaller then the minimum size would fail. However, > this change in behaviour unintentionally broke existing NSS applications > that need to generate or use such keys, via APIs such as > SECKEY_CreateRSAPrivateKey or SECKEY_CreateDHPrivateKey. > > In NSS 3.19.2, this change in freebl behaviour has been reverted. The fix > for Bug 1138554 has been moved to libssl, and will now only affect the > minimum keystrengths used in SSL/TLS. > > > The full release notes are available at > https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2_release_notes > > In addition to this release, the release notes for NSS 3.19 and NSS 3.19.1 > have been updated to highlight that both releases contain important > security fixes - CVE-2015-2721 in NSS 3.19, CVE-2015-4000 in NSS 3.19.1. > > The updated release notes for NSS 3.19 are available at > https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes > > The updated release notes for NSS 3.19.1 are available at > https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes > > > The HG tag for NSS 3.19.2 is NSS_3_19_2_RTM. NSS 3.19.2 requires NSPR > 4.10.8 or newer. > > NSS 3.19.2 source distributions are available on ftp.mozilla.org for > secure HTTPS download: > https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_RTM/src/ > > A complete list of all bugs resolved in this release can be obtained at > https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.19.2
very nice. But can you tell me, when JSS will be optimized and ported to a newer version of NSS? JSS is at the moment not usable :( -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
