[ANNOUNCE] NSS 3.22 Release

Wed, 03 Feb 2016 01:02:19 -0800 

The NSS team has released Network Security Services (NSS) 3.22,
which is a minor release.

New functionality:
* RSA-PSS signatures are now supported (bug 1215295)
* Pseudorandom functions based on hashes other than SHA-1 are now supported
* Enforce an External Policy on NSS from a config file (bug 1009429)

New Functions:
* PK11_SignWithMechanism - an extended version PK11_Sign()
* PK11_VerifyWithMechanism - an extended version of PK11_Verify()
* SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp 
  TLS extension data
* SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
  TLS extension data

New Types:
* ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
* Constants for several object IDs are added to SECOidTag

New Macros:
* SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
* NSS_USE_ALG_IN_SSL
* NSS_USE_POLICY_IN_SSL
* NSS_RSA_MIN_KEY_SIZE
* NSS_DH_MIN_KEY_SIZE
* NSS_DSA_MIN_KEY_SIZE
* NSS_TLS_VERSION_MIN_POLICY
* NSS_TLS_VERSION_MAX_POLICY
* NSS_DTLS_VERSION_MIN_POLICY
* NSS_DTLS_VERSION_MAX_POLICY
* CKP_PKCS5_PBKD2_HMAC_SHA224
* CKP_PKCS5_PBKD2_HMAC_SHA256
* CKP_PKCS5_PBKD2_HMAC_SHA384
* CKP_PKCS5_PBKD2_HMAC_SHA512
* CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)

Notable Changes:
* NSS C++ tests are built by default, requiring a C++11 compiler. 
  Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22_release_notes

The HG tag is NSS_3_22_RTM. NSS 3.22 requires NSPR 4.11 or newer.

NSS 3.22 source distributions are available for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.22&product=NSS

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to